[ale] How do you store your passwords?
Nick Ali
nali at ubuntu.com
Fri Nov 9 17:10:41 EST 2007
On Nov 9, 2007 4:42 PM, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
> This is a neat use of make. I like it. How are you handling the
> error cases? For example, i'm thinking about what happens the first
> time you try to "make edit" your password file after your GPG key
> expires -- since GPG will fail to encrypt to an expired key, will it
> nuke your password file entirely by overwriting it with the truncated
> (failed) gpg output?
>
> (not that i ask from personal experience or anything...)
>
> Care to share your makefile? I know i'd be interested in seeing it,
> at least.
With my simple Makefile, if your key has expired, it will bail out
when re-encrypting and you will be left with an encrypted file and
unencrypted file.
I found the Makefile somewhere online, but can't remember where. It
doesn't really handle any error cases, but you shouldn't lose any data
if things don't work for some reason:
--------
GPGID = user at whatever.com
FILEPLAIN = myencryptedfile
FILECRYPT = $(FILEPLAIN).gpg
HOMEDIR = ../somedirectory/.gnupg
GPG = gpg --homedir $(HOMEDIR)
RM = rm -i
VI = vi
all:
@echo ""
@echo "usage:"
@echo ""
@echo "* make view -- to see $(FILEPLAIN)"
@echo "* make edit -- to edit $(FILEPLAIN)"
@echo ""
edit:
@umask 0077; $(GPG) --output $(FILEPLAIN) --decrypt $(FILECRYPT)
@$(VI) $(FILEPLAIN)
@umask 0077; $(GPG) --encrypt --recipient $(GPGID) $(FILEPLAIN)
@$(RM) $(FILEPLAIN)
view:
@umask 0077; $(GPG) --decrypt $(FILECRYPT) | less
--------------
nick
--
http://boredandblogging.com
More information about the Ale
mailing list