Mon Jul 28 2008
Managing web passwords has been an minor annoyance for me for some time. For a while I kept my web passwords in a plain text file that I had to manually encrypt and decrypt every time I wanted to look up or add a password. Then I moved my passwords over to index cards in an index card file. I wasn’t happy with either method.
Apple’s Keychain password manager is a bit too byzantine. It’s also not very portable to other computers. I’m impressed the technical wizardry of online password manager Passpack, but I don’t feel comfortable storing my passwords on a third party website that might someday go out of business or accidentally lose its data.
So I wrote simplepass, a simple but secure command line program that stores your web passwords in a file encrypted using the Blowfish cipher. The encryption method well documented, and you can see how it works by reading the code. This program is open source.
To store a password, you typesimplepass domain name
Where domain name is typically a website domain, e.g. yahoo.com. The domain can also be any other string, e.g. “Gmail account”.
For example, if you entersimplepass gmail.com
for the first time, simplepass will launch your text editor (whatever your EDITOR environment variable has been set to, or nano by default) and present you with a simple form that you can fill out to save a login, password, and arbitrary notes for that domain:gmail.com login: password: notes:
You can leave any of the fields blank. So if you want, you can just fill out the ‘notes’ portion for items that are not web logins, such as credit card numbers and such.
Once you fill out the fields save the file and exit your editor, simplepass will parse the information, encrypt it, store it in the database, and delete the temporary file.
The next time you give the command,simplepass gmail.com
simplepass will display something like this, via the ‘less’ command:gmail.com login: funnyface password: audreyhepburn notes: I love gmail! blah… blah…
(We pipe the output to ‘less’ so as to leave no trace of your password in your console, where someone can find it by scrolling up.)
The first time you launch simplepass, it will ask you to set a master password. This password will unlock the simplepass database. This database is stored in a single file: a partly encrypted text file called simplepass.db. This file will be saved in the directory in which you invoked the simplepass command. Always invoke simplepass from the same directory as the simplepass.db datafile.
The top part of this file is a message in plain text and just serves to remind you of the file’s purpose. The bottom part is your password database, which is nothing more than a YAML string encrypted with the Blowfish encryption algorithm. Your master password is the the key that decrypts this portion of the simplepass.db file. Do not edit this file directly; any edits may render the data un-decryptable.
to see all the options. You can change your master password, print the entire password database in a plain text format, and more.
To leave any feedback, please visit the RubyForge page for this project. You can file bug reports, request enhancements and features, and comment in a discussion forum.