On Thu, Dec 5, 2013 at 8:57 AM, Christian Weisgerber <[email protected]> wrote:
> Zé Loff <[email protected]> wrote:
>
>> Not sure how advisable this is, but I'm using a gpg encrypted file,
>> which I keep somewhere hidden (just because). Just put them in file
>> foo and do 'gpg -e foo' (assuming you've already setup gpg). When you
>> need to look something up just do 'gpg -d foo' and the file gets
>> decrypted to stdout.
>
> *takes a deep breath*
>
> ~/bin/pwsafe
> --------------->
> #!/bin/sh
>
> SAFE=$HOME/.pwsafe
> TMPFILE=`mktemp /tmp/pwsafeXXXXXXXXXX` || exit 1
>
> trap 'rm -P "$TMPFILE"' 0 1 2 15
>
> STTY=`stty -g`
> echo -n "Password: "
> stty -echo
> read PASSWORD
> stty "$STTY"
>
> set -e
> echo -n "$PASSWORD" | openssl aes-256-cbc -d -in "$SAFE" -out "$TMPFILE"
> -pass stdin
this is tricky. some people will read and say ok i'll switch echo for
printf and get on w/my life
printf not being a builtin, will show up in ps(1), and so will $PASSWORD
not apparent from the simple syntax used that such a change could end
up leaking important things
it's better to use heredoc:
openssl aes-256-cbc -d -in "$SAFE" -out "$TMPFILE" -pass stdin <<!
$PASSWORD
!
> ${EDITOR-${VISUAL-vi}} "$TMPFILE"
> echo -n "$PASSWORD" | openssl aes-256-cbc -in "$TMPFILE" -out "$SAFE" -pass
> stdin
> <---------------
>
> --
> Christian "naddy" Weisgerber [email protected]
