Re: What password manager do you recommend?

Fri, 07 Jan 2022 16:02:35 -0800 

On Fri, Jan 07, 2022 at 01:44:51PM -0800, Sean Kamath wrote:
> > On Jan 7, 2022, at 13:38, Crystal Kolipe <kolip...@exoticsilicon.com> wrote:
> > 
> > On Fri, Jan 07, 2022 at 01:23:30PM -0800, Sean Kamath wrote:
> >> gpg < file.gpg
> > 
> > Why gpg and not openssl?
> 
> 21 years of muscle memory?
> 
> But that is a good point. . . Hrm.

OK, so I decided to see how easily this could be implemented using just what's 
in the OpenBSD base install.

Passphrase manager in 584 bytes:

#!/bin/sh
F="$HOME/.pwm/secrets"
mkdir -m 700 ~/.pwm 2> /dev/null 
if [[ -z "$1" ]] ; then exit ; fi 
read P?'Passphrase? '
if [[ ! -e $F ]] ; then echo FiLeMaGiC | openssl enc -k "$P" -chacha -out $F ; 
fi
typeset -L16 name=$1
openssl enc -k "$P" -d -chacha -in $F -out "$F"_
head -1 "$F"_ | grep -q FiLeMaGiC || { echo "Wrong passphrase!" ; rm "$F"_ ; 
exit ; }
grep "^$name" "$F"_ && { rm "$F"_ ; exit ; }
echo $name not found, creating new entry:
N=`openssl rand -base64 - 12 | cut -b 1-16`
echo "$name"$N
echo "$name"$N | cat "$F"_ - | openssl enc -k "$P" -chacha -out $F
rm "$F"_

It's quite simple, you call it with one argument, which is your reference for 
the place that the passphrase corresponds to.  If it already exists in the 
database, it's printed.  If not, a new passphrase is created:

$ ./pwm bank
Passphrase? foobar
bank not found, creating new entry:
bank            pFjrBm8hEuUcupj0

$ ./pwm email_provider 
Passphrase? foobar
email_provider not found, creating new entry:
email_provider  VKLuZTUcQjkh+jLc

$ ./pwm bank
Passphrase? foobar
bank            pFjrBm8hEuUcupj0

$ ./pwm bank
Passphrase? baz
Wrong passphrase!

$ hexdump -C .pwm/secrets
00000000  53 61 6c 74 65 64 5f 5f  c0 dc ac 04 28 5f 68 96  |Salted__....(_h.|
00000010  7c 27 c3 c8 c8 ed 32 81  c3 e1 5a cb 73 41 78 0d  ||'....2...Z.sAx.|
00000020  e8 30 39 ce 49 91 eb 1c  87 51 84 59 15 93 05 87  |.09.I....Q.Y....|
00000030  c8 56 1e fe 77 21 f3 d3  b0 6e 60 ea 06 fd 6a 4c  |.V..w!...n`...jL|
00000040  c0 ca 60 dd dd ee 47 3b  a2 e8 43 2d 2c 5f ed e0  |..`...G;..C-,_..|
00000050  a9 e4 e7 be b8 91 48 b5  36 da 9c 91              |......H.6...|

It's obviously not intended for serious use, but it demonstrates the principle 
that there isn't always a need to go rushing to the ports tree for simple 
tasks.  A lot of good tools are already in the base install.

Reply via email to