Linux Password Manager CLI
From Ever changing code
pass the standard unix password manager
Password management should be simple and follow Unix philosophy. With pass, each password lives inside of a gpg encrypted file whose filename is the title of the website or resource that requires the password. These encrypted files may be organized into meaningful folder hierarchies, copied from computer to computer, and, in general, manipulated using standard command line file management utilities.
pass makes managing these individual password files extremely easy. All passwords live in ~/.password-store, and pass provides some nice commands for adding, editing, generating, and retrieving passwords. It is a very short and simple shell script. It's capable of temporarily putting passwords on your clipboard and tracking password changes using git.
rngd daemon acts as a bridge between a Hardware TRNG (true random number generator) such as the ones in some Intel/AMD/VIA chipsets, and the kernel's PRNG (pseudo-random number generator).
# Install 'rngd' to gain enough entropy for 'gpg' public and secret key creation $> sudo apt-get install rng-tools # Check the amount of bytes of entropy currently available cat /proc/sys/kernel/random/entropy_avail
Create a key that will be used by
pass to encrypt/decrypt
$> $ gpg --gen-key gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Note: Use "gpg --full-generate-key" for a full featured key generation dialog. GnuPG needs to construct a user ID to identify your key. Real name: Bob Smith # <- input Email address: firstname.lastname@example.org # <- input You selected this USER-ID: "Bob Smith <email@example.com>" Change (N)ame, (E)mail, or (O)kay/(Q)uit? O # <- input ┌──────────────────────────────────────────────────────┐ │ Please enter the passphrase to │ │ protect your new key │ │ │ │ Passphrase: ________________________________________ │ # <- can be │ │ # left blank │ <OK> <Cancel> │ # 2x dialog └──────────────────────────────────────────────────────┘ We need to generate a lot of random bytes. (..omitted..) to gain enough entropy. gpg: /home/vagrant/.gnupg/trustdb.gpg: trustdb created gpg: key 0046C0CB14D14757 marked as ultimately trusted gpg: directory '/home/vagrant/.gnupg/openpgp-revocs.d' created gpg: revocation certificate stored as '/home/vagrant/.gnupg/openpgp-revocs.d/B5FCCC7D6BE3B93F0B5569790046C0CB14D14757.rev' public and secret key created and signed. pub rsa3072 2020-02-16 [SC] [expires: 2022-02-15] B5FCCC7D6BE3B93F0B5569790046C0CB14D14757 uid Bob Smith <firstname.lastname@example.org> # <- gpg key sub rsa3072 2020-02-16 [E] [expires: 2022-02-15]
Initialise password store
Initialise password store, by providing
gpg key for the store encryption. Identify the key by username or keyID. The file
~/.password-store/.gpg-id will contain the key identifier passed on by
pass init <keyIdentifier>
$> $ pass init email@example.com # option.1 by the uid $> $ pass init B5FCCC7D6BE3B93F0B5569790046C0CB14D14757 # option.2 by the key fingerprint mkdir: created directory '/home/vagrant/.password-store/' Password store initialized for firstname.lastname@example.org $> $ pass ls Password Store $> $ pass insert user1 Enter password for user1: *** Retype password for user1: *** $> $ pass ls Password Store └── user1 $> $ pass user1 password123
GPG keys manipultaion
# Delete GPG key gpg2 --delete-secret-keys email@example.com gpg2 --delete-key firstname.lastname@example.org # delete a public key (from your public key ring) # delete an private key (a key on your private key ring) # This deletes the secret key from your secret key ring. gpg --delete-secret-key "User Name" # delete a public key (from your public key ring): gpg --delete-key "User Name" This removes the public key from your public key ring. # NOTE! If there is a private key on your private key ring associated with this public key, # you will get an error! You must delete your private key for this key pair from your private key ring first. # To list the keys in your public key ring: gpg --list-keys # To list the keys in your secret key ring: gpg --list-secret-keys