Posts Tagged ‘gpg’

A *more* secure(-ish) crypted file

Monday, January 16th, 2012

I have been using two commands blogged about by a friend Steve Harris to store my passwords on my mac osx laptop. He illustrated two commands “useful” and “viuseful” which open an gpg encrypted file using less and vi respectively. Opening the file in less, allows for safe read-only access to the contents of the encrypted file. The vi mode of operation as described by Steve leaves a temporary copy of the file that exists in plaintext briefly while it’s being encrypted.

With a little help from one of my current colleagues Sid I have altered Steve’s example by writing the temp file to a ramdisk, which is subsequently srm’d.

The fact that this implementation never writes the contents of the unencrypted file to disk, I recon I can go as far as saying that it was a little *more* secure than Steve’s original post :)


#Password config
USEFUL_FILE="$HOME/.passwords/passwords.txt.gpg"
USEFUL_KEYID="XXXXXXXX"
RDLABEL="ramdisk"
RAMDISK="/Volumes/$RDLABEL" # Please no spaces
FILE="passtmp" # Please no spaces

function useful {
  gpg --trust-model always -d $USEFUL_FILE | less
}

function ramdisk {
  let SIZE=$1*2
  # Check if the ramdisk is already mounted
  if [[ $(mount | grep "$RAMDISK " | wc -l) -eq 0 ]]; then
    diskutil erasevolume HFS+ "$RDLABEL" $(hdiutil attach -nomount ram://$SIZE) &> /dev/null
  fi
}

function cleanup {
  if [[ -e "$RAMDISK/$FILE" ]]; then
    srm -f "$RAMDISK/$FILE"
    umount "$RAMDISK"
  fi
}

function viuseful {
  ramdisk 4096 # 4MB
  cp "$USEFUL_FILE" "$USEFUL_FILE~"
  vi '+set viminfo=' '+set noswapfile' '+r !gpg --trust-model always --quiet -d '"$USEFUL_FILE"' 2>/dev/null' '+1d' '+redraw!' "$RAMDISK/$FILE"
  if [ -s "$RAMDISK/$FILE" ]; then
    gpg --trust-model always --yes -r "$USEFUL_KEYID" -o "$USEFUL_FILE" -e "$RAMDISK/$FILE"
  else
   echo "File not changed"
  fi
  cleanup
}

So yeah, a big shout out to both Steve and Sid, for now I have a proprietary secure(-ish) way of storing all of various passwords.

If someone would like to tell me how to create the RAMDISK on a linux machine I would love to know :)

Tags:, , , , ,
Posted in OSX | No Comments »

Signing Mail on Snow Leopard

Thursday, August 19th, 2010

Yay finally, come across an update to the GPGMail plugin for Mail.app 4.3 on Snow Leopard. This is the one bit of functionality which I have missed since upgrading from Leopard to Snow Leopard, and have been searching for updates periodically for a while now.

This is fanstatic news, as I can now digitally sign my emails, with my GPG identity, which can be found linked to from my FOAF file.

Tags:, , ,
Posted in OSX | No Comments »