Skip to main content

Using ed(1) as a password manager

Tim Chase

I recently came across a post on using vim as a password manager so I thought I'd post a companion article on using ed(1) as a password manager.

The main goal is to be able to keep the secrets encrypted at all times on disk, only decrypting within the active ed(1) session.

BSD ed(1) offers an x command (well, OpenBSD removed it in revision 1.37 of /src/bin/ed/main.c "because DES") that allows for weak DES encryption of the file. However, we want stronger encryption and portability between various versions of ed(1) so will ignore this option.

Writing our encrypted password file to disk

To begin, we'll open up ed(1) and add some password content 

user@hostname$ ed
a
https://example.com
Username: demo
Password: Pa$$w0rd1

imaps://example.edu
Username: jstudent@example.edu
Password: ed(1)uc8

.

Now, instead of writing the unencrypted password file, we'll use gnupg to encrypt the file and write it out to the disk by piping the file through gpg instructing it to write to our password file. Note the trailing "-" which tells gpg to read the input from stdin. gpg will prompt for a passphrase and confirmation of that password. 

w !gpg --symmetric --output passwords.gpg -
Enter passphrase: Password1
Repeat passphrase: Password1
127

ed(1) informs us that it successfully piped our 127 bytes of data through gpg but we can confirm that the passwords.gpg file was written and then we can quit to go about our day: 

!ls passwords.gpg
passwords.gpg
!
q

Reading our encrypted password file from disk

Now, we want to be able to look up a password to enter at some future point. So we fire up ed(1) and decrypt our passwords. 

user@hostname$ ed
r !gpg --decrypt passwords.gpg
Enter passphrase: Password1

We want to look up our log-in credentials for our email server so we issue 

?imap.*edu
imaps://example.edu
+
Username: jstudent@example.edu
+
Password: ed(1)uc8
Q

(Yes, using "+" can be replaced with just hitting "<Enter>") Alternatively, we could use grep(1) or sed(1) to filter the results and show some context: 

user@hostname$ gpg --decrypt passwords.gpg | grep -A2 example.com
Enter passphrase: Password1
https://example.com
Username: demo
Password: Pa$$w0rd1
user@hostname$ gpg --decrypt passwords.gpg | sed -n '/example.com/,/^$/p'
Enter passphrase: Password1
https://example.com
Username: demo
Password: Pa$$w0rd1

Modifying our password lists

Now we want to modify our document and/or change our master-password: 

user@hostname$ ed
r !gpg --decrypt passwords.gpg
Enter passphrase: Password1
127
3s/Pa..w0rd1/Pbuttwrd1
Password: Pbuttwrd1
$a
https://twitter.com/
Username: ed1conf
Password: EyeDonutThinkSew

.
w !gpg --symmetric --output passwords.gpg -
Enter passphrase: NewPassword2
Repeat passphrase: NewPassword2
File `passwords.gpg` exists. Overwrite? (y/N) y
194

And there you have it: using ed(1) as a password manager.