Using ed(1) as a password manager
I recently came across
a
post on using vim as a password manager
so I thought I'd post a companion article on using
ed(1)
as a password manager.
The main goal is to be able to keep the secrets encrypted at all
times on disk, only decrypting within the active
ed(1)
session.
BSD
ed(1)
offers an
x
command (well,
OpenBSD removed it in revision 1.37 of
/src/bin/ed/main.c
"because DES")
that allows for weak DES encryption of the file. However, we
want stronger encryption and portability between various versions
of
ed(1)
so will ignore this option.
Writing our encrypted password file to disk
To begin, we'll open up
ed(1)
and add some password content
user@hostname$ ed a https://example.com Username: demo Password: Pa$$w0rd1 imaps://example.edu Username: jstudent@example.edu Password: ed(1)uc8 .
Now, instead of writing the unencrypted password file, we'll use
gnupg
to encrypt the file and write it out to the disk by piping the
file through
gpg
instructing it to write to our password file.
Note the trailing "-" which tells
gpg
to read the input from
stdin
.
gpg
will prompt for a passphrase and confirmation of that password.
w !gpg --symmetric --output passwords.gpg - Enter passphrase: Password1 Repeat passphrase: Password1 127
ed(1)
informs us that it successfully piped our 127 bytes of data
through
gpg
but we can confirm that the
passwords.gpg
file was written and then we can quit to go about our day:
!ls passwords.gpg passwords.gpg ! q
Reading our encrypted password file from disk
Now, we want to be able to look up a password to enter at some
future point. So we fire up
ed(1)
and decrypt our passwords.
user@hostname$ ed r !gpg --decrypt passwords.gpg Enter passphrase: Password1
We want to look up our log-in credentials for our email server so we issue
?imap.*edu imaps://example.edu + Username: jstudent@example.edu + Password: ed(1)uc8 Q
(Yes, using
"+"
can be replaced with just hitting
"<Enter>") Alternatively, we could use
grep(1)
or
sed(1)
to filter the results and show some context:
user@hostname$ gpg --decrypt passwords.gpg | grep -A2 example.com Enter passphrase: Password1 https://example.com Username: demo Password: Pa$$w0rd1 user@hostname$ gpg --decrypt passwords.gpg | sed -n '/example.com/,/^$/p' Enter passphrase: Password1 https://example.com Username: demo Password: Pa$$w0rd1
Modifying our password lists
Now we want to modify our document and/or change our master-password:
user@hostname$ ed r !gpg --decrypt passwords.gpg Enter passphrase: Password1 127 3s/Pa..w0rd1/Pbuttwrd1 Password: Pbuttwrd1 $a https://twitter.com/ Username: ed1conf Password: EyeDonutThinkSew . w !gpg --symmetric --output passwords.gpg - Enter passphrase: NewPassword2 Repeat passphrase: NewPassword2 File `passwords.gpg` exists. Overwrite? (y/N) y 194
And there you have it: using
ed(1)
as a password manager.