Simple password management with Bash and GPG

A while ago I was looking for a password management solution that I could trust, so of course being as paranoid as I am I decided to write my own. Now I’ve decided to share what I came up with.

My system takes the form of two bash functions which inhabit my .bashrc file. First is a password generation function:

# function to generate a new password and add it to the secure file
# also copies the new password to the clipboard
# clipboard is cleared automatically after 10 seconds
pwg()
{
    CB=$(xclip -selection clipboard -out)
    gpg --decrypt $HOME/secure.txt.gpg > $HOME/secure.txt
    PW=$(pwgen -n 12 1)
    echo "$PW   $1" >> $HOME/secure.txt
    gpg --encrypt --recipient $MY_EMAIL $HOME/secure.txt
    rm $HOME/secure.txt

    echo $PW | xclip -selection clipboard
    echo
    echo "New password copied to clipboard!"
    echo "You have 10 seconds..."
    sleep 10
    echo $CB | xclip -selection clipboard
}

This generates a 12 character alphanumeric password using pwgen and appends it to my password file along with a user supplied token (which is later used to retrieve the password. The password file is a tab separated file stored in the the home directory and encrypted with GPG. The password is copied to the clipboard with the xclip tool, where it stays for ten seconds before being wiped.

The second part of the system is a function to retrieve the password:

# function to retrieve a password from the secure file and copy it to the clipboard
# clipboard is cleared automatically after 10 seconds
pw()
{
    CB=$(xclip -selection clipboard -out)
    gpg --decrypt $HOME/secure.txt.gpg | grep $1 | cut -f1 | xclip -selection clipboard
    echo
    echo "Password copied to clipboard!"
    echo "You have 10 seconds..."
    sleep 10
    echo $CB | xclip -selection clipboard
}

This function grabs the password from the secure file and again copies it to the clipboard ready to be pasted to wherever it is needed. Again the clipboard is cleared after ten seconds to prevent passwords hanging around to long.

To use these function just place them in your .bashrc file along with a definition of the MY_EMAIL variable (to allow GPG to find your key) and then source the file (or restart bash). Obviously you’ll need GPG, pwgen and xclip which on Fedora can be installed with:

$ sudo yum install gnupg pwgen xclip

Usage is very simple, just run each function in a terminal with an identification token as the argument:

$ pwg test

<GPG PROMPTS FOR PASSPHRASE>

File `secure.txt.gpg` exists. Overwrite? (y/N) y

New password copied to clipboard!
You have 10 seconds...
[robert@riker ~]$ pw test

<GPG PROMPTS FOR PASSPHRASE>

Password copied to clipboard!
You have 10 seconds...

That’s it! Feel free to give it a try. Improvments are most welcome, so please post them in the comments section.

Quick QR Code Generation

QR Codes are a really easy way to share information between your desktop or laptop and a smartphone, which don’t have the privacy issues inherent in Google’s Chrome To Phone. The excellent FOSS Barcode Scanner app for Android makes scanning these codes and opening the scanned data a breeze. However, generating them on the desktop can be a bit of a pain. There are several websites, browser addons and APIs for generating these codes, but up until now I haven’t found anything really quick and easy.

That is until today, when I discovered the ‘qrencode’ utility. Qrencode does exactly what it says on the tin. It takes some text, encodes it as a QR Code and writes the result as a PNG file. It’s a simple command line tool, which opens up awesome scripting possibilities.

My use case is simply to send the URL of a web page that I’m viewing on my desktop to my phone, via QR Code. I found that qrencode was quite happy to write its output to stdout, which meant I could display the result directly using ImageMagick’s ‘display’ command, e.g:

$ qrencode http://blog.webworxshop.com -o - | display

You’ll notice that by default the QR Code is quite small. We can fix this by increasing the block size:

$ qrencode http://blog.webworxshop.com -s 10 -o - | display

Next, I wanted to automatically pull the text to encode from somewhere to save typing – the clipboard was an ideal candidate. Enter ‘xclip’. Xclip is a command line utility to read and write from/to the X system’s built in clipboard. I used bash’s backtick command substitution to grab text from the clipboard and encode it:

$ qrencode `xclip -o` -s 10 -o - | display

And there you have it, a simple one line command to generate and display a QR Code from the contents of the clipboard. I created a bash script containing the command and assigned it to a keyboard shortcut in Gnome (Ctrl-Shift-Q), so that sharing URLs to my phone is as simple as selecting the text in the location bar and hitting Ctrl-C followed by Ctrl-Shift-Q.

If you want to give this a try, you’ll need to install the utilities discussed, in Fedora these can be installed with:

$ sudo yum install qrencode xclip ImageMagick

Enjoy!