Manage passwords with gpgpwd
Secure Safe

© Lead Image © DmytroDemianenko, 123RF.com
The gpgpwd command-line program manages a list of passwords and matching usernames.
People order new electronic gadgets on Amazon, communicate with friends on Facebook, and organize their appointments with a Google calendar. These and many other Internet services all require you to log in with a username and password. The passwords should be both fairly long and fairly cryptic, and it is a good idea to use a different username for each service. Secure passwords and dissimilar usernames make it difficult for attackers to break in, but you'll need to remember a huge collection of login credentials.
A tool that helps you stay organized is gpgpwd [1]. Gpgpwd remembers all of your passwords and the matching usernames. When you register with a new service, you don't even need to think of a new password: Gpgpwd automatically suggests a random and secure password for you. It stores all of your login data in an encrypted file, thus keeping your credentials safe, even if somebody else steals the file or your computer.
Installing a Safe
To get started with gpgpwd, you need to use your package manager to install a Perl environment (version 5.10 at least), the Perl modules JSON and Try::Tiny, and the GnuPG, Git, and xclip programs.
Git
Friends of the Git version management system can use it to synchronize stored passwords across multiple computers. To do this, first check the password file into a new Git repository using the gpgpwd git init
command. Before gpgpwd makes any changes to the file in the future, it first issues a git pull
, then writes the changes, and finally issues a git commit
followed by git push
.
The gpgpwd git pull
, gpgpwd git fetch
, and gpgpwd git push
commands let you synchronize the Git file with other Git repositories. In a similar fashion, gpgpwd git clone git://example.com/gpgpwd/
clones the gpgpwd
repository stored on git://example.com/gpgpwd/
.
Perl is installed by default by most distributions. If you use Ubuntu, the following command will install all of the required packages.
$ sudo apt-get install libjson-perl libtry-tiny-perl gnupg xclip git
Next, download the archive with the current version of gpgpwd [2] to any folder on your hard disk. Pop up a terminal window and change to the folder created in the previous step: When you get there, call sudo make install
. Now, any user on the system can benefit from gpgpwd.
Key Maker
Gpgpwd does not encrypt the file with the passwords itself; instead, it delegates this job to GnuPG [3]. Just as with a physical padlock, GnuPG uses a key for this process. You need to create a key once only with the gpg --gen-key
command, which will prompt you for a couple of settings.
You can press the Enter key to respond to the first question, then type 4096 for the second question, and use the defaults for the third question. Confirm the fourth question by typing y (Figure 1). Next, enter your complete name and your email address. You can again press Enter to confirm the Comment and wind up by pressing f to finish.

Gpgpwd and GnuPG will not insert the key into the padlock protecting the file until you supply the password you agreed upon previously. You need to know this password to be able to open the file and view or modify the credentials stored in it. Thus, this password is known as the master password, and it is the only password that you will need to remember in future. However, because it provides access to all your other passwords, you should choose it wisely and make sure it is cryptic. Needless to say, it should never get into the hands of a third party.
Choose a suitable master password with care and enter it. A new window might appear for this – on Ubuntu, it will tend to be in the top right corner. To rule out typos, you need to enter the password again. Then, GnuPG needs a couple of random numbers. You can speed up the process of collecting them by continuing to work normally with your system for a while.
If you have worked with GnuPG previously and generated other keys, you can simply select a suitable key: Stupidly, gpgpwd tells GnuPG to encrypt the password file with the default key. You just need to select the newly created key explicitly in the ~/.gnupg/gpg.conf
file as the default. The gpg --list-keys
command shows the key IDs you will need for this process.
Packaged
Now gpgpwd can finally start managing your passwords. To save your access credentials for Amazon.com, for example, you need to type gpgpwd set amazon.com
. As shown in Figure 2, gpgpwd now sets a randomly generated password. If you are registering with Amazon for the first time, there is nothing to stop you from using this password. Then, press Enter to tell gpgpwd to save it directly.
If you already have an Amazon user account, you can simply type your current password. In both cases, gpgpwd will want to know your username. In the example, this is the email address used to register with Amazon. Finally, you will need to provide the master password.
Gpgpwd saves your usernames and passwords in the ~/.config/gpgpwd.db
file, which GnuPG encrypts with the previously generated key following each action. If you want to change the storage location, you can use the -p
switch to define an arbitrary location. The command
$ gpgpwd set amazon.com -p ~/documents/letter.bin
would send your passwords to the ~/documents/letter.bin
file.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Direct Download
Read full article as PDF:
Price $2.95
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
News
-
Armbian 23.05 is Now Available
Based on Debian 12, the latest version of the ARM/RISC-V distribution is now available to download and install.
-
Linux Mint Finally Receiving Support for Gestures
If you use the Linux Mint Cinnamon desktop, you'll be thrilled to know that 21.2 is getting support for gestures on touchscreen devices and touchpads.
-
An All-Snap Version of Ubuntu is In The Works
Along with the standard deb version of the open-source operating system, Canonical will release an-all snap version.
-
Mageia 9 Beta 2 Ready for Testing
The latest beta of the popular Mageia distribution now includes the latest kernel and plenty of updated applications.
-
KDE Plasma 6 Looks to Bring Basic HDR Support
The KWin piece of KDE Plasma now has HDR support and color management geared for the 6.0 release.
-
Bodhi Linux 7.0 Beta Ready for Testing
The latest iteration of the Bohdi Linux distribution is now available for those who want to experience what's in store and for testing purposes.
-
Changes Coming to Ubuntu PPA Usage
The way you manage Personal Package Archives will be changing with the release of Ubuntu 23.10.
-
AlmaLinux 9.2 Now Available for Download
AlmaLinux has been released and provides a free alternative to upstream Red Hat Enterprise Linux.
-
An Immutable Version of Fedora Is Under Consideration
For anyone who's a fan of using immutable versions of Linux, the Fedora team is currently considering adding a new spin called Fedora Onyx.
-
New Release of Br OS Includes ChatGPT Integration
Br OS 23.04 is now available and is geared specifically toward web content creation.