Saying goodbye to my passwords.txt file

First of all, I do not want to be judged for sharing this. I’m sure most people do this in some form or another. I, … I keep my passwords in one (rather lengthy) text file. There. I said it. However, the day has come, a day I did not think would ever come. Today, I opened my plain text file full of passwords, for the last time. Goodbye thesearemypasswords.txt, hello ‘Password Store’ (I promise it’s not actually called ‘thesearemypasswords.txt’, and regardless my storage is encrypted, so …).

Password management should be simple and follow Unix philosophy. With pass, each password lives inside of a gpg encrypted file whose filename is the title of the website or resource that requires the password. These encrypted files may be organized into meaningful folder hierarchies, copied from computer to computer, and, in general, manipulated using standard command line file management utilities.

You will need to install pass, on Arch Linux this is done via the following:

1
pacman -S pass

The first thing you will need to is create a gpg key if you do not already have one. You will be asked a bit of information here:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
user@box:~$ gpg --gen-key
gpg (GnuPG) 2.0.26; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection?
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) Yes
...
..
.

After you enter the initial data, there will come a point where you key pair is being generated, gpg will call for you to “perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation.” To aid in this entropy I ran the following:

1
find / -type f -exec md5sum {}

… and a few other things. Once that finishes you can verify the existance of this key with:

1
gpg --list-keys

Take note of the name you used. You will enter this as the key to use when initilizing the password store:

1
pass init "**the_name_you_used_here**"

This name/key is noted here in ~/.password-store/.gpg-id. Now you can add passwords. Generation and adding takes place at the same time.

1
2
3
4
5
6
7
8
9
10
11
user@box:~$ pass generate Email/test@test.com 15
mkdir: created directory '/home/user/.password-store/Email'
The generated password for Email/test@test.com is:
}X\d1DHtoX4B7'H
...
..
.
user@box:~$ pass
Password Store
|-- Email
`-- test@test.com

So far this is my favorite password manager. It’s simply and secure. There is also a feature that allows you to sync this with a git repository.

More information on usage and features can be found here.