Difference between revisions of "Password Safe with Vim and OpenSSL"

From Noah.org
Jump to: navigation, search
m (Download)
m (Simple password safe)
 
Line 32: Line 32:
 
== Simple password safe ==
 
== Simple password safe ==
  
If you edit any file named .auth.bfa then this plugin will decode the file and also add folding features and an automatic quit timeout. The full name is .auth.bfa, not just the extension. Only a file named .auth.bfa will get these extra password safe features.
+
Any file named '''.auth.aes''' is treated special. These files are treated as '''password-safe''' file. These files will have additional features enabled that include folding features and a timeout to automatically close the password file. That's not just the extension. The full filename is '''.auth.bfa''' including the leading dot. Only files named '''.auth.bfa''' will get these extra password-safe features.
  
Vim will quit automatically after 5 minutes of no typing activity (unless the file has been changed).
+
The timeout feature is to designed to protect the password file in case you forget to close it. The password file will be automatically closed after 5 minutes of activity. The timeout does not apply if you have edited the password file without saving.
  
This plugin will fold on wiki-style headlines with the following form:
+
This folding feature will fold on section on wiki-style headlines. Wiki headlines are lines with the following form:
  
 
     == This is a headline ==
 
     == This is a headline ==
  
Any notes under the headline will be inside the fold until the next headline is reached. The SPACE key will toggle a fold open and closed. The q key will quit Vim. Create the following example file named ~/.auth.bfa:
+
Any lines beneath a headline will be folded inside the headline until the next headline is reached. The '''SPACE''' key will toggle a fold open and closed. This makes it easy to browse and organize your passwords. Just move the cursor over a password you want to view and hit ...SPACE'''.
 +
 
 +
Create the following example file named ~/.auth.bfa:
  
 
     == Colo server ==
 
     == Colo server ==
Line 48: Line 50:
 
     username: peter
 
     username: peter
 
     password: 4m4z1ng
 
     password: 4m4z1ng
 +
    == Gmail login ==
 +
    email: araneaedude@gmail.com
 +
    username: araneaedude
 +
    password: w3bw0rk3r
  
Then create a bash alias:
+
When you open the password file it will be displayed like this:
  
     alias auth='view ~/.auth.bfa'
+
     == Colo server ==
 +
    == Office server ==
 +
    == Gmail login ==
  
Now you can view your password safe by typing "auth". When Vim starts all the password information will be hidden under the headlines. To view the password information put the cursor on the headline and press SPACE.
+
You can make this even easier by adding the following shell alias. I have this in my .bashrc file:
 +
 
 +
    alias auth='view ~/.auth.bfa'
  
 
== Download ==
 
== Download ==

Latest revision as of 17:25, 22 May 2010

Vim can make a very nice and very secure password safe (protected by OpenSSL). All you have to do is allow Vim to read OpenSSL encrypted files. This is easy with the plugin described below. The only external requirement besides Vim is that you have openssl installed (which almost every Linux and BSD system will have). This works on any Unix system or Windows with Cygwin.

Edit OpenSSL encrypted files with Vim

This Vim plugin will allow editing of files that have been encrypted with OpenSSL. It recognizes the encryption type based on the file extension. When you write the file it will be automatically encrypted with the cipher that matches the file extension. The following extensions are recognized:

 .des3 .aes .bf .bfa .idea .cast .rc2 .rc4 .rc5
 (.bfa is base64 ASCII encoded blowfish)

The only requirement is that you have `openssl` in your path.

This plugin will turn off the swap file and .viminfo log. This is so you don't have to worry about Vim leaking the contents of the encrypted file through a swap file or through saved registers.

You can start by editing an empty unencrypted file with a .bfa extension. When you write the file you will be asked for a password. The file will be encrypted with the Blowfish cipher and base64 ASCII encoded.

This plugin can also make a backup of an encrypted file before writing changes. This helps guard against the situation where you may edit a file and write changes with the wrong password. This way, if you accidentally had CapsLock on while assigning a new password you can still go back to the previous version. The backup file will have the same name as the original file with .bak before the original extension. For example:

 .auth.bfa  -->  .auth.bak.bfa

To turn on backups put the following global definition in your .vimrc file:

 let g:openssl_backup = 1

Install

Put this openssl.vim plugin in your plugin directory and Vim will automatically load it. Typically it will go here:

   ~/.vim/plugin/openssl.vim

Simple password safe

Any file named .auth.aes is treated special. These files are treated as password-safe file. These files will have additional features enabled that include folding features and a timeout to automatically close the password file. That's not just the extension. The full filename is .auth.bfa including the leading dot. Only files named .auth.bfa will get these extra password-safe features.

The timeout feature is to designed to protect the password file in case you forget to close it. The password file will be automatically closed after 5 minutes of activity. The timeout does not apply if you have edited the password file without saving.

This folding feature will fold on section on wiki-style headlines. Wiki headlines are lines with the following form:

   == This is a headline ==

Any lines beneath a headline will be folded inside the headline until the next headline is reached. The SPACE key will toggle a fold open and closed. This makes it easy to browse and organize your passwords. Just move the cursor over a password you want to view and hit ...SPACE.

Create the following example file named ~/.auth.bfa:

   == Colo server ==
   username: maryjane
   password: esydpm
   == Office server ==
   username: peter
   password: 4m4z1ng
   == Gmail login ==
   email: araneaedude@gmail.com
   username: araneaedude
   password: w3bw0rk3r

When you open the password file it will be displayed like this:

   == Colo server ==
   == Office server ==
   == Gmail login ==

You can make this even easier by adding the following shell alias. I have this in my .bashrc file:

   alias auth='view ~/.auth.bfa'

Download

Click to download openssl.vim <include src="http://www.noah.org/engineering/src/dotfiles/.vim/plugin/openssl.vim" />