gpgedit - minimalist password management
Copyright (c) 2013 Tobias Dammers.
This software is distributed under a BSD-style license; see the enclosed
LICENSE file for the actual license text.
WHAT IS IT?
gpgedit is a simple wrapper around GnuPG (gpg), that simplifies managing
arbitrary secrets in text files, typically login credentials, passwords, API
keys and similar information.
I wrote it to replace my previous manual routine of storing passwords in
GPG-encrypted files and decrypting them to clear-text files for editing; the
manual approach was prone to human errors (deleting the wrong file, or failing
to delete the clear-text file), and also rather clumsy. Being a programmer, I
automated the manual routine in a little python script, and while I was at it,
I changed it to be yet a bit more secure (most notably, I'm using the
`mkstemp()` routine which throws in a few measures to make the tempfile less
likely to be tampered with than a regular text file).
HOW IT WORKS
gpgedit has two modes of operation: editing and showing. The `edit` command
creates or updates an existing secret file by decrypting it into a tempfile,
calling your favorite editor on it (`$EDITOR`), encrypting the tempfile back
into the original secret file using the same recipients, and finally deleting
the tempfile. The `show` command simply outputs the decrypted tempfile on
STDOUT; if you want to write it to the system clipboard, consider something
gpgedit decrypts to a tempfile; special care is taken to keep this file hidden
from other processes (see
details). However, there are possible attack vectors on such tempfiles:
- If the partition on which the tempfile is stored is not encrypted, it may be
possible to recover the information in it simply by mounting the disk into a
different system and inspecting it at the block level.
- While editing the tempfile, the secret is stored unencrypted in system RAM as
well as the temp dir; this means that malware that is active while editing
may compromise your secrets, e.g. keyloggers, memory scanners, etc.
- Encryption is only as strong as the key; so be careful with your keys, even
if they are protected with a passphrase.
- In general, be sure to understand how this tool works before using it. You
should make an educated decision in balancing security and privacy against
convenience and pragmatism.
- Terminal emulators can have fairly long scrollback buffers, and things like
screen or tmux may keep STDOUT data around for quite a long time, with
considerable attack surface. If you print secrets on STDOUT, keep this in
- The Python script uses exception handling to make sure the tempfile gets
deleted. However, if you hard-kill the script before it reaches the `finally`
block (e.g. `kill -9`), the tempfile containing the clear-text secret will
not be deleted until the tempdir is cleaned up (typically at reboot). There
is little I can do about this, due to the nature of SIGKILL.
* A UNIX-like OS (tested on Debian 7.0, but should work on most other
* Python 2.x (3.x might work but is untested)
To install, simply check out the latest version from
[git](https://bitbucket.org/tdammers/gpgedit), and put the `gpgedit` file
somewhere on your path.
`$EDITOR` should point to your favorite editor; to check, just type `echo
$EDITOR` at a command prompt. This should print something like `/usr/bin/vim`
or `/usr/bin/nano` or whatever your editor of choice is. If it's empty, add
something like `export EDITOR=/usr/bin/nano` to the appropriate startup files
(.xsession, .profile, .bashrc, as required) and re-login. If you have done it
correctly, typing `$EDITOR` at a command prompt should fire up your editor.
To create a new secret:
gpgedit edit path/to/secret.gpg
This will create a new empty secret file and open it in your editor. Write down
your secret, save and exit. Then gpg will be run, and since you're creating a
new secret, it will ask you for recipients. Once you're done entering
recipients, gpgedit will delete your clear-text secret and leave you with just
the secret. Note that if you haven't added yourself to the recipients, you will
be unable to decrypt your own secret file!
To extract a secret:
gpgedit show path/to/secret.gpg
This will ask for your passphrase (if your private key is protected with one,
as it should), and then output the clear-text message on STDOUT.
To extract a secret and copy it directly to the system clipboard using xclip:
gpgedit show path/to/secret.gpg | xclip -i
(Note that the system clipboard is rather easy to access, so you may want to
avoid this as an extra precaution).
To delete a secret:
Feel free to contact me for bug reports, feature requests, questions, success
If you want to fork this project, by all means be my guest. I would love to
hear from you when you do, but this is absolutely not a requirement at all.