1. Forum
  2. Fidonet
  3. PUBLIC KEYS

  • self-managed passwords with gpg

    From August Abolins@2:221/1.58 to All on Sun Feb 1 19:41:00 2026

    Just recently, I was steered to this site..

    https://www.passwordstore.org/

    And in there, I realized that a very simple self-managed password "vault" can be created with just using gpg from the command line.

    For example, if you wanted to store a password for Ebay..

    gpp -o pw-for-ebay.gpg -e -r [myID] -

    ..and the system will open stdin for typing. when done, hit new-line, and ctrl-C [probably ^D in linux], and the file is created with the string stored inside.

    H:\temp>gpg -o pw-for-ebay.gpg -e -r august -
    File 'pw-for-ebay.gpg' exists. Overwrite? (y/N) y
    updated pw is ... blahblahblah111
    ^C

    When you need to view the pw:

    H:\temp>gpg -d pw-for-ebay.gpg
    gpg: encrypted with 2048-bit RSA key, ID 583B29AD69D0999F, created 2020-01-02
    "August Abolins <august@kolico.ca>"
    updated pw is ... blahblahblah111

    So.. it's relatively simple to have a safe directory with all the pw*.gpg files like that.

    Combine that with rclone and a remote defined as "crypt", you can keep a copy of the directory in the cloud where you could access the contents from any other device that has rclone.





    --- OpenXP 5.0.64
    * Origin: What do you call an excavated pyramid? Unencrypted. (2:221/1.58)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Mon Feb 2 18:33:24 2026
    Hi August,

    On 2026-02-01 19:41:00, you wrote to All:

    Just recently, I was steered to this site..

    https://www.passwordstore.org/

    This could be useful if you only have a command line available. But even their examples only store passwords for websites, suggesting there is a browser and a gui available. If that is the case a gui password manager would be more user friendly.

    I've been a happy https://pwsafe.org/ user for many many years. Both on Linux and Windows.

    And in there, I realized that a very simple self-managed password
    "vault" can be created with just using gpg from the command line.

    For example, if you wanted to store a password for Ebay..

    gpp -o pw-for-ebay.gpg -e -r [myID] -

    ..and the system will open stdin for typing. when done, hit new-line, and
    ctrl-C [probably ^D in linux], and the file is created with the string stored
    inside.

    H:\temp>> gpg -o pw-for-ebay.gpg -e -r august -
    File 'pw-for-ebay.gpg' exists. Overwrite? (y/N) y
    updated pw is ... blahblahblah111
    ^C

    When you need to view the pw:

    H:\temp>> gpg -d pw-for-ebay.gpg
    gpg: encrypted with 2048-bit RSA key, ID 583B29AD69D0999F, created 2020-01-02
    "August Abolins <august@kolico.ca>"
    updated pw is ... blahblahblah111

    So.. it's relatively simple to have a safe directory with all the pw*.gpg files like that.

    Interesting, and maybe for emergency use, when a real password manager isn't available, but otherwise I don't find it very practical...


    Bye, Wilfred.

    --- FMail-lnx64 2.3.2.6-B20251227
    * Origin: FMail development HQ (2:280/464)
  • From August Abolins@2:221/1.58 to Wilfred van Velzen on Mon Feb 2 14:38:00 2026
    Hello Wilfred!

    I've been a happy https://pwsafe.org/ user for many many years. Both on Linux and Windows.

    I may have heard about it in the past. Looks good.


    gpg -o pw-for-ebay.gpg -e -r [myID] -

    [...]

    When you need to view the pw:

    H:\temp>> gpg -d pw-for-ebay.gpg


    Interesting, and maybe for emergency use, when a real password manager isn't available, but otherwise I don't find it very practical...

    Practical is exactly what it is! It doesn't rely on any other 3rd party software. And compatibility across OS changes is ensured.

    And.. a terminal is available to anyone, cmd-line or GUI.

    Just keep all the .gpg files in a easy to remember folder:

    C:\PW

    .. and list all of them with DIR (or ls) *.gpg

    Simple.

    Build it into a script for a faster list from any diretory:

    mypws, to produce the output of "dir c:\pw\*.gpg"


    I dunno.. I think the use of gpg manually keeps us sharp. "User-friendly" as an excuse to use GUI kinda makes us lazy and dumb.

    --
    ../|ug

    --- OpenXP 5.0.64
    * Origin: What do you call an excavated pyramid? Unencrypted. (2:221/1.58)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Mon Feb 2 21:05:24 2026
    Hi August,

    On 2026-02-02 14:38:00, you wrote to me:

    Interesting, and maybe for emergency use, when a real password
    manager isn't available, but otherwise I don't find it very
    practical...

    Practical is exactly what it is! It doesn't rely on any other 3rd party software. And compatibility across OS changes is ensured.

    And.. a terminal is available to anyone, cmd-line or GUI.

    Just keep all the .gpg files in a easy to remember folder:

    C:\PW

    .. and list all of them with DIR (or ls) *.gpg

    Simple.

    Build it into a script for a faster list from any diretory:

    mypws, to produce the output of "dir c:\pw\*.gpg"


    I dunno.. I think the use of gpg manually keeps us sharp. "User-friendly" as
    an excuse to use GUI kinda makes us lazy and dumb.

    Are you going to use this yourself for every day use?

    If so, let us know how you feel about it in a month or a year of usage... ;-)


    Bye, Wilfred.

    --- FMail-lnx64 2.3.2.6-B20251227
    * Origin: FMail development HQ (2:280/464)
  • From August Abolins@2:221/1.58 to Wilfred van Velzen on Mon Feb 2 17:56:00 2026
    Hello Wilfred!

    Are you going to use this yourself for every day use?

    If so, let us know how you feel about it in a month or a year of
    usage... ;-)

    I already do, as a kind of backup.

    But most of my passwords are rememered by the browser I use. And even those follow a "recipe" that I use to reconsistute any pw I need for any site - so, I don't really need to remember the password, just the way to build it.
    --
    ../|ug

    --- OpenXP 5.0.64
    * Origin: What do you call an excavated pyramid? Unencrypted. (2:221/1.58)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Tue Feb 3 10:47:04 2026
    Hi August,

    On 2026-02-02 17:56:00, you wrote to me:

    But most of my passwords are rememered by the browser I use. And even those follow a "recipe" that I use to reconsistute any pw I need for
    any site - so, I don't really need to remember the password, just the
    way to build it.

    That's not good practice! It makes them predictable...

    I just have my password manager generate a long random password, consisting of all possible characters, most of the time.


    Bye, Wilfred.

    --- FMail-lnx64 2.3.2.6-B20251227
    * Origin: FMail development HQ (2:280/464)
  • From August Abolins@2:221/1.58 to Wilfred van Velzen on Tue Feb 3 09:32:00 2026
    Hello Wilfred!


    But most of my passwords are rememered by the browser I use. And even
    those follow a "recipe" that I use to reconsistute any pw I need for
    any site - so, I don't really need to remember the password, just the
    way to build it.

    That's not good practice! It makes them predictable...

    The browser is for stuff online that doesn't have access for purchases or banking, just basic logins. And even some of those pws follow a formula/ recipe, so even they can be rebuilt easily.

    Nothing about the formula is predictable. Only I know it. It's only in my head. And.. depending on the circumstances for pw changes by some sites, even the tweeking follows a pseudo "rule".


    I just have my password manager generate a long random password, consisting of all possible characters, most of the time.

    That's fine, but even a set of "random" words or phrase is good enough.

    So.. as an example, a random phrase that is only meaningful to you, add some other uniqueness in some other way that only you know, and you have a pw that no one could guess, and it's something you can recover with only the technology of your brain. ;)






    --
    ../|ug

    --- OpenXP 5.0.64
    * Origin: What do you call an excavated pyramid? Unencrypted. (2:221/1.58)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Tue Feb 3 15:54:10 2026
    Hi August,

    On 2026-02-03 09:32:00, you wrote to me:

    Nothing about the formula is predictable. Only I know it. It's only
    in my head. And.. depending on the circumstances for pw changes by
    some sites, even the tweeking follows a pseudo "rule".

    How long are your passwords? Do they have pronouncable words/parts?

    I just have my password manager generate a long random password,
    consisting of all possible characters, most of the time.

    That's fine, but even a set of "random" words or phrase is good enough.

    Sure.

    So.. as an example, a random phrase that is only meaningful to you,

    When it's meaningful it's not random! ;-)

    add some other uniqueness in some other way that only you know, and
    you have a pw that no one could guess,

    "No one" isn't the problem. It's the automated password guessers that are your adversaries. And they can try thousands or probably milions of passwords in a second, and do that in a smart way.

    and it's something you can recover with only the technology of your
    brain. ;)

    Can you give an example for a ficticious website (without revealing your formula of course)?


    Bye, Wilfred.

    --- FMail-lnx64 2.3.2.6-B20251227
    * Origin: FMail development HQ (2:280/464)