Gnu Privacy Guard for password storage

Tags: security, gpg

For those confortable with the terminal, a simple and secure way of storing passwords or other sensitive data in encrypted text files is to use the symmetric cipher capabilities of GnuPG. Additional details are provided over at Tutonics.com1.

If you’re not sure which cipher to use, Tutonics report that AES is generally a safe and popular choice. To encrypt data using 256 bit AES, use the –cipher-algo AES256 option.

For example to encrypt a file called file.txt using this cipher, use:

gpg --symmetric --cipher-algo AES256 file.txt

This will produce file.txt.gpg containing the encrypted data.

You can call the resulting file whatever you like by using the -o (or –output) option.

gpg -o filename --symmetric --cipher-algo AES256 file.txt

To decrypt file.txt.gpg or whatever you called it, run:

gpg -o original_file.txt -d file.txt.gpg

If all you want is to access a password for a particular website for example it is annoying to decrypt a file, open it in a text editor then have to remember to delete the decrypted file when you’re done.

If you run

gpg -d file.text.gpg

in the terminal the decrypted output is echoed to the terminal window. If you save the website name, username, password etc on a single line then you can pipe the decrypted output to grep to only echo to the terminal the login credentials or secret data from lines which contain a specific search string.

gpg -d file.text.gpg | grep -i STRING

You can search for multiple search terms at the same time using pattern matching capabilities in grep with the -iE flag. The search terms are enclosed in inverted commas and separated by a pipe character.

gpg -d file.txt.gpg | grep -iE "term1|term2|term3|term4"

This makes it super efficient to extract in one short line all the login credentials you need for a batch of websites.


  1. http://www.tutonics.com/2012/11/gpg-encryption-guide-part-4-symmetric.html↩︎