<<< Date Index >>>     <<< Thread Index >>>

Re: mutt and plaintext passwords : muttrc encryption ?



this seems almost perfect to me. marvelous, elegant, general, thanks !
(so i do not dare to quote a piece of your email ..)

and is immensely less overkill than the solution I proposed.

still I can't stand the need of a wrapper.. if only one could use
multi line shell expansion, and place that `gpg --decrypt` straight into
the muttrc.

but Gandalf's advice is appropriated - this is enough for now :)

On 20080728@12:58, Kyle Wheeler wrote:
> On Monday, July 28 at 05:12 PM, quoth Michele Martone:
> > I was wondering about some way to protect the passwords potentially 
> > stored in the mutt rc files (i have multiple acccounts, and I feel 
> > unconfortable remembering and typing all of them each time using 
> > mutt) on my Linux laptop.
> 
> The obvious answer is: don't store them in the mutt rc files. Instead, 
> store them somewhere in encrypted form and extract them when mutt is 
> loaded. For example:
> 
> set imap_pass=`getpassword user@host`
> 
> Programs that can be used to do this include pwsafe 
> (http://nsd.dyndns.org/pwsafe/) and passwords 
> (http://passwords.sourceforge.net/).
> 
> But you can do it even more simply than that! For example, you can use  
> gpg to encrypt a file that looks like this:
> 
>      export ACCT1_PASS=thepassword
>      export ACCT2_PASS=theotherpassword
>      export ACCT3_PASS=yetanotherpassword
> 
> Then, once you've encrypted it, you can create a wrapper command for 
> mutt that will decrypt it and use it to put those passwords into 
> mutt's environment:
> 
>      #!/bin/sh
>      pwds=`gpg --decrypt ~/.passwords`
>      eval "$pwds"
>      exec mutt "$@"
> 
> And finally, in your muttrc, you can simply have things like this:
> 
>      set imap_pass=$ACCT1_PASS
> 
> or:
> 
>      account-hook account2 'set imap_pass=$ACCT2_PASS'
> 
> Thus, you will be prompted once for a passphrase when mutt loads, and 
> after that mutt will use those passwords as it needs them without 
> additional overhead. Nothing will be stored in plaintext on disk, your 
> encryption is guaranteed to be world-class, and best of all: it will 
> work on virtually any Unix machine.
> 
> > But how about storing a whole encrypted muttrc file and letting mutt 
> > to decrypt it with some passphrase ?
> 
> That seems like overkill to me.
> 
> ~Kyle
> -- 
> All we have to decide is what to do with the time that is given us.
>                                                     -- Gandalf the Grey