Re: mutt and plaintext passwords : muttrc encryption ?
this seems almost perfect to me. marvelous, elegant, general, thanks !
(so i do not dare to quote a piece of your email ..)
and is immensely less overkill than the solution I proposed.
still I can't stand the need of a wrapper.. if only one could use
multi line shell expansion, and place that `gpg --decrypt` straight into
the muttrc.
but Gandalf's advice is appropriated - this is enough for now :)
On 20080728@12:58, Kyle Wheeler wrote:
> On Monday, July 28 at 05:12 PM, quoth Michele Martone:
> > I was wondering about some way to protect the passwords potentially
> > stored in the mutt rc files (i have multiple acccounts, and I feel
> > unconfortable remembering and typing all of them each time using
> > mutt) on my Linux laptop.
>
> The obvious answer is: don't store them in the mutt rc files. Instead,
> store them somewhere in encrypted form and extract them when mutt is
> loaded. For example:
>
> set imap_pass=`getpassword user@host`
>
> Programs that can be used to do this include pwsafe
> (http://nsd.dyndns.org/pwsafe/) and passwords
> (http://passwords.sourceforge.net/).
>
> But you can do it even more simply than that! For example, you can use
> gpg to encrypt a file that looks like this:
>
> export ACCT1_PASS=thepassword
> export ACCT2_PASS=theotherpassword
> export ACCT3_PASS=yetanotherpassword
>
> Then, once you've encrypted it, you can create a wrapper command for
> mutt that will decrypt it and use it to put those passwords into
> mutt's environment:
>
> #!/bin/sh
> pwds=`gpg --decrypt ~/.passwords`
> eval "$pwds"
> exec mutt "$@"
>
> And finally, in your muttrc, you can simply have things like this:
>
> set imap_pass=$ACCT1_PASS
>
> or:
>
> account-hook account2 'set imap_pass=$ACCT2_PASS'
>
> Thus, you will be prompted once for a passphrase when mutt loads, and
> after that mutt will use those passwords as it needs them without
> additional overhead. Nothing will be stored in plaintext on disk, your
> encryption is guaranteed to be world-class, and best of all: it will
> work on virtually any Unix machine.
>
> > But how about storing a whole encrypted muttrc file and letting mutt
> > to decrypt it with some passphrase ?
>
> That seems like overkill to me.
>
> ~Kyle
> --
> All we have to decide is what to do with the time that is given us.
> -- Gandalf the Grey