Re: mutt and plaintext passwords : muttrc encryption ?

To: Kyle Wheeler <kyle-mutt@xxxxxxxxxxxxxx>
Subject: Re: mutt and plaintext passwords : muttrc encryption ?
From: Michele Martone <m.m@xxxxxxxxxxxxx>
Date: Mon, 28 Jul 2008 21:53:41 +0100
Cc: mutt-users <mutt-users@xxxxxxxx>
In-reply-to: <20080728175800.GE23674@xxxxxxxxxxxxx>
List-post: <mailto:mutt-users@mutt.org>
List-unsubscribe: send mail to majordomo@mutt.org, body only "unsubscribe mutt-users"
References: <20080728161249.GA9106@localhost> <20080728175800.GE23674@xxxxxxxxxxxxx>
Sender: owner-mutt-users@xxxxxxxx
User-agent: Mutt/1.5.11

this seems almost perfect to me. marvelous, elegant, general, thanks !
(so i do not dare to quote a piece of your email ..)

and is immensely less overkill than the solution I proposed.

still I can't stand the need of a wrapper.. if only one could use
multi line shell expansion, and place that `gpg --decrypt` straight into
the muttrc.

but Gandalf's advice is appropriated - this is enough for now :)

On 20080728@12:58, Kyle Wheeler wrote:
> On Monday, July 28 at 05:12 PM, quoth Michele Martone:
> > I was wondering about some way to protect the passwords potentially 
> > stored in the mutt rc files (i have multiple acccounts, and I feel 
> > unconfortable remembering and typing all of them each time using 
> > mutt) on my Linux laptop.
> 
> The obvious answer is: don't store them in the mutt rc files. Instead, 
> store them somewhere in encrypted form and extract them when mutt is 
> loaded. For example:
> 
> set imap_pass=`getpassword user@host`
> 
> Programs that can be used to do this include pwsafe 
> (http://nsd.dyndns.org/pwsafe/) and passwords 
> (http://passwords.sourceforge.net/).
> 
> But you can do it even more simply than that! For example, you can use  
> gpg to encrypt a file that looks like this:
> 
>      export ACCT1_PASS=thepassword
>      export ACCT2_PASS=theotherpassword
>      export ACCT3_PASS=yetanotherpassword
> 
> Then, once you've encrypted it, you can create a wrapper command for 
> mutt that will decrypt it and use it to put those passwords into 
> mutt's environment:
> 
>      #!/bin/sh
>      pwds=`gpg --decrypt ~/.passwords`
>      eval "$pwds"
>      exec mutt "$@"
> 
> And finally, in your muttrc, you can simply have things like this:
> 
>      set imap_pass=$ACCT1_PASS
> 
> or:
> 
>      account-hook account2 'set imap_pass=$ACCT2_PASS'
> 
> Thus, you will be prompted once for a passphrase when mutt loads, and 
> after that mutt will use those passwords as it needs them without 
> additional overhead. Nothing will be stored in plaintext on disk, your 
> encryption is guaranteed to be world-class, and best of all: it will 
> work on virtually any Unix machine.
> 
> > But how about storing a whole encrypted muttrc file and letting mutt 
> > to decrypt it with some passphrase ?
> 
> That seems like overkill to me.
> 
> ~Kyle
> -- 
> All we have to decide is what to do with the time that is given us.
>                                                     -- Gandalf the Grey

Follow-Ups:
- Re: mutt and plaintext passwords : muttrc encryption ?
  - From: Michael Kjorling
- Re: mutt and plaintext passwords : muttrc encryption ?
  - From: Kyle Wheeler
- Re: mutt and plaintext passwords : muttrc encryption ?
  - From: Michele Martone

References:
- mutt and plaintext passwords : muttrc encryption ?
  - From: Michele Martone

Prev by Date: Re: mutt and plaintext passwords : muttrc encryption ?
Next by Date: Re: mutt and plaintext passwords : muttrc encryption ?
Previous by thread: Re: mutt and plaintext passwords : muttrc encryption ?
Next by thread: Re: mutt and plaintext passwords : muttrc encryption ?
Index(es):
- Date
- Thread