Re: mutt and plaintext passwords : muttrc encryption ?
- To: mutt-users <mutt-users@xxxxxxxx>
- Subject: Re: mutt and plaintext passwords : muttrc encryption ?
- From: Kyle Wheeler <kyle-mutt@xxxxxxxxxxxxxx>
- Date: Mon, 28 Jul 2008 16:24:06 -0500
- Comment: DomainKeys? See http://domainkeys.sourceforge.net/
- Dkim-signature: v=1; a=rsa-sha1; c=relaxed; d=memoryhole.net; h=date :from:to:subject:message-id:references:mime-version:content-type :in-reply-to; s=default; bh=7yNVpH3ZGv4dwrS/OlBEEwIysH4=; b=NucT aIzGyPfnCFj/nMN34fFi+/1rY5mUPzBpEoD/bej0MJ6B4lSrgp45pVQBLb296HBI 3fDHP3/85gmP5nsnj+SzvtPwXZS+nHfcngPqJNMjf2M0795ZS69KUVPoUjYT+yp/ g2Z+ExNG44Cl6y8GGHsytbAC0k6nlPXc0sCXOTQ=
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=memoryhole.net; b=NLPi7Rs2Hh6asuFwZ3Ee7XCH1zSjOtJqtRum/dpeV4EGjeARgE0kzNEP6ATL6xObq3IoLL0IRGv8+V1l4u9oxEoy2G3vrmiPhRa6bp0avkUwAl/21HF1+6CMEzwCtdJ4cSzOHGNwx845QI+0LXQLy4C+i2+WTFHiXFxzfCTIShA=; h=Received:Received:Date:From:To:Subject:Message-ID:Mail-Followup-To:References:MIME-Version:Content-Type:Content-Disposition:In-Reply-To:OpenPGP:User-Agent;
- In-reply-to: <20080728205341.GB15524@localhost>
- List-post: <mailto:mutt-users@mutt.org>
- List-unsubscribe: send mail to majordomo@mutt.org, body only "unsubscribe mutt-users"
- Mail-followup-to: mutt-users <mutt-users@xxxxxxxx>
- Openpgp: id=CA8E235E; url=http://www.memoryhole.net/~kyle/kyle-pgp.asc; preference=signencrypt
- References: <20080728161249.GA9106@localhost> <20080728175800.GE23674@xxxxxxxxxxxxx> <20080728205341.GB15524@localhost>
- Sender: owner-mutt-users@xxxxxxxx
- User-agent: Mutt/1.5.18 (2008-07-21)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Monday, July 28 at 09:53 PM, quoth Michele Martone:
> this seems almost perfect to me. marvelous, elegant, general, thanks !
> (so i do not dare to quote a piece of your email ..)
Happy to help!
> still I can't stand the need of a wrapper.. if only one could use
> multi line shell expansion, and place that `gpg --decrypt` straight
> into the muttrc.
Well, I thought about that. We can solve it, but there are drawbacks
(such as needing other software, or using a temporary file).
For example, if you use gpg-agent to store your passphrase, then you
can encrypt each password as its own file:
echo password | gpg --encrypt -o ~/.acct1_pass
echo password2 | gpg --encrypt -o ~/.acct2_pass
Then put this into your muttrc:
set my_acct1_pass=`gpg --decrypt ~/.acct1_pass`
set my_acct2_pass=`gpg --decrypt ~/.acct2_pass`
account-hook account2 'set imap_pass=$my_acct2_pass'
The key to making that convenient, though, is using gpg-agent to store
your passphrase (so you don't have to enter it multiple times).
If mutt could pass $my_* variables into shell escapes (or could
directly manipulate its own variables the way that bash can (e.g.
${my_acctpwds#*:})), then you could try using a separator character in
your passwords (such as a colon) and then figure them out within the
muttrc. For example, you could create the encrypted file like so:
echo password1:password2 | gpg --encrypt -o ~/.acctpwds
Then put this in your muttrc:
set my_acctpwds=`gpg --decrypt ~/.acctpwds`
set my_acct1_pass=`echo $my_acctpwds | cut -d: -f1`
set my_acct2_pass=`echo $my_acctpwds | cut -d: -f2`
But, of course, since you can't do that... c'est la vie. :)
Now, it's also possible to use a temporary file to do this:
set my_acctpwds=`gpg --decrypt ~/.acctpwds > ~/tmp/acctpwds`
set my_acct1_pass=`cut -d: -f1 ~/tmp/acctpwds`
set my_acct2_pass=`cut -d: -f2 ~/tmp/acctpwds ; rm ~/tmp/acctpwds`
But that's obviously suboptimal if you're trying to avoid ever having
that stuff on disk in plain text. It may be more acceptable if you
have a memory-only filesystem somewhere (such as tempfs on Linux), but
we're getting into the realm of specialized software again.
~Kyle
- --
I am ready to meet my Maker. Whether my Maker is ready for the great
ordeal of meeting me is another matter.
-- Winston Churchill
-----BEGIN PGP SIGNATURE-----
Comment: Thank you for using encryption!
iEYEARECAAYFAkiOOPYACgkQBkIOoMqOI17KYwCeKXdZMcTLvL/yDoLib7TrQXR9
BasAoJxchtRVq0yZfSs77uX5nUMRYk1v
=EBqZ
-----END PGP SIGNATURE-----