Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
What's a good password manager for Linux?
A few (optional) conditions (in order of preference):
1. It's free
2. It supports ssh, gpg, etc.
3. It has a GUI (a nice one with gtk/qt support)
4. It's (properly) secure
5. It has FIDO U2FA support (i.e. supports physical security keys like Yubikey or Solo)
6. It has a browser extension
7. It's compatible/non-conflicting with gnome-keyring16 -
Well since vim & git has already been said gpg. you can use it as ssh keys and sign your commits to make sure nothing nasty is added to a git repo under your name
-
techie 1 : hey, can you give me access to X?
techie 2 : the credentials should be in the password manager repository
t1 : oh, but I don't have access to the password manager
t2 : I see your key A1B2C3D4 listed in the recipients of the file
t1 : but I lost that key :(
t2 : okay, give me your new key then.
t1 : I have my personal key uploaded to my server
t1 : can you try fetching it?
t1 : it should work with web key directory ( WKD )
t2 : okay
t2 : no record according to https://keyserver.ubuntu.com
t1 : the keyserver is personal-domain.com
t1 : try this `gpg --no-default-keyring --keyring /tmp/gpg-$$ --auto-key-locate clear,wkd --locate-keys username@personal-domain.com`
t2 : that didn't work. apparently some problem with my dirmgr `Looking for drmgr ...` and it quit
t1 : do you have `dirmngr` installed?
t2 : I have it installed `dirmngr is already the newest version (2.2.27-2)`
t2 : `gpg: waiting for the dirmngr to come up ... (5)` . this is the problem. I guess
t1 : maybe your gpg agent is stuck between states.
t1 : I don't recall the command to restart the GPG agent, but restarting the agent should probably fix it.
t1 : `gpg-connect-agent reloadagent /bye`
source : https://superuser.com/a/1183544
t1 : *uploads ASCII-armored key file*
t1 : but please don't use this permanently; this is a temporary key
t2 : ok
t2 : *uploads signed password file*
t1 : thanks
t2 : cool
*5 minutes later*
t1 : hey, I have forgotten the password to the key I sent you :(
t2 : okay
...
t2 : fall back to SSH public key encryption?
t1 : is that even possible?
t2 : Stack Overflow says its possible
t1 : * does a web search too *
t1 : source?
t2 : https://superuser.com/questions/...
t2 : lets try it out
t1 : okay
t2 : is this your key? *sends link to gitlab.com/username.keys*
t1 : yes, please use the ED25519 key.
t1 : the second one is my old 4096-bit RSA key...
t1 : which I lost
...
t1 : wait, you can't use the ED25519 key
t2 : why not?
t1 : apparently, ED25519 key is not supported
t1 : I was trying out the steps from the answer and I hit this error :
`do_convert_to_pkcs8: unsupported key type ED25519`
t2 : :facepalm: now what
t1 : :shrug:
...
t1 : *uploads ASCII-armored key file*
t1 : I'm sure of the password for this key
t1 : I use it everyday
t2 : *uploads signed password file*
*1 minute later*
t1 : finally... I have decrypted the file and gotten the password.
t1 : now attempting to login
t1 : I'm in!
...
t2 : I think this should be in an XKCD joke
t2 : Two tech guys sharing password.
t1 : I know a better place for it - devRant.com
t1 : if you haven't been there before; don't go there now.
t1 : go on a Friday evening; by the time you get out of it, it'll be Monday.
t1 : and you'll thank me for a _weekend well spent_
t2 : hehe.. okay.8 -
My key ring :)
An old friend (remember the guy who had a miniature Red hat?), gave me an old RAM from a work machine (he worked in data center team).
We had many spare ones so, I picked one and been using it since then.
Photo in comments because dR is fucking up the resolution.5 -
DO NOT EXPORT GPG KEYS _TEMPORARILY_ AND ASSUME THAT THEY'LL BE IN THE ORIGINAL LOCATION AFTER EXPORT!
I learnt this lesson the hard way.
I had to use a GPG key from my personal keyring on a different machine ( that I control ). This was a temporary one-time operation so I thought I might be a smart-ass and do the decryption on the fly.
So, the idiotic me directly piped the output : `gpg --export-secret-key | scp ...`. Very cool ( at the time ). Everything worked as expected. I was happy. I went to bed.
In the morning, I had to use the same key on the original machine for the normal purpose I'd use it for and guess what greeted me? - *No secret key*
*me exclaims* : What the actual f**k?!
More than half a day of researching on the internet and various trials-and-errors ( I didn't even do any work for my employer ), I finally gave up trying to retrieve / recover the lost secret key that was never written to a file.
Well, to be fair, it was imported into a temporary keyring on the second machine, but that was deleted immediately after use. Because I *thought* that the original secret key was still in my original keyring.
More idiotic was the fact that I'd been completely ignorant of the option called `--list-secret-keys` even after using GPG for many years now. My test to confirm whether the key was still in place was `--list-keys` which even now lists the user ID. Alas, now without a secret key to do anything meaningful really.
Here I am, with my face in my hands, shaking my head and almost crying.5 -
Hey passwd, when I want my password to be short then I want it fucking short. Don't tell me that "f" is too weak and prevent the action. A mere warning would suffice. (And I now know that if run as root it doesn't check the password criteria. Still, the default is annoying.)
I needed a short password to workaround a weird frozen system issue on unlocking the keyring in the latest Ubuntu release. It would freeze completely while I was typing my password, and hence by making my password short, I was quicker than the freeze, and hence got a useable system again. -
So yesterday I installed Arch. Well, sort of. So far the GUI isn't configured so it's literally less convenient than an equally unconfigured TTY. But I'm getting there, today I connected to a secure Wi-Fi network. Tomorrow I expect to install something for power efficiency and start configuring stuff/creating a proper DE. Last time, when I stripped down Ubuntu and installed i3wm there, the first thing that bothered me was the lack of a wallpaper so I never got to issues like the keyring not unlocking, the x11 default font being two physical pixels tall, or added peripherals not being handled. This time my plan is to solve every issue as soon as I get there. For this reason I'll use a queue for managing my tasks rather than a stack like Google Keep.10
-
9000 internet cookie points to whoever figures out this shit:
I'm trying to import a secret gpg key into my keyring.
If I run "gpg2 --import secring.gpg" and manually type each possible password that I can think of, the import fails. So far, nothing unusual.
HOWEVER
If I type the same passwords into a file and run:
echo pwfile.txt | gpg2 --batch --import secring.gpg
IT ACTUALLY FUCKING WORKS
What the fuck??? How can it be that whenever I type the pw manually it fails, but when I import it from a file it works??
And no, it's not typos: I could type those passwords blindfolded from muscle memory alone, and still get them right 99% of the time. And I'm definitely not blindfolded right now.
BUT WAIT, THERE'S MORE!!
Suppose my pwfile.txt looks something like this:
password1
password2
password3
password4
password5
password6
Now, I'm trying to narrow it down and figure out which one is the right password, so I'm gonna split the file in two parts and see which one succeds. Easy, right?
$ cat pw1.txt
password1
password2
password3
$ cat pw2.txt
password4
password5
password6
$ echo pw1.txt | gpg2 --batch --import secring.gpg
gpg: key 149C7ED3: secret key imported
$ gpg2 --delete-secret-key "149C7ED3"
[confirm deletion]
$ echo pw2.txt | gpg2 --batch --import secring.gpg
gpg: key 149C7ED3: secret key imported
In other words, both files successfully managed to import the secret key, but there are no passwords in common between the two!!
Am I going retarded, or is there something really wrong here? WTF!4
Top Tags
Weekly Rant
View