ccrypt - Secure Password Management From The Linux Command Line





The interactive transcript could not be loaded.



Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Oct 18, 2010


Passwords! - It seems like every web site or service requires you to have a password, and if your being diligent and creating a unique password for each site, then sooner or later you are going to require a process for securely managing all your account details.

In today's screencast, I am going to demonstrate the approach I take, which I hope you'll find useful. There a several programs available, allowing you to manage your passwords using a nice graphical user interface, but I wanted a command line solution, as ultimately I want to store my master password file on a Linux server, so I can access it from any computer over SSH.

Here I have my master password file, which is just a plain text file. If I open the file in a text editor you can see how I structure it's contents. Basically I have three columns, the first being the web site or service, the second being the username used, the final column is the password for that account. You can see I have two YouTube accounts in here, and it doesn't matter that these are not stored together in the file, just append new account details to end as you create them. The reason will become apparent when I show you how to lookup a password.

OK, now we have our master password file, we need to encrypt it, so that if our computer is stolen or lost, our account details won't fall into the wrong hands. I use the ccrypt command line utility, which uses the very strong Rijndael encryption algorithm. This utility should be available in most Linux distributions, but if it isn't there are pre-compiled binaries available from the web site. I'll put a link to this site in the show notes. (http://http://ccrypt.sourceforge.net/ )

One you have ccrypt installed, use the ccencrypt command, with a space, followed by the filename you want to encrypt. You will be prompted to enter an encryption key, which will become the master pass phrase to access the file in future. The longer the pass phrase you use the better the security will be. After entering your chosen pass phrase, you will be prompted to enter it again, so the software can verify you entered it correctly.

After the file has been encrypted, the software appends dot cpt to the end of your filename, as a visual reminder that the file is in fact encrypted. If I open this file in a text editor, you can see that the contents are totally unreadable.

Let's assume I have forgotten either a username or password used for a given site. I can use the ccat command, which will decrypt the file supplied and output the contents to the screen. You will have to enter your master pass phrase before ccat will decrypt the file.

However, if your master password file contains hundreds of passwords, then you can use grep to search for a particular web site or service. So lets try searching for my YouTube passwords, by appending the pipe character, followed by grep and the word YouTube to the previous command. There you go, grep has filtered out just the entries I am interested in. I think you'll agree that makes looking up passwords much easier.

But being lazy that's still too much to type, so I have assigned the command sequence to an alias on the letter p, so all I need to type to lookup a password is p followed by my search criteria, for example twitter. I still get prompted for the master pass phrase, but the output just gives me the information I need.

Finally, if you need to add new account details to you your passwords file, then you must decrypt the contents back to a plain text file, so that you can edit it within your chosen editor. To do this use the ccdecrypt command, passing in the file name and supplying the master pass phrase, what you end up with is the original plain text file.


When autoplay is enabled, a suggested video will automatically play next.

Up next

to add this to Watch Later

Add to

Loading playlists...