The more that I work from the command line, the more of a nuisance I find it that all my passwords are in KeePassX - an excellent GUI application.

For some time I have intended moving to pwsafe, but am put off by the time it will take to migrate the data. An alternative is to export the KeePassX data into an encrypted text file and use the gnupg.vim Vim plugin to read and edit it. This post describes how to accomplish this in a very few steps.

I first ran KeePassX and deleted the backup group (as I did not wish to export all my previous generations of passwords). I then exported the contents to a text file named “passwords” (you could be more imaginative/secure if you wish!). Then I followed these instructions to create a GPG secured file:

$ gpg -c --cipher-algo AES256 passwords

And enter your secure passphrase twice. You should now have a new password file “passwords.gpg”. You can now remove the plain text version:

$ shred --remove passwords

In order to edit/view the new passwords.gpg file, we need the Vim gnupg.vim plugin, which is available in the debian vim-scripts package:

$ sudo apt-get install vim-scripts

Then edit /etc/vim/vimrc.local to add the following line:

set runtimepath+=/usr/share/vim-scripts/

This will import all of the vim-scripts plugins, which may not be what you want. Alternatively you could probably just copy or perhaps symlink the gnupg.vim plugin to your ~/.vim/plugin/ folder.

And that is it - now whenever you wish to view or edit your passwords you simply type:

$ vim passwords.gpg

This will prompt you for your password and open the file.

Initially I found this gave errors in relation to exuberant ctags, which I suspect is related to vim-scripts and not to gnupg.vim and is doubtless a feature of the way I have just pulled in all of the vim-scripts. One option (and what I did) is just to install exuberant-ctags as follows:

$ sudo apt-get install exuberant-ctags

Now I just have to format passwords.gpg into something a bit more structured, perhaps with Vim folding configured.

And if you are looking for a way to create passwords, the pwgen is one option - it offers a selection of fairly memorable passwords from which to choose.

$ sudo apt-get install pwgen

There are some concerns with this approach - anyone can read your passwords over your shoulder - if you work with others you might be better off with something like pwsafe. Also some users are concerned that the contents of the file might be written to memory, although I believe this is not the case, you should satisfy yourself as to the security of this approach, as I am certainly not qualified to advise you on this aspect.

KeePassX cannot be installed on Debian Etch, because of some dependency issues:

Version: 0.3.1-1
Depends: libc6 (>= 2.7-1), libgcc1 (>= 1:4.1.1-21), libqt4-core (>= 4.3.4), libqt4-gui (>= 4.3.4), libstdc++6 (>= 4.2.1-4), libx11-6, libxtst6

The Solution

The solution is to install from source. These instructions were borrowed from the following comment (thank you “John”):

• http://www.keepassx.org/howto/setup/inst_source_tar#comment-15355

Install recent version of qt4

I installed from lenny, which is not ideal. The above instructions do not say to do this, but I had already done it to resolve stability problems (see Install italc notes).

$ sudo apt-get install qt4-dev qt4-dev-tools qt4-designer

Install Source Repositories

You may need to add the lenny source repositories to /etc/apt/sources.list:

deb-src http://ftp.uk.debian.org/debian/ lenny main non-free contrib

Download Source

$ cd
$ mkdir keepassx
$ cd keepassx
$ apt-get source keepassx

Make

$ cd keepass*
$ qmake-qt4
Project MESSAGE: See 'INSTALL' for configuration options.
Project MESSAGE: Install Prefix: /usr
Project MESSAGE: *** Makefile successfully generated.
Project MESSAGE: *** Start make now.
$ make

If you downloaded the source from KeePassX itself, then you will probably need to cd into the src directory, delete the Makefile that was created and run qmake-qt4 again from there (ie: qmake-qt4; cd src; rm Makefile ; qmake-qt4 ; cd ..

Errors

If the above still gives an error about libXtst (and mind didn’t), you can either fix the source code, or simply:

$ sudo ln -s /usr/lib/libXtst.so.6 /usr/lib/libXtst.so
$ make

This section has not been tested by the author

Install

$ sudo make install

Test

You should see it installed under your Utilities menu, but you may need to log off/on for this to appear. Alternatively I usually find editing the menu and resaving has the same effect.

References

• KeePassX
  • Forum post detailing install method