trutlze said:
security/kpcli seems to be an advantage if you are using or want to use
security/keepassx.
IMHO you rejected it wrongly.
http://keepass.info/ project is a very popular one and ported practically on any platform.
It use single file database encrypted by industry's standard AES algorithm.
DD pointed you out to the one of popular console version, but the same encrypted database file can be used practically everywhere. I remember I used it even on my old Nokia 6260 via java applet.
On Windows there's exist two versions of KeePass (I personally prefer 1.x since it doesn't use monstrous .NET)
For a Unix based desktop you already found one
security/keepassx.
For iPhone users it is "
MyKeePass" from itunes store.
For Android based devices it is "
KeePassDroid" form Google's play store.
The KeePass encrypted database it is well organized tree, may contain attached files and GUI interfaces have a lot of useful features bisides of just keeping passwords.
Back to the console version
security/kpcli of KeePass, - it's pretty hard to find a Unix machine that doesn't has Perl installed and it works the same everywhere on any hostings. So if you want to manage single, portable across platforms encrypted database, I think it is the only one popular project that actively supported on all platforms.
But if you still want to keep it as much simple as possible and don't care about portability, then simply create a memory file with
mdconfig() , init it as
geli(), format and use it in the same way as
truecrypt
I have scripts to automate it, but it heavily customized for our workflow, where idea is
Code:
# Init
CryptoFile='/path/to/encrypted/File'
dd if=/dev/random of="${CryptoFile}" bs=1M count=${CryptoDiskSizeMB};
mdDev=$(mdconfig -a -t vnode -f "${CryptoFile}" -s "${CryptoDiskSize}" -o reserve )
geli init -s 4096 -l ${keylen} -K "${KeyFile}" "/dev/${mdDev}";
newfs -L cryptogeli -U -O2 "/dev/${mdDev}.eli";
And using:
Code:
# open encrypted disk
mdconfig -a -t vnode -f "${DiskFile}";
geli attach -k "${KeyFile}" /dev/${mdDev};
mount /dev/${mdDev}.eli /mnt/crypto/${mdDev}/secret;
...
# working on an encrypted disk
...
# close encrypted disk
umount /mnt/crypto/${mdDev}/secret
mdconfig -d -u ${mdUnit}