Using GPG as password manager

Question

I want to use GPG as a master password storage (encrypt and push to online storage). This would require encrypted file being able to be decrypted on multiple machines.

Two computers comp1 and comp2 with differing operating systems
Comp1 has a file, myfile.txt
This file will be stored encrypted on comp1
From my understanding, private key on comp1 will be used to encrypt myfile.txt

How are private keys stored with GPG. e.g. Best practices. If hd fails, private key is lost?
To decrypt on comp2, I could store private key on comp2 as well?
Any links to diagrams appreciated as I know the keys are also tied to emails and not sure how this fits in?

Esa Jokinen · Answer

With GPG the file is actually first encrypted using symmetric encryption, and the key used for that is then encrypted to every recipient using their public keys. Therefore, instead of transferring a single private key between the systems, it's possible to just encrypt the file with multiple recipients.

gpg --encrypt --recipient <comp1> --recipient <comp2> 
    --recipient <compN> passwords.txt

There are some caveats with this approach:

How any changes to your password database are synced between the systems. One would need to be able to act as a server, while the others might use e.g. rsync to syncronize the file. Password managers may provide service for this.
If any of the systems is compromised and the password file containing everything is decrypted, every password would be compromised. Software designed for password management have some solutions to minimize this risk e.g. by only decrypting one password at a time and trying to erase it from the memory as soon as possible.
As so many good solutions already exists, I wouldn't try and reinvent the wheel.

Using GPG as password manager

One Answer

Add your own answers!

Ask a Question