Basics: Password Storage in an encrypted File

The below should work on Linux of all flavors and on MacOS. It could also work on Windows with the Ubuntu Linux subsystem.

First create a text file to store your passwords in. Let's call it myfile.txt (you want to give it an inconspicous name). Enter some passwords (or just some sample text). Next, we are going to encrypt the file using openssl. In a terminal, enter the following 


		$ openssl enc -aes-256-cbc -salt -in myfile.txt -out myfile.txt.enc
It will prompt you twice for a password. Make sure to pick a strong password that you can remember (see here for some guidance). You now have an encrypted file and you should delete the unencrypted text file.

For decrypting, use 


		$ openssl enc -aes-256-cbc -d -in myfile.txt.enc -out myfile.txt
You'll of course be prompted for your password. In the above, we've used the aes-256-cbc cypher, which is a symmetric encryption cypher used by the US government for top secret information. The -salt option in the encryption command is important, because it strengthens the encryption when the key is derived from a password (as in our case).

Don't forget to securely delete your plain text password file whenever you are done using it. Just deleting the file usually will keep information recoverable. On Linux/MacOS, you can use shred (or gshred on some systems) to overwrite a file with random information. You can then just delete it with rm.