Password safe and GnuPG on Ubuntu 14.04

Once again here is how to verify and install Password safe. This is an update of an earlier post. Considering this software is guarding some of your most important secrets I see it worthwhile to verify the GnuPG signature. OS this time is Ubuntu 14.04 Trusty Tahr (Linux Mint 17.2 Rafaela).

Password safe

To verify the signature we need GnuPG.

  1. install gnupg

    $ sudo apt-get install gnupg

  2. import project administrator’s signing key (RSA)
    i. We’re going to import Rony Shapiro’s Password Safe Signing key. Go to https://pwsafe.org/contact.php click the link for “this public key”.
    ii. Save the page it gives you as pwsafe.key and strip out the HTML tags.
    iii. import the key

    $ gpg –import pwsafe.key
    gpg: key 5CCF8BB3: public key “Rony Shapiro (PasswordSafe Signing Key) <[email protected]>” imported
    gpg: Total number processed: 1
    gpg: imported: 1 (RSA: 1)
    gpg: no ultimately trusted keys found

    iiii. verify the key fingerprint against what is listed at the bottom of https://pwsafe.org/contact.php

    $ gpg –fingerprint
    /home/mrdesk/.gnupg/pubring.gpg
    ——————————-
    pub 2048R/5CCF8BB3 2011-02-10
    Key fingerprint = A703 C132 8EAB C7B2 0175 3BA3 9194 6451 5CCF 8BB3
    uid Rony Shapiro (PasswordSafe Signing Key) <[email protected]>
    sub 2048R/04B638E7 2011-02-10

  3. Download the package
    i. SourceForge (bleh) is the only place the .deb package is available. https://sourceforge.net/projects/passwordsafe/files/ Don’t be fooled, SourceForge lists 0.94BETA as the newest release, actually 0.97BETA is the newest as of the time of writing this article. In my case, passwordsafe-ubuntu-0.97BETA.amd64.deb. There are also .debs specific to debian, RPMs and source packages available.
    ii. Download the pakage signature. In my case, passwordsafe-ubuntu-0.97BETA.amd64.deb.sig
  4. Verify the Password Safe .deb package
    You need to have the .deb and the .sig file in the same directory.

    $ gpg –verify passwordsafe-ubuntu-0.97BETA.amd64.deb.sig gpg: Signature made Fri 09 Oct 2015 05:21:50 AM EDT using RSA key ID 5CCF8BB3
    gpg: Good signature from “Rony Shapiro (PasswordSafe Signing Key) <[email protected]>”
    gpg: WARNING: This key is not certified with a trusted signature!
    gpg: There is no indication that the signature belongs to the owner.
    Primary key fingerprint: A703 C132 8EAB C7B2 0175 3BA3 9194 6451 5CCF 8BB3

    Notice the fingerprint matches the one we verified earlier listed on http://pwsafe.org/contact.shtml — ok good!

  5. Go ahead and install

    $ sudo dpkg -i passwordsafe-ubuntu-0.97BETA.amd64.deb

  6. It will complain about dependencies for libwxgtk3.0-0, libxerces-c3.1, and libykpers-1-1. So, install your dependencies

    $ sudo apt-get -f install

Done! To verify your .deb has been installed:

$ dpkg –get-selections | grep passwordsafe
passwordsafe install

You can launch the password safe gui either by

$ pwsafe &

or by finding ‘Password Safe’ it in your launcher menu.