Securely Storing Contacts Within Password Managers

Posted on August 2nd, 2020

My contacts are extremely important to me. My clients trust me with personal cell numbers, private email addresses, and the the locations of their homes which are not associated with their true names. My contacts are almost as sensitive as my passwords. Because of this, I go to great lengths protecting them. I recently discussed this on my show HERE, then provided a quick update HERE, and finally an embarrassing correction HERE. There are many scenarios which I now never allow, such as the following.

I do not store them within my phone’s stock contacts app because it is often prone to abuse by apps and synchronizes content to Apple or Google by default.

I do not store them within services such as Apple, Google, or Fastmail because they could be abused by a rogue employee or a data breach.

I no longer store them in ProtonMail because the name and email fields cannot be encrypted (but the phone/address/etc are encrypted, visible only to me).

I no longer want my contacts anywhere online, much like I never store my passwords online. While there are great options, such a ProtonMail, there are still weaknesses which must be monitored. I have decided that all of my contacts will ONLY be stored offline. This presents a dilemma since I need my contacts with me at home (laptop and iPod Touch), and on the road (iPhone). I have decided to use a password manager for my contacts, which securely stores any sensitive content. The following is the solution which works well for me.

EXPORT

I have hundreds of contacts, even after pruning people with which I no longer communicate. Manual entry is out of the question. Since I had everything in ProtonMail, I used their export feature to create a VCF file. A typical entry looked like this:

BEGIN:VCARD
VERSION:4.0
TEL;PREF=1;TYPE=voice:(202) 555-1212
TEL;PREF=2;TYPE=voice:303-555-1212
ADR;TYPE=x-adr:;;1234 Main;Houston;TX;77089;USA
ORG:Privacy Corp
NOTE:We met at Blackhat
UID:proton-web-28ae3095-21b6-483e-acbc-454853cb88a4
FN:John Doe
item1.EMAIL;TYPE=x-email:jdoe@protonmail.com
item1.X-PM-ENCRYPT:false
item1.X-PM-SIGN:false
END:VCARD

Note that I could have exported the same type of file via FastMail with a protocol of VCard 3.0 or higher. A typical CSV export would have been missing phone numbers if more than one entry for personal numbers was present. I always prefer VCF files over CSV.

Now that I have a single file with hundreds of contacts, I need to clean it up. I cannot import this file into my password manager (KeePassXC) unless I have one clean entry per line. I also need a single field with the full name of my contact, followed by the email field, followed by all of the remaining data. The full name cannot possess a comma, and the details after the email also cannot have a comma. This is because we need everything to import correctly, and KeePassXC sees a comma as a delimiter.

First, I want to rename the file (proton.vcf) to contacts.txt for easy viewing. Then, I want to remove the unnecessary lines with the following commands within Terminal on Linux or Mac (Windows users would need to install Sed). The following works on Mac, eliminate the two single quotes after -i on Linux and Windows.

sed -i '' '/^BEGIN/d' contacts.txt
sed -i '' '/^VERSION/d' contacts.txt
sed -i '' '/^UID\:/d' contacts.txt
sed -i '' '/^item1\.X/d' contacts.txt
sed -i '' '/^END\:/d' contacts.txt

I now have entries such as below.

TEL;PREF=1;TYPE=voice:(202) 555-1212
TEL;PREF=2;TYPE=voice:303-555-1212
ADR;TYPE=x-adr:;;1234 Main;Houston;TX;77089;USA
ORG:Privacy Corp
NOTE:We met at Blackhat
FN:John Doe
item1.EMAIL;TYPE=x-email:jdoe@protonmail.com

I want all of my telephone numbers to appear as ten digits without hyphens, periods, or parentheses. This is because some dialers need a pure number. The following cleans this up, and I ran each of these a few times.

sed -i '' 's/(\([0-9]*\)) \([0-9]*\)-\([0-9]*\)/\1\2\3/' contacts.txt
sed -i '' 's/(\([0-9]*\)) \([0-9]*\)\([0-9]*\)/\1\2\3/' contacts.txt
sed -i '' 's/\([0-9]*\)-\([0-9]*\)-\([0-9]*\)/\1\2\3/' contacts.txt
sed -i '' 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\1\2\3/' contacts.txt

My telephone numbers now appear much cleaner:

TEL;PREF=1;TYPE=voice:2025551212
TEL;PREF=2;TYPE=voice:3035551212

Next, I need to start moving entries from one line up to the entry on the previous line, and I want a colon as the delimiter on MOST, but a comma after the name. The following continues my cleanup using TextEdit on Mac to find and replace text. Most text editors should support this type of behavior. The commands can be seen in the query windows and the results are below within the text. This places all phone numbers on one line, colon delimited:

This removes the junk before the address:

This moves the ORG line up:

This moves the NOTE line up:

This moves the email line up and eliminates the junk:

I am close now, but I need to make everything on one line, with the name first, last name followed by first. the following is complex, but gets the job done:

I now have everything in order on one line, without junk, ready for import. My contact list appears as follows.

Doe: John,jdoe@protonmail.com,2025551212:3035551212:1234 Main:Houston:TX:77089:USA:Privacy Corp:We met at Blackhat
Doe: Mary,mdoe@protonmail.com,2025551212:3035551212:1234 Main:Houston:TX:77089:USA:Privacy Corp:We met at Blackhat
Doe: Kim,kdoe@protonmail.com,2025551212:3035551212:1234 Main:Houston:TX:77089:USA:Privacy Corp:We met at Blackhat
Doe: Joe,joedoe@protonmail.com,2025551212:3035551212:1234 Main:Houston:TX:77089:USA:Privacy Corp:We met at Blackhat
Doe: Mike,mikedoe@protonmail.com,2025551212:3035551212:1234 Main:Houston:TX:77089:USA:Privacy Corp:We met at Blackhat

Next, I can import this list into KeePassXC:

Rename contacts.txt to contacts.csv
KeePassXC > Database > Import > CSV File…
Label as “Contacts” > Continue > Continue
Enter Password > Continue
Save as “Contacts.kbdx”

When prompted, change the following fields:

My contacts are clean and sorted by last name:

An individual entry appears as follows:

I can now save this database and copy it to my mobile devices for use with Strongbox. I can copy/paste any numbers or email addresses from KeePassXC. It is offline an securely encrypted. My contacts are now protected, only visible to me, and no longer prone to online attacks. Overkill? Na…

Filed under Privacy, Security |

Search

Recent Posts