[PATCH] Fix for some flaws when using a key with multiple subkeys
Carl Michael Skog
cmskog at gmail.com
Mon Nov 4 17:08:28 CET 2019
And of the rest of the patches also....
Den mån 4 nov. 2019 kl 17:06 skrev Carl Michael Skog <cmskog at gmail.com>:
> When encrypting with a gpg key that has multiple encryption subkeys ONLY
> the newest encryption subkey is used when encrypting.
> This leads to potential problems in pass when using such a key.
>
> Consider this scenario:
> Let's say we are using a key K with encryption subkey A.
> We set up two password stores(S1 and S2) plus a git repository(G) with
> this key.
> All fine so far.
> Let's say now that S1 adds a encryption subkey(B) to K.
> S2 is still unchanged.
> S1 then adds a new password P, and pushes this to G, which S2 then pulls.
> When S2 tries to read password P it will get an error message from gpg:
> "gpg: decryption failed: No secret key".
> Even more dangerous: if S1 after adding the key does a "pass init" with K,
> S2 will not be able to read a single password, if it pulls this change.
>
> Patch 1,2,3 is just some tests exposing the problem.
> The actual fix is in patch 4.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20191104/b5b69ac5/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-Test-for-multisubkey-group-reinit.patch
Type: text/x-diff
Size: 1611 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20191104/b5b69ac5/attachment-0003.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0003-Add-a-test-for-init-ing-with-multiple-subkey-key.patch
Type: text/x-diff
Size: 15237 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20191104/b5b69ac5/attachment-0004.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0004-Fixes-for-having-keys-with-multiple-subkeys.patch
Type: text/x-diff
Size: 6035 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20191104/b5b69ac5/attachment-0005.patch>
More information about the Password-Store
mailing list