<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jan 26, 2016 at 4:36 PM, Lucas Hoffmann <span dir="ltr"><<a href="mailto:l-m-h@web.de" target="_blank">l-m-h@web.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Quoting Dashamir Hoxha (2016-01-26 16:20:04)<br>
<span class="">> About point (2), is it the problem that you have to give the passphrase<br>
> each time that you want to show a password? I don't quite get it.<br>
<br>
</span>The problem is that the use of symmetric encryption forces the user to<br>
unlock every entry in the password-store separately. </blockquote><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
I think it is a popular use case to unlock your GPG key once and then<br>
rely on the gpg-agent to use it several times in a row (read some<br>
encrypted emails, sign some emails, retrieve stuff from pass). At least<br>
it is my use case. The email stuff obviously does not change, but the<br>
user might want to log into several sites on the web and therefore<br>
retrieve several secrets from pass in a reasonably short time. In this<br>
case she/he would have to type the passphrase for every new secret (even<br>
if it is the same every time).<br></blockquote><div><br></div><div>You are right. This is really an issue.</div><div>At some point I was thinking that gpg-agent was caching the symmetric</div><div>password as well. Then after restarting gpg-agent it didn't work anymore.</div><div>Maybe it is some option of gpg2 or gpg-agent that should be fixed.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
What would your setup and use case be for symmetric encrypted secrets in<br>
pass?<br>
</blockquote></div><br></div></div>