This is IMO really out of scope. The only way to be sure the user doesn't have a usable copy of the passwords, is to change the passwords. GPG doesn't have any DRM mechanism that allows you to render something un-decryptable after a certain date, and even if it did, I wouldn't recommend trusting it - such things are far too easy to circumvent.<div><br></div><div>I am strongly opposed to the addition of any such feature to pass, because of the false sense of security it may provide to users who don't understand the risk.<br><div dir="auto"><br></div><div dir="auto">Cheers,</div><div dir="auto">Steve<br><br><div class="gmail_quote"><div dir="ltr">On Fri, 22 Feb 2019, 11:32 higuita, <<a href="mailto:higuita@gmx.net">higuita@gmx.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi<br>
<br>
Recently we got one user that left and, of course, we removed his key from the <br>
gpg-id and re-encrypted everything. We also removed his github account. <br>
All fine, future changes are safe... but nothing stops the user from having <br>
a copy of the store and gpg key and still accessing the keys.<br>
<br>
How to solve this problem, remove access from someone that left.<br>
<br>
Of course i'm not talking about a malicious user directly, those can dump <br>
everything as plain text, it's more protecting "personal" backups and copies <br>
stored in other places that we may not trust in a long run.<br>
<br>
One solution could be forcing that pass git update at least once each X days...<br>
but with git account closed that could help only if we kept his account <br>
enabled until there is a update<br>
<br>
Another solution could be require the access to the git account. If forbiden<br>
pass could block the access. This of course would be a option that one must<br>
enable and could not be disabled after.<br>
<br>
But either solution do not protect from using git to checkout previous commits<br>
and using gpg to access the old info to see if any of the passwords are still<br>
valid<br>
<br>
So a perfect solution would be lock the files time based.<br>
<br>
Maybe pass could generate a key that expires after x days and double encrypt<br>
everything using first the key with the expiration date and then the user key.<br>
A small deamon (or even a cron) could keep the expiration key valid by generating<br>
a new one and reencrypt. Users that still have access can do a git pull and<br>
get the updated info. Users that fail to update will be unable to decrypt the<br>
content after the key was expired.<br>
<br>
Pass could remove the expired key automatically if expired, to avoid the faketime <br>
loophole of timetravel back to when the key was still valid.<br>
<br>
So what would be the best solution to this? Expire all passwords requires a ton of<br>
work, it would be good if we had a alternative way to protect old pass <br>
commits from access. A time bomb inside pass, or even better, gpg would be perfect<br>
<br>
Best regards<br>
higuita<br>
<br>
-- <br>
Naturally the common people don't want war... but after all it is the<br>
leaders of a country who determine the policy, and it is always a <br>
simple matter to drag the people along, whether it is a democracy, or<br>
a fascist dictatorship, or a parliament, or a communist dictatorship.<br>
Voice or no voice, the people can always be brought to the bidding of<br>
the leaders. That is easy. All you have to do is tell them they are <br>
being attacked, and denounce the pacifists for lack of patriotism and<br>
exposing the country to danger. It works the same in every country.<br>
-- Hermann Goering, Nazi and war criminal, 1883-1946<br>
_______________________________________________<br>
Password-Store mailing list<br>
<a href="mailto:Password-Store@lists.zx2c4.com" target="_blank">Password-Store@lists.zx2c4.com</a><br>
<a href="https://lists.zx2c4.com/mailman/listinfo/password-store" rel="noreferrer" target="_blank">https://lists.zx2c4.com/mailman/listinfo/password-store</a><br>
</blockquote></div></div></div>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><p dir="ltr">Cheers,</p>
<p dir="ltr"><b>Steve Gilberd</b><br>
<span style="color:rgb(102,102,102)">Erayd LTD </span><span style="color:rgb(102,102,102)"><b>·</b></span><span style="color:rgb(102,102,102)"> Consultant</span><br>
<span style="color:rgb(102,102,102)"><i>Phone: +64 4 974-4229 </i></span><span style="color:rgb(102,102,102)"><i><b>·</b></i></span><span style="color:rgb(102,102,102)"><i> Mob: +64 27 565-3237</i></span><br>
<span style="color:rgb(102,102,102)"><i>PO Box 10019, The Terrace, Wellington 6143, NZ</i></span></p>
</div></div>