[pass] Multi-user pass / group pass

Simon KP si at eskp.net
Fri Sep 21 02:47:57 CEST 2012


What happens if one person leaves the team and another enters with a new
key?

On Fri, Sep 21, 2012 at 10:46 AM, Lucas Arduini <st_luke at me.com> wrote:

> The Internet is freakin awesome
>
>
> On Sep 20, 2012, at 8:42 PM, "Jason A. Donenfeld" <Jason at zx2c4.com> wrote:
>
> > Hey Luke & Roman,
> >
> > I saw your twitter conversation about pass -- namely that it doesn't
> > support multiple users. Interestingly enough, just yesterday someone
> > emailed the pass mailing list about this (both copied), and I replied
> > that although it doesn't support it, it'd be trivial to add. Then,
> > thirty seconds later, I realized that due to a super nice GPG feature,
> > pass does in fact already support this. Check it out:
> >
> > Fundamentally, pass comes down to this gpg command:
> >
> > gpg -r "Some user provided id" -e -o "output file name"
> >
> > gpg can support multiple recipients by adding more -r commands -- this
> > is the trivial change I was talking about. But it can also do
> > something much better and more robust. GPG has a notion of "groups",
> > where you can assign one recipient ID to multiple recipients. So, this
> > command:
> >
> > gpg -r "team" -e -o "output file name"
> >
> > winds up expanding to all of the individuals on the team, encrypting
> > each password efficiently and securely with each of their public keys,
> > allowing any one of their private keys to decipher it.
> >
> >
> > But nevermind all these technical details. How does it work in
> > practice? Super simple:
> >
> > You set up a GPG group using "gpg --group". This simply adds a line to
> > ~/.gnupg/gpg.conf that looks like "group team = paige 0x12345678 joe
> > patti".
> >
> > Then, you init pass using "team" instead of your key:
> >
> > pass init team
> >
> > Simple as that. From now on, passwords will be encrypted using multiple
> keys.
> >
> >
> > Hope this helps. Let me know if you have any questions, and please
> > don't hesitate to join the pass mailing list:
> > http://lists.zx2c4.com/listinfo.cgi/password-store-zx2c4.com
> >
> > Jason
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> http://lists.zx2c4.com/listinfo.cgi/password-store-zx2c4.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20120921/ce98578e/attachment.html>


More information about the Password-Store mailing list