[pass] Automated Key Import?

Jason A. Donenfeld Jason at zx2c4.com
Fri Apr 25 00:15:08 CEST 2014


Hey folks,

With 1.6 out the window, we can start moving onto 1.7. Any features folks
want?

One that people have asked about in the past is automating importing of
team/group keys. I had started on this in the import-keys branch, which
basically boils down to a one liner like:

$GPG "${keyserver[@]}" --recv-keys $(find "$PREFIX" -name .gpg-id -exec
grep -E -h "^(0x)?[0-9A-Fa-f]{8,}$" {} +)

This basically looks at all the .gpg-id files, and extracts keys that are
in hex format, and then passes them to --recv-keys. It's a bit silly, since
it doesn't then go and verify the trust of the keys it downloads. And of
course this doesn't work if the .gpg-id file has email addresses or full
names or other (more visibly useful) ways to specify keys. So in the end I
didn't pursue this branch further, because I couldn't find a decent way to
do this well, which would really warrant the addition of a new feature.

But if anyone has better ideas on the right way to do this, I'm all ears.
Probably I don't want to put the .gnupg directory inside the password store
itself, which is what I anticipate people will suggest (I guess unless some
really really super good arguments are given).

Jason
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20140425/aaa0af45/attachment-0001.html>


More information about the Password-Store mailing list