[pass] Allow multiple GPG keys

Daniel Motles seltom.dan at gmail.com
Thu Feb 13 22:34:13 CET 2014

I find the GPG groups mechanism slightly cumbersome, especially if you
want to add a new key to the group. It seems non intuitive.
Documentation on the project website with how to use GPG groups to
manage multiple keys would be great. Alternatively, a mechanism in
pass to set this up for you (or maybe even a separate
command/program!) would be nice.

The reason I am critiquing this is my anecdotal experience with trying
to set this up myself. I was using git to sync my password-store
across devices and I exported the public keys of all the devices to
each other device. I also added the group config to each one. Yet it
happened that some devices were not able to decrypt passwords created
by others. I don't know why as the configuration was identical on
each. :(

I haven't gone back to figure out what was wrong due to lack of time.
Now I just sync a key pair on my local network using gpg --export |
ssh 'gpg --import' type commands. This works phenomenally but is
generally frowned upon security wise to export the private key, and I
might run into issues later if I want to change the key.


On Tue, Feb 11, 2014 at 6:53 PM, Matthew Cengia <mattcen at gmail.com> wrote:
> On 2014-02-11 15:28, Brian Shore wrote:
> [...]
>> Hi,
>> I can already do this by defining a group in gpg.conf, e.g.
>>     group pass=0x12345678 0x23456789 ...
>> What is gained by adding this functionality directly to pass?
> Uh. Nothing. I think I read about the gpg.conf group directive long ago
> but had forgotten about it.
> You're absolutely right, gpg.conf is almost certainly the correct place
> to specify this.
> --
> Regards,
> Matthew Cengia
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> http://lists.zx2c4.com/mailman/listinfo/password-store

More information about the Password-Store mailing list