[pass] Signing individual pass files

René Neumann lists at necoro.eu
Mon Jul 21 11:16:23 CEST 2014


Am 21.07.2014 09:27, schrieb James Cameron:
> On Sun, Jul 20, 2014 at 08:49:38PM -1000, James Wald wrote:
>> After evaluating a dozen options I've decided to go with pass. I
>> love the integration with git and the fact that I can rebase and
>> merge across all of my machines. I have a question regarding gpg,
>> passphrases, and signing. Please correct me if anything I describe
>> is blatantly wrong, I'm still learning how to use pass and gpg
>> effectively.
>>
>> I've created unique subkey pairs (encryption & signing) for each
>> machine that I use. When I read passwords from pass, I am required
>> to enter my subkey's passphrase. When inserting passwords, I found
>> it somewhat surprising that I wasn't asked for my passphrase. It
>> appears that additions to pass are not signed by default? I
>> understand that anyone can encrypt data using my public key, so the
>> passphrase wouldn't be required for unsigned files.
> 
> No, the inserts are signed using your public key

Uh, isn't 'signed with a public key' completely useless? I mean, it
makes sense to encrypt it with the public key, because this is what it'
s for -- but for signing, you should need a private key. Else everybody
could sign in your name.

So, have you just confused signing with encryption? Or is this really
happening.

- René



More information about the Password-Store mailing list