[pass] Signing individual pass files

James Cameron quozl at laptop.org
Mon Jul 21 12:22:40 CEST 2014

On Mon, Jul 21, 2014 at 11:16:23AM +0200, René Neumann wrote:
> Am 21.07.2014 09:27, schrieb James Cameron:
> > On Sun, Jul 20, 2014 at 08:49:38PM -1000, James Wald wrote:
> >> After evaluating a dozen options I've decided to go with pass. I
> >> love the integration with git and the fact that I can rebase and
> >> merge across all of my machines. I have a question regarding gpg,
> >> passphrases, and signing. Please correct me if anything I describe
> >> is blatantly wrong, I'm still learning how to use pass and gpg
> >> effectively.
> >>
> >> I've created unique subkey pairs (encryption & signing) for each
> >> machine that I use. When I read passwords from pass, I am required
> >> to enter my subkey's passphrase. When inserting passwords, I found
> >> it somewhat surprising that I wasn't asked for my passphrase. It
> >> appears that additions to pass are not signed by default? I
> >> understand that anyone can encrypt data using my public key, so the
> >> passphrase wouldn't be required for unsigned files.
> > 
> > No, the inserts are signed using your public key
> Uh, isn't 'signed with a public key' completely useless? I mean, it
> makes sense to encrypt it with the public key, because this is what it'
> s for -- but for signing, you should need a private key. Else everybody
> could sign in your name.
> So, have you just confused signing with encryption? Or is this really
> happening.

Yep, I've totally confused signing with encryption.  The files are
encrypted, not signed.

James Cameron

More information about the Password-Store mailing list