[pass] Signing individual pass files

James Wald james.wald at gmail.com
Mon Jul 21 15:33:33 CEST 2014

Then you need to decide whether you should trust the decrypted output or
remove it from the password store. That should only happen if a user
revokes their public key (or becomes untrusted for some other reason) after
the password was originally imported.

On Mon, Jul 21, 2014 at 2:27 AM, Allan Odgaard <lists+pass at simplit.com>

> On 21 Jul 2014, at 12:28, James Wald wrote:
>  […] It would have to add the '--sign' option […] need to validate
>> signatures against trustdb.gpg. I
>> feel that gpg's signing is the right solution for this problem […]
> And the problem is that untrusted people can write to your password store?
> Using GPG signing would not be how I would solve such problem, and I
> wouldn’t consider it an acceptable solution. Say you need the password for
> foo at example.com and ‘pass’ reports that this password is not signed by a
> trusted user, so now what?
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> http://lists.zx2c4.com/mailman/listinfo/password-store

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20140721/62bf8c64/attachment.html>

More information about the Password-Store mailing list