[pass] Signing individual pass files

Jason A. Donenfeld Jason at zx2c4.com
Thu Jul 24 19:28:23 CEST 2014


Actually, we don't use --sign for gpg, for signing. Instead we use git's
signing feature, which invokes gpg --sign internally to sign *commits*.
This way, the entire directory tree is signed, not just the contents of
files. This prevents tampering with the overall structure of the repo.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20140724/07042081/attachment.html>


More information about the Password-Store mailing list