[pass] Signing individual pass files
Jason A. Donenfeld
Jason at zx2c4.com
Sun Sep 21 19:25:35 CEST 2014
On Fri, Jul 25, 2014 at 11:37 AM, Jan Rusnacko <jrusnack at redhat.com> wrote:
>
> * this seems to be enabled globally in git config, so what about users who
> do not wish to sign their work (e.g. don`t have personal GPG key), but do
> what password files signed ?
>
>From the man page:
If the git config key pass.signcommits is set to true, then all commits
> will be signed using *user.signingkey* or the default git signing key.
> This config key may be turned on using: `pass git config --bool --add
> pass.signcommits true`
> * if it exists, is the git signature checked (automatically) before the
> password is retrieved ? I believe not.
>
You can verify the git repo any time you like using the ordinary git
commands. Consult the git documentation for best practices and ways of
hooking this.
>
> --
> Jan Rusnacko, Red Hat Product Security
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20140921/fec47cf1/attachment.html>
More information about the Password-Store
mailing list