[pass] Signed .gpg-id file

Emil Lundberg lundberg.emil at gmail.com
Wed Aug 12 20:26:36 CEST 2015 

Just for clarity: You mean that each user, before creating new passwords,
would verify that there is a valid signature made by a trusted key in their
own keyring?

Seems like a sound idea to me. I'm not sure an interactive introduction
thing is necessary, though - you'll still need to re-sign the file whenever
it changes (which it legitimately might), and check its integrity all the
time anyway. Wouldn't it suffice to just tell the user and refuse to
continue? That would eliminate the special case while also reducing the
amount of metadata in the repository.

On Wed, 12 Aug 2015 20:05  <p0intless at mailbox.org> wrote:

> I propose that the .gpg-id file should be signed, otherwise in a shared
> environment somebody could simply add
> their key-id to the file and all the entries created after that would be
> readable for that person, without the
> knowledge of the creator.
>
> The key-id of the signer of any .gpg-id files must be in the .gpg-id file
> of the parent directory. If the parent
> directory has not got a .gpg-id file its parent or eventually the .gpg-id
> file of the root folder will be used.
>
> The key-ids in the .gpg-id file of the root folder are the highest in the
> trust chain, they are the admins of the
> repository. Every user of the repository signs the root .gpg-id file and
> therefore trusts the admins.
>
> When a users uses the repo for the first time (or the root .gpg-id file
> changes) they will be prompted the list
> of admins (email and key-id ideally). The user can than chose to trust the
> admins and sign .key-id file.
>
> This ensures that all th .gpg-id files are cryptographically protected. I
> think this is a lot better than simply
> write-protecting it on the file system level. This ensures securety when
> the repository is shared on a fileserver
> and also on a compromised machine.
>
> Aditionaly I think the .gpg-id file should contain the name, email and
> key-id (full length) of the keys.
>
> The .gpg-id file could also regulate who can create subdirectories and add
> users to these.
>
> I'd like to implement these changes, what do you think? Any Ideas or
> improvements?
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> http://lists.zx2c4.com/mailman/listinfo/password-store
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20150812/4f93196d/attachment.html>

More information about the Password-Store mailing list