[pass] Key rotation

commentsabout at riseup.net commentsabout at riseup.net
Mon Dec 14 01:22:41 CET 2015 

Hello,

On 2015-12-06 23:34, Lucas Hoffmann wrote:
> The man page says you should use "pass init [-p subfolder] newid".  Or
> do you need some info that is not in the man page?

On 2015-12-07 12:22, Martijn van Dijk wrote:
> I just did this, you can run pass init <key ID 1> <key ID 2> and it 
> will
> re-encrypt all the stored passwords with both key 1 and 2. You can
> probably use this to remove the old key too.

My bad, I should have RTFM more carefully (I only greped "rotation"). 
That's exactly what I was looking for.

Thank you.

On 2015-12-06 23:37, Emil Lundberg wrote:
> I'd like to provide a friendly reminder that if you do that, make sure 
> to
> also (securely) delete all copies of your password store encrypted with 
> the
> old key(s) as they can still be decrypted with the old key(s). This
> includes old commits if you use git to version your repository, as well 
> as
> any backups you may have.
> 
> I'm not saying rotating keys is a bad idea, just that this is something 
> you
> need to keep in mind if you do.

Of course.

On 2015-12-07 08:32, Mike Charlton wrote:
> On 7 December 2015 at 08:37, Emil Lundberg <lundberg.emil at gmail.com> 
> wrote:
>> I'm not saying rotating keys is a bad idea, just that this is 
>> something
>> you need to keep in mind if you do.
> 
> I'm not sure  why it would be considered a good idea.  Unless I'm 
> missing
> something the reason for rotating your password is to ensure that if
> someone has gotten access to it somehow, they have limited time to make 
> use
> of it.   Since your old key is still active, that argument doesn't 
> apply.
> It just makes key management more difficult.  Unless you export 
> everything
> out and re-encrypt it, I would say that rotating keys *is* a bad idea.

Because at some point, you might want/need to change key: because you 
believe it could have been compromised (and therefore want to re-encrypt 
your password-store and get rid of the version encrypted with the 
potentially compromised key asap) ; because you want to use stronger 
crypto (generate a new – longer – key, switch to ECC,...), … There are 
tens of reasons I can think of that would require key rotation.

More information about the Password-Store mailing list