[pass] pass init does not respect capabilities and does not allow to pick subkeys

Filippo Valsorda hi at filippo.io
Mon Jan 12 22:54:36 CET 2015


Hello!


Here is my key

pub  rsa2048/0xC5C92C16AB6572C2
     created: 2014-09-17  expires: never       usage: SC
     trust: ultimate      validity: ultimate
sub  rsa2048/0x79918B5E60781FEF
     created: 2014-09-17  expires: never       usage: E
sub  rsa2048/0xA3215B8DC1CD13C7
     created: 2014-12-17  expires: never       usage: A

And I gave the following command

pass init C5C92C16AB6572C2 [REDACTED]

To this followed a series of

...: reencrypting to [REDACTED] 79918B5E60781FEF A3215B8DC1CD13C7

The A3215B8DC1CD13C7 key should not be used to encrypt, since it's an
authentication key. Also, I think pass should use a single subkey in all
cases, like gpg does by default.

---

Moreover, even specifying the right subkey manually like

pass init 79918B5E60781FEF

pass init will reencypt to A3215B8DC1CD13C7, too.


Best,
Filippo


More information about the Password-Store mailing list