[pass] pass init does not respect capabilities and does not allow to pick subkeys
Filippo Valsorda
hi at filippo.io
Mon Jan 12 22:54:36 CET 2015
Hello!
Here is my key
pub rsa2048/0xC5C92C16AB6572C2
created: 2014-09-17 expires: never usage: SC
trust: ultimate validity: ultimate
sub rsa2048/0x79918B5E60781FEF
created: 2014-09-17 expires: never usage: E
sub rsa2048/0xA3215B8DC1CD13C7
created: 2014-12-17 expires: never usage: A
And I gave the following command
pass init C5C92C16AB6572C2 [REDACTED]
To this followed a series of
...: reencrypting to [REDACTED] 79918B5E60781FEF A3215B8DC1CD13C7
The A3215B8DC1CD13C7 key should not be used to encrypt, since it's an
authentication key. Also, I think pass should use a single subkey in all
cases, like gpg does by default.
---
Moreover, even specifying the right subkey manually like
pass init 79918B5E60781FEF
pass init will reencypt to A3215B8DC1CD13C7, too.
Best,
Filippo
More information about the Password-Store
mailing list