[pass] pass init does not respect capabilities and does not allow to pick subkeys
Jason A. Donenfeld
Jason at zx2c4.com
Wed Jan 28 21:00:43 CET 2015
Would somebody write a unit test for this?
On Mon, Jan 12, 2015 at 10:54 PM, Filippo Valsorda <hi at filippo.io> wrote:
> Hello!
>
>
> Here is my key
>
> pub rsa2048/0xC5C92C16AB6572C2
> created: 2014-09-17 expires: never usage: SC
> trust: ultimate validity: ultimate
> sub rsa2048/0x79918B5E60781FEF
> created: 2014-09-17 expires: never usage: E
> sub rsa2048/0xA3215B8DC1CD13C7
> created: 2014-12-17 expires: never usage: A
>
> And I gave the following command
>
> pass init C5C92C16AB6572C2 [REDACTED]
>
> To this followed a series of
>
> ...: reencrypting to [REDACTED] 79918B5E60781FEF A3215B8DC1CD13C7
>
> The A3215B8DC1CD13C7 key should not be used to encrypt, since it's an
> authentication key. Also, I think pass should use a single subkey in all
> cases, like gpg does by default.
>
> ---
>
> Moreover, even specifying the right subkey manually like
>
> pass init 79918B5E60781FEF
>
> pass init will reencypt to A3215B8DC1CD13C7, too.
>
>
> Best,
> Filippo
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> http://lists.zx2c4.com/mailman/listinfo/password-store
More information about the Password-Store
mailing list