[pass] pass init does not respect capabilities and does not allow to pick subkeys

Jason A. Donenfeld Jason at zx2c4.com
Wed Jan 28 21:00:43 CET 2015


Would somebody write a unit test for this?

On Mon, Jan 12, 2015 at 10:54 PM, Filippo Valsorda <hi at filippo.io> wrote:
> Hello!
>
>
> Here is my key
>
> pub  rsa2048/0xC5C92C16AB6572C2
>      created: 2014-09-17  expires: never       usage: SC
>      trust: ultimate      validity: ultimate
> sub  rsa2048/0x79918B5E60781FEF
>      created: 2014-09-17  expires: never       usage: E
> sub  rsa2048/0xA3215B8DC1CD13C7
>      created: 2014-12-17  expires: never       usage: A
>
> And I gave the following command
>
> pass init C5C92C16AB6572C2 [REDACTED]
>
> To this followed a series of
>
> ...: reencrypting to [REDACTED] 79918B5E60781FEF A3215B8DC1CD13C7
>
> The A3215B8DC1CD13C7 key should not be used to encrypt, since it's an
> authentication key. Also, I think pass should use a single subkey in all
> cases, like gpg does by default.
>
> ---
>
> Moreover, even specifying the right subkey manually like
>
> pass init 79918B5E60781FEF
>
> pass init will reencypt to A3215B8DC1CD13C7, too.
>
>
> Best,
> Filippo
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> http://lists.zx2c4.com/mailman/listinfo/password-store


More information about the Password-Store mailing list