[pass] Password age report

[Kjetil Torgrim Homme]

Den 31. aug. 2016 17:48, Brian Candler skreiv:
> On 31/08/2016 16:43, Emile Cantin wrote:
>>
>> In light of the recent Dropbox leak, I wanted to know how old my
>> password was, and perhaps if I had any other old passwords that would
>> be due for a rotation. I don't think I can rely on the last
>> modification date on the files, as a fresh clone of my repo would have
>> today's date, even if the file was last modified in my repo in 2012. I
>> looked into how to do this with Git, but it's pretty
>> ungainly: http://serverfault.com/questions/401437/how-to-retrieve-the-last-modification-date-of-all-files-in-a-git-repository
>>
>> Keepass has an "expiration date" field which you can set when
>> generating a password, and it appears in a different color in the list
>> when expired.
>>
>> I think password age is a relevant metric for a password manager, but
>> pass doesn't currently offer any visibility into this.
>>
>> What do you think?
> This is (another) reason why it would be good if pass were to sign its
> GPG files. The signature includes a timestamp.

re-encrypting the files to a new set of keys will make a new signature.
you need to make the date part of the password file itself, or have pass
maintain some metadata in a separate file, e.g., "work/supplier.gpg"
could have a companion file "work/.meta.supplier.gpg", containing:

  created: 2015-03-02T14:25:02+0200
  updated: 2016-08-31T18:55:32+0200
  expire: never

the above syntax is valid YAML which can be useful if more complex
structures are wanted later.

it might be useful to allow encryption of the metadata to be optional.

-- 
Kjetil T. Homme
Redpill Linpro - Changing the game

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20160831/7f0952b8/attachment.asc>