Protect .gpg-id
Frank Grüllich
frank.gruellich at gmail.com
Thu Dec 8 08:55:16 CET 2016
On Wed, Dec 07, 2016 at 04:39:20PM +0000, Brian Candler wrote:
> On 07/12/2016 16:04, Frank Grüllich wrote:
> > But now to serious business. TL;DR: what prevents an attacker to
> > manually mess around with .gpg-id files to make people encrypt secrets
> > for private keys they own?
>
> However there is a variation of this problem which has bitten me recently: a
> person in the team overwrites .gpg-id with just their own key, then
> re-encrypts everything and commits back (*).
>
> (*) I think what happened was that he was missing the necessary public keys
> for the other members of the team, and so did 'pass init <hiskey>' as a way
> to "fix" the problem.
I see those two things only remotely related. One is an "attack"
(indeed a rather simple one), the other is the poor user interface of
"pass init" (and also quite easy to recover from, as you mentioned
already). Maybe somone should consider spliting "pass init" into "pass
addid", "pass delid" or "pass grant", "pass revoke", respectively. It
would make it a bit clearer what each does. Different story, though.
I'm still pondering about the original problem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 213 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20161208/40fdcbd5/attachment-0001.asc>
More information about the Password-Store
mailing list