[pass] A web view/integration
Alexandre PUJOL
list at pujol.io
Mon Feb 8 10:50:01 CET 2016
>
> Currently some coders at IJhack are looking into a different backend (as
> opposed to git + local filesystem) that allows for rate-limiting and a
> paper trail of who accessed which passwords and when, this would make
> pass a viable alternative to enterprises that need stuff like that.
This is very interesting. Do you have more information about that?
On 08/02/16 10:37, GOYOT Martin wrote:
> Yeah, that was exactly my point. I know that LastPass does the same too.
> You have a utility installed on your computer and the web plugin is just
> calling it.
>
> Thanks for the information
>
> On Mon, Feb 8, 2016 at 10:34 AM <the_jinx at etv.cx
> <mailto:the_jinx at etv.cx>> wrote:
>
> Hi,
>
> Most applications like 1Password use a local tool with a helper in the
> browser.
> Pass an do the same on Firefox with the passff plugin
> https://github.com/jvenant/passff
>
> Having your GPG passphrase exposed to a hostile environment (browser) is
> never a good idea, in principle all (other) browser plugins might be
> able to intercept your key and passphrase.
>
> Currently some coders at IJhack are looking into a different backend (as
> opposed to git + local filesystem) that allows for rate-limiting and a
> paper trail of who accessed which passwords and when, this would make
> pass a viable alternative to enterprises that need stuff like that.
>
> I am looking into making a browser plugin for chrome like passff but
> it's still in extremely early stages.
>
> Greetings,
> Anne Jan
>
> On 2016-02-08 10:04, GOYOT Martin wrote:
> > Hello Alexandre,
> >
> > Thanks for the tip, I decided to use the android app.
> >
> > This said I would love you to explain me why this would be a bad idea.
> > This could work exactly like what LastPass is doing for instance.
> >
> > Regards,
> > -- Martin
> >
> > On Mon, Feb 8, 2016 at 10:00 AM Alexandre PUJOL <list at pujol.io
> <mailto:list at pujol.io>> wrote:
> >
> >> Using git, you can use any git sever and git web app (like cgit) as
> >> a
> >> pass web viewer. Then, the git server will allow you to sync your
> >> passwords between you device, and thus use the good pass client for
> >> your
> >> device (pass, pass-ios, Android-Password-Store...)
> >>
> >> However the git web app only output the tree of the password
> >> directory.
> >> The content itself stay encrypted. Do NOT try to create a tool in
> >> order
> >> to decrypt and output it in a web browser. As said Dashamir Hoxha
> >> it
> >> would not be a good idea at all.
> >> Because you must NOT:
> >> - Use any server to decrypt your password.
> >> - Use JavaScript to decrypt the password directly in a web browser.
> >>
> >> This is why there is not pass web app, all the pass server you
> >> would
> >> ever need already exist it is a git server.
> >>
> >> Regards,
> >> Alex
> >>
> >> On 07/02/16 20:57, GOYOT Martin wrote:
> >>> Oh I didn't know of keybase. Looks like a really interesting
> >> project!
> >>>
> >>> Also I don't know if Kenny Stier had the mailing list in copy
> >> when he
> >>> replied to me, but he pointed me to two mobile applications that
> >> can
> >>> deal with pass:
> >>>
> >>> https://github.com/zeapo/Android-Password-Store [1]
> >>> https://github.com/davidjb/pass-ios#readme [2]
> >>>
> >>> I decided to give the android app a try, and for my really small
> >> test
> >>> until now, looks good!
> >>>
> >>> On Sun, Feb 7, 2016 at 8:24 PM Santiago Borrazás
> >> <sanbor at gmail.com <mailto:sanbor at gmail.com>
> >>> <mailto:sanbor at gmail.com <mailto:sanbor at gmail.com>>> wrote:
> >>>
> >>> Also, maybe using the Keybase
> >>> filesystem
> >> https://keybase.io/introducing-the-keybase-filesystem [3]
> >>>
> >>> On Sun, Feb 7, 2016 at 10:22 AM, Dashamir Hoxha
> >>> <dashohoxha at gmail.com <mailto:dashohoxha at gmail.com>
> <mailto:dashohoxha at gmail.com <mailto:dashohoxha at gmail.com>>> wrote:
> >>>
> >>> In principle, you can use `git clone` or `rsync` to copy
> >>> ~/.password-store to a portable device (usb, phone,
> >> smartphone,
> >>> etc.). You can copy there the corresponding GPG key as
> >> well.
> >>> Then, on another computer, you can tell pass to use the
> >> data on
> >>> the portable device by setting environment variables like
> >> this:
> >>>
> >>> export PASSWORD_STORE_DIR="/dev/sdb1/.password-store"
> >>> export
> >> PASSWORD_STORE_GPG_OPTS="--homedir=/dev/sdb1/.gnupg"
> >>>
> >>> Or you can define an alias like this:
> >>>
> >>> alias
> >> pass="PASSWORD_STORE_DIR='/dev/sdb1/.password-store'
> >>> PASSWORD_STORE_GPG_OPTS='--homedir=/dev/sdb1/.gnupg'
> >> pass"
> >>>
> >>> I haven't tried this but it should work. Maybe somebody
> >> has
> >>> written any blog or tutorial about this, with more
> >> detailed
> >>> instructions.
> >>>
> >>> Sorry, I know nothing about any web interface to pass.
> >> And I
> >>> don't even think it would be a good idea.
> >>>
> >>> Regards,
> >>> Dashamir
> >>>
> >>> On Sun, Feb 7, 2016 at 6:11 PM, GOYOT Martin
> >> <martin at piwany.com <mailto:martin at piwany.com>
> >>> <mailto:martin at piwany.com <mailto:martin at piwany.com>>> wrote:
> >>>
> >>> Hello there,
> >>>
> >>> This is my first mail here, so if I'm doing anything
> >> wrong
> >>> please tell me. I just wanted to know if there was
> >> any web
> >>> app or mobile app that was able to deal with the pass
> >>> utility as a backend.
> >>>
> >>> I'm using pass since quite some time now, and I
> >> really love
> >>> it. But sometimes I need to access my passwords and
> >> sadly
> >>> I'm not on my own computer with pass installed, my
> >> gpg key
> >>> and so on. So I was wondering if something like a web
> >> or
> >>> mobile interface capable to answer this problematic
> >> already
> >>> exists.
> >>>
> >>> Regards,
> >>> -- Martin
> >>>
> >>> _______________________________________________
> >>> Password-Store mailing list
> >>> Password-Store at lists.zx2c4.com
> <mailto:Password-Store at lists.zx2c4.com>
> >>> <mailto:Password-Store at lists.zx2c4.com
> <mailto:Password-Store at lists.zx2c4.com>>
> >>>
> >> http://lists.zx2c4.com/mailman/listinfo/password-store [4]
> >>>
> >>>
> >>>
> >>> _______________________________________________
> >>> Password-Store mailing list
> >>> Password-Store at lists.zx2c4.com
> <mailto:Password-Store at lists.zx2c4.com>
> >>> <mailto:Password-Store at lists.zx2c4.com
> <mailto:Password-Store at lists.zx2c4.com>>
> >>> http://lists.zx2c4.com/mailman/listinfo/password-store
> >> [4]
> >>>
> >>>
> >>>
> >>>
> >>> _______________________________________________
> >>> Password-Store mailing list
> >>> Password-Store at lists.zx2c4.com
> <mailto:Password-Store at lists.zx2c4.com>
> >>> http://lists.zx2c4.com/mailman/listinfo/password-store [4]
> >>>
> >> _______________________________________________
> >> Password-Store mailing list
> >> Password-Store at lists.zx2c4.com
> <mailto:Password-Store at lists.zx2c4.com>
> >> http://lists.zx2c4.com/mailman/listinfo/password-store [4]
> >
> >
> > Links:
> > ------
> > [1] https://github.com/zeapo/Android-Password-Store
> > [2] https://github.com/davidjb/pass-ios#readme
> > [3] https://keybase.io/introducing-the-keybase-filesystem
> > [4] http://lists.zx2c4.com/mailman/listinfo/password-store
> >
> > _______________________________________________
> > Password-Store mailing list
> > Password-Store at lists.zx2c4.com <mailto:Password-Store at lists.zx2c4.com>
> > http://lists.zx2c4.com/mailman/listinfo/password-store
>
More information about the Password-Store
mailing list