[pass] Possible improvements
Matthieu Weber
mweber at free.fr
Tue Jan 26 16:59:40 CET 2016
On Tue 26.01.2016 at 03:45:33PM +0100, Lucas Hoffmann wrote:
> Quoting Dashamir Hoxha (2016-01-23 15:03:31)
> > Why do you use asymmetric encryption (public/private keys).
> > I think that symmetric encrypion is easier, stronger, and simpler
> > (you don't need to generate and maintain a key, all you need is
> > a passphrase). It can be done with `gpg -c ...`.
>
> I have two question/concerns about the use of symmetric encryption. I
> assume that I store one password (or one secret) under each name in
> pass. GPG symmetric encryption needs a passphrase for each
> symmetrically encrypted file.
When you use GPG with asymmetric encryption (i.e., the normal way), it
does that already:
- each file is encrypted with a unique symmetric key (because it is
faster to compute than asymmetric cryptography),
- the symmetric key is encrypted with your public key and placed into
the same file,
- your secret key then acts as a master key that can decrypt any of
the files,
- your secret key is protected by a passphrase, which is the master
passphrase for your password manager.
So symmetric encryption is actally used, and the problem of managing the
symmetric keys is already solved. What is there not to like about the
way pass works by default?
Matthieu
--
(~._.~) Matthieu Weber - mweber at free.fr (~._.~)
( ? ) http://weber.fi.eu.org/ ( ? )
()- -() public key id : 0x85CB340EFCD5E0B3 ()- -()
(_)-(_) "Humor ist, wenn man trotzdem lacht (Otto J. Bierbaum)" (_)-(_)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20160126/f1dfe4d9/attachment.asc>
More information about the Password-Store
mailing list