[pass] Wrong key used for encryption (only pubkey available, no private key)

Justin Steven justin at justinsteven.com
Tue Nov 15 00:06:44 CET 2016

On Mon, Nov 14, 2016 at 12:30:48PM +0100, Martin Weis wrote:
> However, it should never happen that a file is encrypted only with
> public keys, at least one of the keys should have a private part.
> Otherwise the encryption may be fine, but you yourself cannot decrypt ;)

The issue that you had aside, I disagree. It should be possible to encrypt
passwords to a key that you do not currently have the private part for.

For example, I keep my private key on a smartcard that is not always attached
to my machine. It is handy being able to add or generate passwords without
needing my private key available, or in situations where I do not want to be
able to decrypt the password again until I have explicitly reattached my

I'm sure there are other use cases in which this is useful. It should not be a
condition of password encryption that the private key be available.


More information about the Password-Store mailing list