[pass] Wrong key used for encryption (only pubkey available, no private key)

Jan Kowalsky jankow at datenkollektiv.net
Wed Nov 16 21:23:01 CET 2016

Hi all,

Am 15.11.2016 um 00:06 schrieb Justin Steven:
> On Mon, Nov 14, 2016 at 12:30:48PM +0100, Martin Weis wrote:
>> However, it should never happen that a file is encrypted only with
>> public keys, at least one of the keys should have a private part.
>> Otherwise the encryption may be fine, but you yourself cannot decrypt ;)
> The issue that you had aside, I disagree. It should be possible to encrypt
> passwords to a key that you do not currently have the private part for.
> For example, I keep my private key on a smartcard that is not always attached
> to my machine. It is handy being able to add or generate passwords without
> needing my private key available, or in situations where I do not want to be
> able to decrypt the password again until I have explicitly reattached my
> smartcard.
> I'm sure there are other use cases in which this is useful. It should not be a
> condition of password encryption that the private key be available.

I agree. One of the advantages off pass is the possibility to use it for
a shared password store. With a remote git repository it's the only
password store I know this works for colaborative usage. In this case
you need the public keys of all other users e.g. in an admin team.

It also make sense for private usage: I encrypt the important passwords
with a key which private part is stored on a gnupg card. But some other
passwords in other subdirs I want to use on other devices with other
keys (e.g. on a android device).


More information about the Password-Store mailing list