Mac Version of pass not asking for gpg ID?

GOYOT Martin martin at piwany.com
Wed Nov 23 14:41:34 CET 2016


I don't know what you know about GPG, so I will just go through a basic
explaination:

Your GPG key is a password by itself. It is supposed to remain secret,
never share it. But as a mean of security when you create your GPG key, you
may provide a password to encrypt it.

* When you do the pass init, you tell pass which GPG key to use as a
password.
* When you do a pass insert something, pass asks you twice the password you
want to insert into the storage to be sure you do not make a mistake when
typing it. This password you inserted is then encrypted using your GPG key.
    * If this GPG key is itself encrypted, you gpg agent will prompt you
for a password to unencrypt the gpg key in order to use it as a password
    * If this GPG key is not encrypted, then gpg will directly use it as
the password

In my understanding you are in the case with an unencrypted GPG key.

2016-11-23 14:34 GMT+01:00 GOYOT Martin <martin at piwany.com>:

> I am just guessing out of the blue: your gpg key has no password
> associated with it.
>
> When you do pass insert it inserts a new password so it ask it twice to
> check you know what you are entering. But this has nothing to do with your
> gpg key.
>
> 2016-11-23 14:31 GMT+01:00 Cycle London <cycle.london.67 at gmail.com>:
>
>> Yes, it is encrypted.
>>
>> On 23 November 2016 at 13:26, Lenz Weber <mail at lenzw.de> wrote:
>>
>>> sorry, then I interpreted your "enter password twice" wrong.
>>>
>>> take a look at the encrypted file (~/.password-store/google.com/
>>> gmail/example at gmail.com.gpg ) - is it in fact encrypted with gpg for
>>> that key?
>>>
>>> On 11/23/2016 02:23 PM, Cycle London wrote:
>>>
>>> Agent *is* running, but how could that cache my passphrase, when in fact I
>>> have not entered that passphrase once, since the last time the Mac was
>>> rebooted?
>>>
>>> On 23 November 2016 at 13:21, Lenz Weber <mail at lenzw.de> <mail at lenzw.de> wrote:
>>>
>>>
>>> most likely you have a gpg-agent running that caches your passphrase?
>>>
>>> On 11/23/2016 02:16 PM, Cycle London wrote:
>>>
>>> Hello,
>>> Trying to use 'pass' on my Mac, but it is displaying passwords without
>>> asking for my GPG ID.
>>>
>>> I run : `pass init 0x123456789`
>>>
>>> That gets me:
>>>
>>> Password store initialized for 0x123456789
>>>
>>> I then add a password to test:
>>>
>>> `pass insert google.com/gmail/example at gmail.com`
>>>
>>> That gets me a password prompt twice, so I enter the password.
>>>
>>> I then try:
>>>
>>> `[~] john at Mac% (126) pass google.com/gmail/example at gmail.com`
>>> test
>>>
>>> Why doesn't it ask for my passphrase?
>>>
>>> FYI, '0x123456789' is what I get from `gpg --list-keys` and is the ID that
>>> comes after the key length in the output.
>>>
>>> What am I doing wrong, or is the Mac version broken ?
>>>
>>>
>>>
>>>
>>> Hello,
>>> Trying to use 'pass' on my Mac, but it is displaying passwords without
>>> asking for my GPG ID.
>>>
>>> I run : `pass init 0x123456789`
>>>
>>> That gets me:
>>>
>>> Password store initialized for 0x123456789
>>>
>>> I then add a password to test:
>>>
>>> `pass insert google.com/gmail/example at gmail.com`
>>> <http://google.com/gmail/example@gmail.com%60> <http://google.com/gmail/example@gmail.com%60>
>>>
>>> That gets me a password prompt twice, so I enter the password.
>>>
>>> I then try:
>>>
>>> `[~] john at Mac% (126) pass google.com/gmail/example at gmail.com`<http://google.com/gmail/example@gmail.com%60> <http://google.com/gmail/example@gmail.com%60>
>>>
>>> test
>>>
>>> Why doesn't it ask for my passphrase?
>>>
>>> FYI, '0x123456789' is what I get from `gpg --list-keys` and is the ID that
>>> comes after the key length in the output.
>>>
>>> What am I doing wrong, or is the Mac version broken ?
>>>
>>>
>>> _______________________________________________
>>> Password-Store mailing listPassword-Store at lists.zx2c4.comhttp://lists.zx2c4.com/mailman/listinfo/password-store
>>>
>>>
>>>
>>>
>>> Agent *is* running, but how could that cache my passphrase, when in fact
>>> I have not entered that passphrase once, since the last time the Mac was
>>> rebooted?
>>>
>>> On 23 November 2016 at 13:21, Lenz Weber <mail at lenzw.de> wrote:
>>>
>>>> most likely you have a gpg-agent running that caches your passphrase?
>>>>
>>>> On 11/23/2016 02:16 PM, Cycle London wrote:
>>>>
>>>> Hello,
>>>> Trying to use 'pass' on my Mac, but it is displaying passwords without
>>>> asking for my GPG ID.
>>>>
>>>> I run : `pass init 0x123456789`
>>>>
>>>> That gets me:
>>>>
>>>> Password store initialized for 0x123456789
>>>>
>>>> I then add a password to test:
>>>>
>>>> `pass insert google.com/gmail/example at gmail.com`
>>>>
>>>> That gets me a password prompt twice, so I enter the password.
>>>>
>>>> I then try:
>>>>
>>>> `[~] john at Mac% (126) pass google.com/gmail/example at gmail.com`
>>>> test
>>>>
>>>> Why doesn't it ask for my passphrase?
>>>>
>>>> FYI, '0x123456789' is what I get from `gpg --list-keys` and is the ID that
>>>> comes after the key length in the output.
>>>>
>>>> What am I doing wrong, or is the Mac version broken ?
>>>>
>>>> Hello, Trying to use 'pass' on my Mac, but it is displaying passwords
>>>> without asking for my GPG ID. I run : `pass init 0x123456789`
>>>> That gets me: Password store initialized for 0x123456789
>>>> I then add a password to test: `pass insert
>>>> google.com/gmail/example at gmail.com`
>>>> <http://google.com/gmail/example@gmail.com%60>
>>>> That gets me a password prompt twice, so I enter the password.
>>>> I then try: `[~] john at Mac% (126) pass google.com/gmail/example at gmail
>>>> .com` <http://google.com/gmail/example@gmail.com%60> test
>>>> Why doesn't it ask for my passphrase?
>>>> FYI, '0x123456789' is what I get from `gpg --list-keys` and is the ID
>>>> that comes after the key length in the output.
>>>> What am I doing wrong, or is the Mac version broken ?
>>>>
>>>> _______________________________________________
>>>> Password-Store mailing listPassword-Store at lists.zx2c4.comhttp://lists.zx2c4.com/mailman/listinfo/password-store
>>>>
>>>>
>>
>> _______________________________________________
>> Password-Store mailing list
>> Password-Store at lists.zx2c4.com
>> http://lists.zx2c4.com/mailman/listinfo/password-store
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20161123/a288ee16/attachment.html>


More information about the Password-Store mailing list