pass uselessly re-encrypting files

Gabriel Filion gabster at lelutin.ca
Tue Apr 11 22:11:00 CEST 2017


Hello,

I'm having issues where pass reencrypts passwords whenever I do an "mv"
operation. all of the passwords in the same directory get reencrypted
even though nothing has changed for them.

I'm using pass v1.6.5 (debian sid) with gpg 2.1.18.

I've looked at what's happening in the code around the message
"reencrypting to" and tried the gpg commands that get key lists to
compare them, and I'm getting a difference, hence the trigger to reencrypt.

gpg --list-keys --with-colons <space-separated list of keys in .gpg-id>
| sed -n
's/sub:[^:]*:[^:]*:[^:]*:\([^:]*\):[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[a-zA-Z]*e[a-zA-Z]*:.*/\1/p'
| LC_ALL=C sort -u

^ this shows the exact list of long key ids that correspond to the
fingerprints that are present in .gpg-id

gpg -v --no-secmem-warning --no-permission-warning --list-only
--keyid-format long ~/.password-store/path/to/file.gpg 2>&1 | cut -d ' '
-f 5 | LC_ALL=C sort -u

^ this has an empty first line, then the set of long key ids, then three
garbage lines:

ELG
RSA
instead

those lines correspond to messages of the type:
 * gpg: using subkey xyz instead of primary key abc
 * gpg: encrypted with 4096-bit RSA key, ID xyz
 * gpg: encrypted with 4096-bit ELG key, ID xyz

the emtpy line probably corresponds to the lines following the
"encrypted with" messages, that show the uid of the key.

It seems like pass will always reencrypt files because of that difference.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20170411/d16f2023/attachment.asc>


More information about the Password-Store mailing list