[pass] pass and tomb together

Alexandre Pujol alexandre at pujol.io
Sun Feb 5 23:39:52 CET 2017


Hi all,

They have been a lot of discussions in this ML about the fact that files
and directories names are not encrypted in the password store. Just
check [1] for last year discussion and [2] for this year discussion.
There aren't any good solution yet. Most of the solution proposed are
either not secure or would completely transform pass.

pass-tomb [3] is my solution to these issue. It provides a Unix
Philosophy compatible solution to the tree problem in pass. This is a
pass extension providing a convenient solution to put you password
repository in a tomb  [4] and then keep your password tree encrypted
when you are not using it. Moreover, it uses the same GPG key to encrypt
passwords and tomb (This is only possible now with the coming support of
GPG key in tomb [5])

The extension can be used like this:
- Create a password tomb with 'pass tomb gpgids...' pass-tomb creates a
new tomb and open it in ~/.password-store. Then it initializes the
password repository with the same GPG key.
- Use tomb as usual
- When finished close the password tomb:  'pass close'
- To use pass again, you need to open the password tomb: 'pass open'

Moreover, tomb support steganography (the tomb key can be buried in a
image).  Then you can do the same with your password-tomb key.

As usual with any GPG based app, if you use a smart card, it will works
perfectly fine with pass tomb.

More info can be found at https://github.com/roddhjav/pass-tomb

Feedback and contributors are all very welcome.

Regards,
Alex

[1]
https://lists.zx2c4.com/pipermail/password-store/2016-January/001880.html
[2]
https://lists.zx2c4.com/pipermail/password-store/2017-February/002700.html
[3] https://github.com/roddhjav/pass-tomb
[4] https://github.com/dyne/Tomb
[5] https://github.com/dyne/Tomb/pull/244


More information about the Password-Store mailing list