[pass] pass and tomb together
Adam Spiers
pass at adamspiers.org
Mon Feb 6 00:16:36 CET 2017
On Sun, Feb 05, 2017 at 10:39:52PM +0000, Alexandre Pujol wrote:
>Hi all,
>
>They have been a lot of discussions in this ML about the fact that files
>and directories names are not encrypted in the password store. Just
>check [1] for last year discussion and [2] for this year discussion.
>There aren't any good solution yet. Most of the solution proposed are
>either not secure or would completely transform pass.
Did you read my latest proposal yet?
https://lists.zx2c4.com/pipermail/password-store/2017-February/002714.html
I think it should be secure, and would not completely transform pass.
>pass-tomb [3] is my solution to these issue. It provides a Unix
>Philosophy compatible solution to the tree problem in pass. This is a
>pass extension providing a convenient solution to put you password
>repository in a tomb [4] and then keep your password tree encrypted
>when you are not using it. Moreover, it uses the same GPG key to encrypt
>passwords and tomb (This is only possible now with the coming support of
>GPG key in tomb [5])
[snipped]
This sounds cool - thanks a lot for making it and sharing it! My
first question is: could this work on Android? I see that LUKS has
been ported:
https://github.com/guardianproject/luks/wiki
But I have no idea how easy it would be to integrate into
https://github.com/zeapo/Android-Password-Store
Unfortunately without Android support it's not really useful for me.
My proposal is less sophisticated, but would not introduce any
significant new dependency. (The only new thing it needs to do is
generate SHA-256 digests.)
More information about the Password-Store
mailing list