[pass] pass and tomb together

Adam Spiers pass at adamspiers.org
Mon Feb 6 00:16:36 CET 2017


On Sun, Feb 05, 2017 at 10:39:52PM +0000, Alexandre Pujol wrote:
>Hi all,
>
>They have been a lot of discussions in this ML about the fact that files
>and directories names are not encrypted in the password store. Just
>check [1] for last year discussion and [2] for this year discussion.
>There aren't any good solution yet. Most of the solution proposed are
>either not secure or would completely transform pass.

Did you read my latest proposal yet?

    https://lists.zx2c4.com/pipermail/password-store/2017-February/002714.html

I think it should be secure, and would not completely transform pass. 

>pass-tomb [3] is my solution to these issue. It provides a Unix
>Philosophy compatible solution to the tree problem in pass. This is a
>pass extension providing a convenient solution to put you password
>repository in a tomb  [4] and then keep your password tree encrypted
>when you are not using it. Moreover, it uses the same GPG key to encrypt
>passwords and tomb (This is only possible now with the coming support of
>GPG key in tomb [5])

[snipped]

This sounds cool - thanks a lot for making it and sharing it!  My 
first question is: could this work on Android?  I see that LUKS has 
been ported: 

    https://github.com/guardianproject/luks/wiki

But I have no idea how easy it would be to integrate into 

    https://github.com/zeapo/Android-Password-Store

Unfortunately without Android support it's not really useful for me.

My proposal is less sophisticated, but would not introduce any 
significant new dependency.  (The only new thing it needs to do is 
generate SHA-256 digests.) 


More information about the Password-Store mailing list