Introduction and request

HacKan hackan at gmail.com
Thu Jan 26 19:46:59 CET 2017


Hello Daniel:
Hmm OK, I checked the multiline option and works well with binary files,
which was my main concern.

    hackan at debian:~$ dd if=/dev/urandom of=t bs=1024 count=1
    1+0 records in
    1+0 records out
    1024 bytes (1.0 kB, 1.0 KiB) copied, 0.000218737 s, 4.7 MB/s

    hackan at debian:~$ pass insert -m test < t
    Enter contents of test and press Ctrl+D when finished:

    [master 3d34a54] Add given password for test to store.
     1 file changed, 0 insertions(+), 0 deletions(-)
     create mode 100644 test.gpg

    hackan at debian:~$ sha512sum t
    40f514ea9e11747b304cda3e715f99fa6329ddb0262671c66d0333083d18b64f037a26c5f9d66157dcb6de1c542f8d58212a4997e9c0d0c03a8876a49043a3d0  t

    hackan at debian:~$ pass test | sha512sum -
    40f514ea9e11747b304cda3e715f99fa6329ddb0262671c66d0333083d18b64f037a26c5f9d66157dcb6de1c542f8d58212a4997e9c0d0c03a8876a49043a3d0  -

However a more user-friendly option could be added, I can hack the code
for it but I'm not sure about which coding rules/standards you're following.

Regarding signing, you're right, using git for it is a good idea. To
enable it, you must set

    pass git config --bool --add pass.signcommits true

besides setting the signing key, either global or local.

Cheers!

On 01/26/2017 12:34 PM, Daniel Dörrhöfer wrote:
> Hi,
>
> HacKan:
>> Hello there! I'm HacKan, and currently a new pass user. However, I've
>> been following development for a while, I like it.
>>
>> I noticed the repo site doesn't have an issue tracker, and I would like
>> to propose two additions to pass: a way to add files (text or binary) to
>> the storage and a way to certify items in the storage.
>>
>> Currently, to achieve the first I gpg'ed the file manually and output
>> the result inside pass storage dir, but it's rather inconvenient.
>> Something like pass insert <pass-name> <filepath> would be better.
> Exactly how it is done. But use the »-m« parameter for a multi line
> password and pipe the file. Get used to the unix philosophy (Makes life
> easier).
>
> e.G.
>
> pass insert --multiline ssh/my_private_rsa_key < ~/.ssh/id_rsa
>
>
>> For the second, I noticed that from commit
>> ff62f87f41557ab7267defab662324927301485a
>> <https://git.zx2c4.com/password-store/commit/?id=ff62f87f41557ab7267defab662324927301485a>
>> there's an option to sign files. I'm not sure how do you plan to
>> implement such feature, if signing items individually and then verifying
>> prior use, but I was thinking that an easy way to do it is simply
>> mantain a /signed/ SHA512SUMS file on the root of the pass dir, and
>> update it during insertions or modifications. This allows to ensure each
>> item's authenticity, and also backwards compat since implementing it on
>> an older "database" is pretty easy.
>
> git does the job.
>
> 1) Set the key:
>
> git config –global user.signingkey <MY_GPG_KEY>
>
> 2) verify:
>
> pass git pull --verify-signatures
>
> or
>
> pass git log --pretty="%h: %s %Cgreen %G?"
>
>
>> Let me know of your thought on those ideas, if there's another place to
>> put them instead of this mailing list, and also if I should
>> clarify/expand them.
>>
>> Cheers,
>>
>>
>>
>> _______________________________________________
>> Password-Store mailing list
>> Password-Store at lists.zx2c4.com
>> https://lists.zx2c4.com/mailman/listinfo/password-store
>>
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/password-store

-- 
HacKan || Iván
GPG: 0xECF0573B1C9B59E8

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20170126/22e3b999/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 858 bytes
Desc: OpenPGP digital signature
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20170126/22e3b999/attachment.asc>


More information about the Password-Store mailing list