Feature Proposal

Frank Grüllich frank.gruellich at gmail.com
Fri Jun 2 21:03:10 CEST 2017

On Fri, Jun 02, 2017 at 07:42:26AM +0000, Matthieu Fronton wrote:
> Le ven. 2 juin 2017 à 07:42, Frank Grüllich <frank.gruellich at gmail.com> a
> écrit :
> > > [store raw file]
> > What's the big advantage over
> >
> >  % pass insert --multiline "some/path/to/secret" < secret.data
> >
> > ?
> I have to admit I didn't think about in the first place... :)
> But I also believe this is more a workaround than a native feature.

That workaround enables some nice tricks, eg.:

 % openssl genrsa 2048 | pass insert --multiline "some/path/to/www.example.com.key"
 % pass "some/path/to/www.example.com.key" | openssl req -new -key /dev/stdin -out "www.example.com.csr" -subj "/CN=www.example.com"

which stores/uses they secret key almost directly in/from a safe place
(and does not create a useful CSR, of course).  Your implementation
enables (if not encourages) the user to put the key on some potential
unsafe storage.

> And I wonder if it is binary-safe.
> Did you try to store DER certificates for example ?

For testing, I once stored a JPEG image with no issues when sharing the
store from one Linux box to another one.  I'm not sure how cross
platfrom safe it is.  I guess it's all a matter how GnuPG deals with
those things.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 213 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20170602/e7cf3ad6/attachment.asc>

More information about the Password-Store mailing list