Feature Proposal
Daniel Dörrhöfer
ddo at openmailbox.org
Fri Jun 2 21:53:00 CEST 2017
Frank Grüllich:
> On Fri, Jun 02, 2017 at 07:42:26AM +0000, Matthieu Fronton wrote:
>> Le ven. 2 juin 2017 à 07:42, Frank Grüllich <frank.gruellich at gmail.com> a
>> écrit :
>>>> [store raw file]
>>> What's the big advantage over
>>>
>>> % pass insert --multiline "some/path/to/secret" < secret.data
>>>
>>> ?
>> I have to admit I didn't think about in the first place... :)
>> But I also believe this is more a workaround than a native feature.
>
> That workaround enables some nice tricks, eg.:
>
> % openssl genrsa 2048 | pass insert --multiline "some/path/to/www.example.com.key"
> % pass "some/path/to/www.example.com.key" | openssl req -new -key /dev/stdin -out "www.example.com.csr" -subj "/CN=www.example.com"
>
> which stores/uses they secret key almost directly in/from a safe place
> (and does not create a useful CSR, of course). Your implementation
> enables (if not encourages) the user to put the key on some potential
> unsafe storage.
>
>> And I wonder if it is binary-safe.
>> Did you try to store DER certificates for example ?
>
> For testing, I once stored a JPEG image with no issues when sharing the
> store from one Linux box to another one. I'm not sure how cross
> platfrom safe it is. I guess it's all a matter how GnuPG deals with
> those things.
>
Details about this workaround can be found here
https://en.wikipedia.org/wiki/Unix_philosophy
This workaround can also be used to convert a DER certificate to base64.
base64 cert.der | pass insert --multiline "some/path/to/cert.pem"
pass some/path/to/cert.pem | base64 -d > ./cert.der
I think PEM is just the base64 encoding of der DER file, isn't it?
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/password-store
>
More information about the Password-Store
mailing list