Set up another PC to access pass's remote git repository
Mcat
mcat95 at gmail.com
Mon Oct 16 14:05:02 CEST 2017
On 16/10/17 15:35, Niels Kobschaetzki wrote:
>
> The only problem I see might be privacy implications since other people
> can publicly see what for sites he is using, if he names his passwords
> accordingly. Maybe the user should invest in a github subscription to be
> able to create a private repository.
Wouldn't the pass-tomb extension help with the privacy issue?
https://github.com/roddhjav/pass-tomb#readme
I don't personally use it, but it seems like it would help
El lun., 16 oct. 2017 a las 12:38, Harmen Stoppels (<
harmenstoppels at gmail.com>) escribió:
> What would be the recommended way (if you don't have a yubikey) to safely
> copy and store a private key on your android device?
>
> Best,
>
> Harmen
>
> 2017-10-16 7:34 GMT+02:00 Thibault JAMET <thibault.jamet+pass at gmail.com>:
>
>> Hi,
>>
>> Mi personal setup is a bit different.
>> I am using a yubikey to store my private gpg key and have published the
>> public one.
>> I am also using the gpg-agent as an ssh-daemon, so that it uses the
>> yubikey's gpg key.
>> Thus, none of my keys are written to disk nor has to be sync'd.
>> My password store repo is sync'd with git on a repo hosted on a private
>> server.
>>
>> To import the repo on a new computer I:
>> - download my public key ( gpg search <user.email>)
>> - edit the gpg config to use it as a ssh agent
>> - synchronize gpg agent (gpg --card-status)
>> - clone my password-store repository
>>
>> I personally do not wish to rely on the passphrase, not secure enough to
>> me, as if your passphrase leaks, you still have the opportunity to change
>> it and keep the same key if you always kept the private key private. In
>> other cases, you will have to rotate your private key every time you have
>> to rotate your passphrase.
>>
>> Best regards,
>>
>> Thibault
>>
>>
>> Le lun. 16 oct. 2017 à 06:43, Radon Rosborough <radon.neon at gmail.com> a
>> écrit :
>>
>>> The way I've set it up, all of my passwords are random except for
>>> three: my GitHub password, my SSH passphrase, and my GPG passphrase.
>>> So when I set up a new machine, I clone my SSH keys from GitHub using
>>> HTTPS; then I can clone any of my other repositories using SSH,
>>> including my GPG keyring and my Pass repository. Finally, I can use my
>>> GPG keyring to unlock any of my other passwords.
>>>
>>> Certainly there are security implications to having my SSH and GPG
>>> keys, as well as all my passwords, in private GitHub repositories.
>>> However, I set up my security model under the assumption that if my
>>> master passphrases are compromised then any other protection is just
>>> security-through-obscurity. The idea is that an attacker would need to
>>> get (machine access + GPG passphrase) or (GitHub password + GPG
>>> passphrase) in order to compromise everything. Then it's a matter of
>>> religiously using a dedicated pinentry program to enter the master GPG
>>> passphrase, to avoid most attack vectors.
>>> _______________________________________________
>>> Password-Store mailing list
>>> Password-Store at lists.zx2c4.com
>>> https://lists.zx2c4.com/mailman/listinfo/password-store
>>>
>>
>> _______________________________________________
>> Password-Store mailing list
>> Password-Store at lists.zx2c4.com
>> https://lists.zx2c4.com/mailman/listinfo/password-store
>>
>>
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/password-store
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20171016/537b8b64/attachment.html>
More information about the Password-Store
mailing list