Minimal requirement for GPG ?

Tue Dec 4 16:17:19 CET 2018

Hi Mikkel,

Sorry, I look for information on the site, and not in readme file, as I
install pass with apt. I have pass 1.4.2 on the old Ubuntu 14.04 laptop,
and 1.7.1 on Ubuntu 18.04.
Very clear, and useful, my best way is to upgrade the whole laptop, or try
to install pass from source files.

You are right about gpg, the version on my old Ubuntu 14.04 allow multiple
-r flags.

Thanks again for your perfect answer.

Regards,
Cédric

Le mar. 4 déc. 2018 à 01:25, Mikkel Kirkgaard Nielsen <miki at mikini.dk> a
écrit :

> Hi Cedric.
>
> On 2018-12-03 14:38, Cedric Girard wrote:
> > on one laptop, with GPG 1.4.16, the gpg file is crypted only with the
> > first key in .gpg-id. Is there a limitation on this old version of
> > GPG ? I did not find any information about pass requirement.
>
> Well, the README says pass depends on "GnuPG2", but the actual code
> assumes "gpg" and steps up to using "gpg2" if it is available[0].
>
> [0] https://git.zx2c4.com/password-store/tree/src/password-store.sh#n10
>
> What is the pass version, operating system and OS release of the machine
> in question? Has pass been installed using the system's package management?
> I'm thinking that if the distribution ships a ~5 year old gnupg (1.4.16
> was released on 2013-12-18[1]) I guess chances are you won't get a pass
> version that supports teams (multiple recipients in .gpg-id) either. The
> team feature was committed on 2014-03-19[2] and released in v1.5 on
> 2014-04-12[3].
>
> [1] https://www.gnupg.org/download/release_notes.html#gnupg-1.4.16
> [2]
>
> https://git.zx2c4.com/password-store/commit/?id=b1314982194c99361c2b81b3359a21d5a289fdb5
> [3] https://git.zx2c4.com/password-store/tag/?h=1.5
>
> The team feature feeds all keys mentioned in .gpg-id to gnupg using
> multiple --recipient/-r arguments[4] when encrypting. A pre-1.5 pass
> would use only the first key, exactly as you describe, as they all do
> "head -n 1" on the file[5].
>
> [4] https://git.zx2c4.com/password-store/tree/src/password-store.sh#n102
> [5]
> https://git.zx2c4.com/password-store/tree/src/password-store.sh?h=1.4#n190
>
> I doubt that any gnupg exists that doesn't support multiple recipients
> as the hybrid cipher approach[6] making this feasible (data=symmetric,
> session key=asymmetric pr. recipient) is an OpenPGP[7] requirement.
> AFAIK it has been supported for ages, maybe even for the entire gnupg
> lifespan (obsolete rfc2440 from 1998-11[8] talks about it, gnupg v0.0.0
> was released 1997-12-20[9]).
>
> [6] https://www.gnupg.org/gph/en/manual.html#AEN210
> [7] https://tools.ietf.org/html/rfc4880#section-2.1
> [8] https://tools.ietf.org/html/rfc2440#section-2.1
> [9] https://www.gnupg.org/download/release_notes.html#sec-2-70
>
> Looking specifically into the source of gnupg 1.4.16 it seems to me that
> it would be able to parse multiple -r flags[10] as the team feature
> expects. A checkout, compilation and test of the 1.4.16 tag from git on
> an Ubuntu 16.04 system confirms this.
> You could do something like the below to assure yourself that it is
> indeed the case on the system in question (the example encrypts for your
> and mine pubkey, they need to be available of course);
> $ echo test | gpg -r B369349A -r 24895E49 -e |gpg --list-packets
>
> [10]
>
> https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=g10/gpg.c;h=dbf2f40c5b1c5f36f4e0c2e91b8dbfaea7577ea4;hb=7cdb86e0ad7a3f452c2f7358e3e830785281addc#l93
>
> Hope this helps.
>
> Regards,
> --
> Mikkel
>
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/password-store
>

-- 
*Cédric GIRARD*
Développeur senior & administrateur système

33 (0)1 53 02 40 60 - 33 (0)6 10 44 90 96
www.epiconcept.fr - @epiconcept

[image: https://www.epiconcept.fr/] <https://www.epiconcept.fr/>
<https://www.epiconcept-group.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20181204/5ed7979d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image008.png
Type: image/png
Size: 7849 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20181204/5ed7979d/attachment.png>