using pass with multiple keys

Brian Minton brian at minton.name
Sat Jan 20 20:06:11 CET 2018 


On January 20, 2018 11:05:35 AM EST, Sean Murphy <sean at gopaddy.ch> wrote:

> Is it possible to auto encrypt all password with
>multiple gpg subkeys hanging off one primary key?

Yes. I do this. The trick is to initiate your password store with each subkey.  For instance, in my public key Ox0424DC19B678A1A9, I have the following  subkeys (as shown by gpg -K):

ssb   nistp384/EA49CFDB55D113E9 2014-10-12 [E] [expires: 2018-10-11]
ssb   ed25519/37B9507ACFF2016E 2014-10-12 [S] [expires: 2018-10-11]
ssb   elg3200/28FA8B9659A70692 2016-03-07 [E] [expires: 2018-10-11]
ssb   elg2048/25353D56E26A744C 2014-10-09 [E] [expires: 2018-10-11]
ssb   elg2048/32483BAF5EA82613 2014-10-10 [E] [expires: 2018-10-11]
ssb   dsa2048/6B8EB3A065CFBAA9 2014-10-10 [S] [expires: 2018-10-11]
ssb   dsa2048/0BDB2162F1CE5831 2014-10-09 [S] [expires: 2018-10-11]

For password-store, we don't care about signing subkeys (marked with [S]), only encryption ones (marked with [E]).  That is, 

$ gpg -K 0424DC19B678A1A9 | fgrep -e '[E]'            
ssb   nistp384/EA49CFDB55D113E9 2014-10-12 [E] [expires: 2018-10-11]
ssb   elg3200/28FA8B9659A70692 2016-03-07 [E] [expires: 2018-10-11]
ssb   elg2048/25353D56E26A744C 2014-10-09 [E] [expires: 2018-10-11]
ssb   elg2048/32483BAF5EA82613 2014-10-10 [E] [expires: 2018-10-11]

So, init the password store with:

pass init EA49CFDB55D113E9! 28FA8B9659A70692! 25353D56E26A744C! 32483BAF5EA82613!

The ! makes gpg use that exact key, instead of the default encryption key.

 Is it possible
>to eg perform a batch job to ensure that all paawords on my
>git server have the dual encryption (as I guess that some clients
>such as mobile apps would not have support for working with
>multiple keys).

pass init will re-encrypt everything to all the listed keys  (Of course, make a backup first, just in case).


>
>Any thoughts/pointers greatly appreciated.
>
>BR,
>Seán.
>_______________________________________________
>Password-Store mailing list
>Password-Store at lists.zx2c4.com
>https://lists.zx2c4.com/mailman/listinfo/password-store

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

More information about the Password-Store mailing list