using pass with multiple keys

Sean Murphy sean at gopaddy.ch
Sun Jan 21 10:38:49 CET 2018 

Thanks Brian, Niklas for the pointers - v helpful.

BR,
Seán.


On Sat, Jan 20, 2018 at 8:06 PM, Brian Minton <brian at minton.name> wrote:
>
>
> On January 20, 2018 11:05:35 AM EST, Sean Murphy <sean at gopaddy.ch> wrote:
>
>> Is it possible to auto encrypt all password with
>>multiple gpg subkeys hanging off one primary key?
>
> Yes. I do this. The trick is to initiate your password store with each subkey.  For instance, in my public key Ox0424DC19B678A1A9, I have the following  subkeys (as shown by gpg -K):
>
> ssb   nistp384/EA49CFDB55D113E9 2014-10-12 [E] [expires: 2018-10-11]
> ssb   ed25519/37B9507ACFF2016E 2014-10-12 [S] [expires: 2018-10-11]
> ssb   elg3200/28FA8B9659A70692 2016-03-07 [E] [expires: 2018-10-11]
> ssb   elg2048/25353D56E26A744C 2014-10-09 [E] [expires: 2018-10-11]
> ssb   elg2048/32483BAF5EA82613 2014-10-10 [E] [expires: 2018-10-11]
> ssb   dsa2048/6B8EB3A065CFBAA9 2014-10-10 [S] [expires: 2018-10-11]
> ssb   dsa2048/0BDB2162F1CE5831 2014-10-09 [S] [expires: 2018-10-11]
>
> For password-store, we don't care about signing subkeys (marked with [S]), only encryption ones (marked with [E]).  That is,
>
> $ gpg -K 0424DC19B678A1A9 | fgrep -e '[E]'
> ssb   nistp384/EA49CFDB55D113E9 2014-10-12 [E] [expires: 2018-10-11]
> ssb   elg3200/28FA8B9659A70692 2016-03-07 [E] [expires: 2018-10-11]
> ssb   elg2048/25353D56E26A744C 2014-10-09 [E] [expires: 2018-10-11]
> ssb   elg2048/32483BAF5EA82613 2014-10-10 [E] [expires: 2018-10-11]
>
> So, init the password store with:
>
> pass init EA49CFDB55D113E9! 28FA8B9659A70692! 25353D56E26A744C! 32483BAF5EA82613!
>
> The ! makes gpg use that exact key, instead of the default encryption key.
>
>  Is it possible
>>to eg perform a batch job to ensure that all paawords on my
>>git server have the dual encryption (as I guess that some clients
>>such as mobile apps would not have support for working with
>>multiple keys).
>
> pass init will re-encrypt everything to all the listed keys  (Of course, make a backup first, just in case).
>
>
>>
>>Any thoughts/pointers greatly appreciated.
>>
>>BR,
>>Seán.
>>_______________________________________________
>>Password-Store mailing list
>>Password-Store at lists.zx2c4.com
>>https://lists.zx2c4.com/mailman/listinfo/password-store
>
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/password-store

More information about the Password-Store mailing list