Is a PGP-based password manager a good idea in 2019?

Lenz Weber mail at
Thu Aug 29 11:36:12 CEST 2019

GPG doesn't get a lot love because it has a lot of backwards
compatibility with algorithms that shouldn't be used any more and the
APIs and CLI tools are a mess of UX.

The second part is completely mitigated by using pass - you get a
simple, clear CLI interface that is almost impossible to mis-use.

The first part is partially on you: if you create a gpg key with very
weak encryption, you've got a problem.

But if you create a modern GPG key, you're perfectly fine. The
cryptography of modern algorithms in GPG is not part of that debate as
far as I know.

On 8/29/19 11:24 AM, Sylvia Gough wrote:
> First, I'd like to thank Jason for all the amazing crypto work he's
> been doing.
> Now to my question. I'm considering using pass as my password manager,
> and security is obviously a top concern for this roll. I know that
> pass is using GPG under the hood, and as far as I can see GPG doesn't
> get much love among cryptographers[1][2].
> What's your opinion about this?
> [1]:
> [2]:
> _______________________________________________
> Password-Store mailing list
> Password-Store at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Password-Store mailing list