Is a PGP-based password manager a good idea in 2019?
lists+pass at simplit.com
Fri Aug 30 18:46:20 CEST 2019
On 30 Aug 2019, at 15:18, Henrik Christian Grove wrote:
> [...] one might consider the passwords application
> data and implement a password manager using libsodium (as recommended
> that article, but I think I've heard that recommended before) for
> The result would probably end up quite far from the Unix philosophy,
Indeed, `pass` would have to invent its own key management
infrastructure, its own authentication agent protocol, and it would lose
compatibility with OpenPGP cards  and the existing authentication
agents which exist (e.g. on macOS I get a graphical dialog when `pass`
needs to access my PGP private key).
> But once an alternative for single file encryption becomes available,
> I'm sure people will start thinking of porting pass to use that.
Yes, once `age` is at feature parity with PGP for single-file
encryption, it should be trivial to make `pass` use `age` instead of PGP
and re-encrypt passwords.
In that sense, I am happy that `pass` is not using some proprietary
storage format (based on libsodium) for my passwords.
As for `age` though, I cannot find anything beyond the Google document
and this blog post , no source code seems available, so don’t know
how far along the project is.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Password-Store