Is a PGP-based password manager a good idea in 2019?
Allan Odgaard
lists+pass at simplit.com
Fri Aug 30 18:46:20 CEST 2019
On 30 Aug 2019, at 15:18, Henrik Christian Grove wrote:
> [...] one might consider the passwords application
> data and implement a password manager using libsodium (as recommended
> by
> that article, but I think I've heard that recommended before) for
> them.
> The result would probably end up quite far from the Unix philosophy,
Indeed, `pass` would have to invent its own key management
infrastructure, its own authentication agent protocol, and it would lose
compatibility with OpenPGP cards [1] and the existing authentication
agents which exist (e.g. on macOS I get a graphical dialog when `pass`
needs to access my PGP private key).
[1] https://en.wikipedia.org/wiki/OpenPGP_card
> But once an alternative for single file encryption becomes available,
> I'm sure people will start thinking of porting pass to use that.
Yes, once `age` is at feature parity with PGP for single-file
encryption, it should be trivial to make `pass` use `age` instead of PGP
and re-encrypt passwords.
In that sense, I am happy that `pass` is not using some proprietary
storage format (based on libsodium) for my passwords.
As for `age` though, I cannot find anything beyond the Google document
and this blog post [1], no source code seems available, so don’t know
how far along the project is.
https://blog.filippo.io/using-ed25519-keys-for-encryption/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20190830/757b4e76/attachment.html>
More information about the Password-Store
mailing list