Is a PGP-based password manager a good idea in 2019?

Allan Odgaard lists+pass at
Fri Aug 30 18:46:20 CEST 2019

On 30 Aug 2019, at 15:18, Henrik Christian Grove wrote:

> [...] one might consider the passwords application
> data and implement a password manager using libsodium (as recommended 
> by
> that article, but I think I've heard that recommended before) for 
> them.
> The result would probably end up quite far from the Unix philosophy,

Indeed, `pass` would have to invent its own key management 
infrastructure, its own authentication agent protocol, and it would lose 
compatibility with OpenPGP cards [1] and the existing authentication 
agents which exist (e.g. on macOS I get a graphical dialog when `pass` 
needs to access my PGP private key).


> But once an alternative for single file encryption becomes available,
> I'm sure people will start thinking of porting pass to use that.

Yes, once `age` is at feature parity with PGP for single-file 
encryption, it should be trivial to make `pass` use `age` instead of PGP 
and re-encrypt passwords.

In that sense, I am happy that `pass` is not using some proprietary 
storage format (based on libsodium) for my passwords.

As for `age` though, I cannot find anything beyond the Google document 
and this blog post [1], no source code seems available, so don’t know 
how far along the project is.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Password-Store mailing list