Is a PGP-based password manager a good idea in 2019?
Sylvia Gough
q0h8xdveje at gmail.com
Sat Aug 31 23:38:06 CEST 2019
Thanks for the responses everyone!
Shawn - when I said role I actually referred to "managing passwords". Sorry
for the confusion, but thanks for the useful info :)
On Sat, Aug 31, 2019 at 1:33 AM shawn wilson <ag4ve.us at gmail.com> wrote:
>
>
> On Thu, Aug 29, 2019, 05:25 Sylvia Gough <q0h8xdveje at gmail.com> wrote:
>
>> First, I'd like to thank Jason for all the amazing crypto work he's been
>> doing.
>>
>> Now to my question. I'm considering using pass as my password manager,
>> and security is obviously a top concern for this roll. I know that pass is
>> using GPG under the hood, and as far as I can see GPG doesn't get much love
>> among cryptographers[1][2].
>>
>
>
> I'm going to assume "role" refers to a part you have in a larger
> organization. If this is the case, I've found pgp a pain to try to
> implement in a corporate environment (mainly due to lack of tracking, and
> no ocsp or similar revocation mechanism). If this is the case, you may be
> interested in making your hardware tokens pkcs8 (iirc - pkcs version of pgp
> cars anyway) and using keycloak (redhat?) -> vault (hashicorp). The later
> should be adding pgp support too (which I want for fim and rpm signing)
> which you /should/ be able to get to directly work with pass.
>
> That said, I haven't gotten this all setup at home and am still happy with
> pass for personal use.
>
>
>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20190901/41a6c89b/attachment.html>
More information about the Password-Store
mailing list