Is a PGP-based password manager a good idea in 2019?

Sylvia Gough q0h8xdveje at
Sat Aug 31 23:38:06 CEST 2019

Thanks for the responses everyone!
Shawn - when I said role I actually referred to "managing passwords". Sorry
for the confusion, but thanks for the useful info :)

On Sat, Aug 31, 2019 at 1:33 AM shawn wilson < at> wrote:

> On Thu, Aug 29, 2019, 05:25 Sylvia Gough <q0h8xdveje at> wrote:
>> First, I'd like to thank Jason for all the amazing crypto work he's been
>> doing.
>> Now to my question. I'm considering using pass as my password manager,
>> and security is obviously a top concern for this roll. I know that pass is
>> using GPG under the hood, and as far as I can see GPG doesn't get much love
>> among cryptographers[1][2].
> I'm going to assume "role" refers to a part you have in a larger
> organization. If this is the case, I've found pgp a pain to try to
> implement in a corporate environment (mainly due to lack of tracking, and
> no ocsp or similar revocation mechanism). If this is the case, you may be
> interested in making your hardware tokens pkcs8 (iirc - pkcs version of pgp
> cars anyway) and using keycloak (redhat?) -> vault (hashicorp). The later
> should be adding pgp support too (which I want for fim and rpm signing)
> which you /should/ be able to get to directly work with pass.
> That said, I haven't gotten this all setup at home and am still happy with
> pass for personal use.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Password-Store mailing list