Supplying GPG key password into Pass command
Eddie Barraco
reedwade at misterbanal.net
Fri Feb 7 20:04:53 CET 2020
Hello you,
> I’m trying to build my own custom extension to Pass and I’m wondering if there’s any guidance on piping (or equivalent) in the password to the associated GPG key so that you don’t have to use the pop-up GPG input box. An example of what I mean (that doesn’t work) would be something like:
>
> >> echo my_password | pass email/gmail
> >> password_for_my_gmail.
There is something about this in the gpg2 man:
--passphrase string
Use string as the passphrase. This can only be used if only one
passphrase is supplied. Obviously, this is of very questionable
security on a multi-user system. Don't use this option if you can
avoid it.
Note that since Version 2.0 this passphrase is only used if the
option --batch has also been given. Since Version 2.1
the --pinentry-mode also needs to be set to loopback.
I guess the reason you want to pipe it is because you do not want to
store the passphrase in clear. You still could pipe your pass in a shell
variable or use xargs to build the command.
You will probably be forced to use gpg command directly cause I don't
think there is a way to pass extra gpg parameters in pass. Or you could
just decrypt a random file before with gpg and then use the pass
command.
Plan B, you could probably try to setup the ttl config of the gpg-agent.
Maybe it is possible to set it up to, infinity :) But if the server
reboot, aitch...
Hoping I helped you,
I'd like to know when you'll solve your problem. Keep us in touch !
More information about the Password-Store
mailing list