Supplying GPG key password into Pass command
lionelmiquel at sfr.fr
Sat Feb 15 09:09:07 CET 2020
On Sat, 15 Feb 2020 02:39:11 +0100
"mailinglisten at posteo.de" <mailinglisten at posteo.de> wrote:
> Am 09.02.20 um 19:14 schrieb password-store at storiepvtride.it:
> > Am 09.02.20 um 18:52 schrieb Louis ProtonMail:
> >> I might not be understanding things well, but how is one supposed to
> >> access the plaintext saved passwords without having the keys used to
> >> encrypt them and the password to those keys? Where do you keep your GPG
> >> keys so that you can decrypt the pass entries?
> > I think this is exactly the issue here: you can't, unless you give up
> > some security. If a malicious actor gets into the remote server, he has
> > access to both private key and GPG encrypted files. He would be only one
> > passphrase away from your passwords.
> > I keep my GPG private key into a smartcard. Without this smartcard
> > attached to my device, I can't decrypt my passwords.
> > (...)
> For a long time I have wondered, if I can run a full blown class 3 card
> reader with its own pinpad on an Android smartphone :-) It´s soon time
> to try :-)
> Though, I´d never run a simple card reader without pinpad on an Android
> device, the fear, the pin could get eavesdropped is too big. Smartphones
> are inherently insecure.
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
Hi guys I'm chiming in : sshfs + changing temporarly the PASSWORD_STORE_DIR system variable to the remote mounted password store dir works ? have you tried it or in your use case you can't use ssh ?
Maybe customize your script with a PASSWORD_STORE_DIR_SSHFS, so your keys aren't sitting on the remote device.
I know the Termux app on android have sshd capabilities.
Miquel Lionel <lionelmiquel at sfr.fr>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 833 bytes
Desc: not available
More information about the Password-Store