[PATCH] add "pass reencrypt" sub command

Kjetil Torgrim Homme kjetil.homme at redpill-linpro.com
Tue Jan 7 17:33:56 CET 2020 

I was surprised to find there was no command to reencrypt a pass 
installation without specifying the key ids manually to pass init.  The 
code is basically there already, so this patch adds a "reencrypt" 
command (basically a copy of "init" with less code) which will use the 
correct .gpg-id files for each sub directory.


diff --git bin/pass bin/pass
index b17ec580e..c10680f97 100755
--- bin/pass
+++ bin/pass
@@ -264,6 +279,8 @@ cmd_usage() {
  	    $PROGRAM init [--path=subfolder,-p subfolder] gpg-id...
  	        Initialize new password storage and use gpg-id for encryption.
  	        Selectively reencrypt existing passwords using new gpg-id.
+	    $PROGRAM reencrypt [--path=subfolder,-p subfolder]
+	        Selectively reencrypt existing passwords based on updated 
.gpg-id files.
  	    $PROGRAM [ls] [subfolder]
  	        List passwords.
  	    $PROGRAM find pass-names...
@@ -349,6 +366,27 @@ cmd_init() {
  	git_add_file "$PREFIX/$id_path" "Reencrypt password store using new 
GPG id ${id_print%, }${id_path:+ ($id_path)}."
  }

+cmd_reencrypt() {
+	local opts id_path=""
+	opts="$($GETOPT -o p: -l path: -n "$PROGRAM" -- "$@")"
+	local err=$?
+	eval set -- "$opts"
+	while true; do case $1 in
+		-p|--path) id_path="$2"; shift 2 ;;
+		--) shift; break ;;
+	esac done
+
+	[[ $err -ne 0 || $# -gt 0 ]] && die "Usage: $PROGRAM $COMMAND 
[--path=subfolder,-p subfolder]"
+	[[ -n $id_path ]] && check_sneaky_paths "$id_path"
+	[[ -n $id_path && ! -d $PREFIX/$id_path && -e $PREFIX/$id_path ]] && 
die "Error: $PREFIX/$id_path exists but is not a directory."
+
+        # set_git does a dirname operation, so trailing slash is needed
+	set_git "$PREFIX/$id_path/"
+
+	reencrypt_path "$PREFIX/$id_path"
+	git_add_file "$PREFIX/$id_path" "Reencrypt password store using 
updated .gpg-id files."
+}
+
  cmd_show() {
  	local opts selected_line clip=0 qrcode=0
  	opts="$($GETOPT -o q::c:: -l qrcode::,clip:: -n "$PROGRAM" -- "$@")"
@@ -688,6 +726,7 @@ COMMAND="$1"

  case "$1" in
  	init) shift;			cmd_init "$@" ;;
+	reencrypt) shift;		cmd_reencrypt "$@" ;;
  	help|--help) shift;		cmd_usage "$@" ;;
  	version|--version) shift;	cmd_version "$@" ;;
  	show|ls|list) shift;		cmd_show "$@" ;;

-- 
Kjetil T. Homme
Redpill Linpro - Changing the Game
-------------- next part --------------
A non-text attachment was scrubbed...
Name: reencrypt.patch
Type: text/x-patch
Size: 1860 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20200107/406e9a38/attachment.bin>

More information about the Password-Store mailing list