[PATCH] add "pass reencrypt" sub command

Rune Juhl Jacobsen rune at juhljacobsen.dk
Wed Jan 8 12:43:33 CET 2020 

Nice, I've been looking for that. I've actually implemented it 
too, but as an extension instead of patching password-store: 
https://github.com/runejuhl/pass-reencrypt ...your implementation 
looks a lot cleaner though :)

/Rune
 
Kjetil Torgrim Homme <kjetil.homme at redpill-linpro.com> writes:

> I was surprised to find there was no command to reencrypt a pass 
> installation without specifying the key ids manually to pass 
> init.  The  code is basically there already, so this patch adds 
> a "reencrypt"  command (basically a copy of "init" with less 
> code) which will use the  correct .gpg-id files for each sub 
> directory. 
>  
> diff --git bin/pass bin/pass index b17ec580e..c10680f97 100755 
> --- bin/pass +++ bin/pass @@ -264,6 +279,8 @@ cmd_usage() { 
>   	    $PROGRAM init [--path=subfolder,-p subfolder] gpg-id... 
>   Initialize new password storage and use gpg-id for encryption. 
>   Selectively reencrypt existing passwords using new gpg-id. 
> +	    $PROGRAM reencrypt [--path=subfolder,-p subfolder] + 
> Selectively reencrypt existing passwords based on updated 
> .gpg-id files. 
>   	    $PROGRAM [ls] [subfolder] List passwords.  $PROGRAM find 
>   pass-names... 
> @@ -349,6 +366,27 @@ cmd_init() { 
>   	git_add_file "$PREFIX/$id_path" "Reencrypt password store 
>   using new  
> GPG id ${id_print%, }${id_path:+ ($id_path)}." 
>   } 
> 
> +cmd_reencrypt() { +	local opts id_path="" +	opts="$($GETOPT -o 
> p: -l path: -n "$PROGRAM" -- "$@")" +	local err=$?  +	eval set 
> -- "$opts" +	while true; do case $1 in +		-p|--path) 
> id_path="$2"; shift 2 ;; +		--) shift; break ;; +	esac done + 
> +	[[ $err -ne 0 || $# -gt 0 ]] && die "Usage: $PROGRAM $COMMAND 
> [--path=subfolder,-p subfolder]" +	[[ -n $id_path ]] && 
> check_sneaky_paths "$id_path" +	[[ -n $id_path && ! -d 
> $PREFIX/$id_path && -e $PREFIX/$id_path ]] &&  die "Error: 
> $PREFIX/$id_path exists but is not a directory."  + +        # 
> set_git does a dirname operation, so trailing slash is needed + 
> set_git "$PREFIX/$id_path/" + +	reencrypt_path 
> "$PREFIX/$id_path" +	git_add_file "$PREFIX/$id_path" "Reencrypt 
> password store using  updated .gpg-id files."  +} + 
>   cmd_show() { local opts selected_line clip=0 qrcode=0 
>   opts="$($GETOPT -o q::c:: -l qrcode::,clip:: -n "$PROGRAM" -- 
>   "$@")" 
> @@ -688,6 +726,7 @@ COMMAND="$1" 
> 
>   case "$1" in init) shift;			cmd_init "$@" ;; 
> +	reencrypt) shift;		cmd_reencrypt "$@" ;; 
>   	help|--help) shift;		cmd_usage "$@" ;; version|--version) 
>   shift;	cmd_version "$@" ;; show|ls|list) shift;		cmd_show 
>   "$@" ;; 
> 
> --  Kjetil T. Homme Redpill Linpro - Changing the Game diff 
> --git bin/pass bin/pass index b17ec580e..c10680f97 100755 --- 
> bin/pass +++ bin/pass @@ -264,6 +279,8 @@ cmd_usage() { 
>  	    $PROGRAM init [--path=subfolder,-p subfolder] gpg-id... 
>  Initialize new password storage and use gpg-id for encryption. 
>  Selectively reencrypt existing passwords using new gpg-id. 
> +	    $PROGRAM reencrypt [--path=subfolder,-p subfolder] + 
> Selectively reencrypt existing passwords based on updated 
> .gpg-id files. 
>  	    $PROGRAM [ls] [subfolder] List passwords.  $PROGRAM find 
>  pass-names... 
> @@ -349,6 +366,27 @@ cmd_init() { 
>  	git_add_file "$PREFIX/$id_path" "Reencrypt password store 
>  using new GPG id ${id_print%, }${id_path:+ ($id_path)}."  }  
> +cmd_reencrypt() { +	local opts id_path="" +	opts="$($GETOPT -o 
> p: -l path: -n "$PROGRAM" -- "$@")" +	local err=$?  +	eval set 
> -- "$opts" +	while true; do case $1 in +		-p|--path) 
> id_path="$2"; shift 2 ;; +		--) shift; break ;; +	esac done + 
> +	[[ $err -ne 0 || $# -gt 0 ]] && die "Usage: $PROGRAM $COMMAND 
> [--path=subfolder,-p subfolder]" +	[[ -n $id_path ]] && 
> check_sneaky_paths "$id_path" +	[[ -n $id_path && ! -d 
> $PREFIX/$id_path && -e $PREFIX/$id_path ]] && die "Error: 
> $PREFIX/$id_path exists but is not a directory."  + +        # 
> set_git does a dirname operation, so trailing slash is needed + 
> set_git "$PREFIX/$id_path/" + +	reencrypt_path 
> "$PREFIX/$id_path" +	git_add_file "$PREFIX/$id_path" "Reencrypt 
> password store using updated .gpg-id files."  +} + 
>  cmd_show() { local opts selected_line clip=0 qrcode=0 
>  opts="$($GETOPT -o q::c:: -l qrcode::,clip:: -n "$PROGRAM" -- 
>  "$@")" 
> @@ -688,6 +726,7 @@ COMMAND="$1" 
>   case "$1" in init) shift;			cmd_init "$@" ;; 
> +	reencrypt) shift;		cmd_reencrypt "$@" ;; 
>  	help|--help) shift;		cmd_usage "$@" ;; version|--version) 
>  shift;	cmd_version "$@" ;; show|ls|list) shift;		cmd_show 
>  "$@" ;; 
> _______________________________________________ Password-Store 
> mailing list Password-Store at lists.zx2c4.com 
> https://lists.zx2c4.com/mailman/listinfo/password-store 

-- 
Rune Juhl Jacobsen
rune at juhljacobsen.dk
+45 6016 8337

More information about the Password-Store mailing list