Why --no-encrypt-to ?
mailing list
mailinglisten at posteo.de
Mon Jan 27 23:08:43 CET 2020
Hi there,
I use pass 1.7.3 with qtpass. I like the concept of using gpg under the
hood.
But, one thing really bothers me. It is either qtpass or pass itself,
one of them issues the --no-encrypt-to option to GnuPG.
This makes it impossible for me to use a special gpg key for encryption
that exists only with its public key, the private key of this key does
not exist locally. Of course, to access all data I use a second key that
locally fully is there, pub and sec key.
In order to use that pubkey only key, I tried to use the variable
PASSWORD_STORE_GPG_OPTS="--encrypt-to 0xfoobar". And that does not work,
because pass issues --no-encrypt-to.
Adding this special key to $HOME/.password-store/.gpg.id does not work
either. qtpass issues an error in this case.
The easiest thing would be to stop issueing --no-encrypt-to. This takes
away the user´s full control to add arbitrary keys.
thanks
More information about the Password-Store
mailing list