Why --no-encrypt-to ?

mailing list mailinglisten at posteo.de
Mon Jan 27 23:08:43 CET 2020

Hi there,

I use pass 1.7.3 with qtpass. I like the concept of using gpg under the

But, one thing really bothers me. It is either qtpass or pass itself,
one of them issues the --no-encrypt-to option to GnuPG.

This makes it impossible for me to use a special gpg key for encryption
that exists only with its public key, the private key of this key does
not exist locally. Of course, to access all data I use a second key that
locally fully is there, pub and sec key.

In order to use that pubkey only key, I tried to use the variable
PASSWORD_STORE_GPG_OPTS="--encrypt-to 0xfoobar". And that does not work,
because pass issues --no-encrypt-to.

Adding this special key to $HOME/.password-store/.gpg.id does not work
either. qtpass issues an error in this case.

The easiest thing would be to stop issueing --no-encrypt-to. This takes
away the user´s full control to add arbitrary keys.


More information about the Password-Store mailing list