From gcoakes at solidoak.dev Sun Aug 7 19:40:15 2022 From: gcoakes at solidoak.dev (Gregory Oakes) Date: Sun, 7 Aug 2022 14:40:15 -0500 Subject: Disable AEAD for Password Store Only Message-ID: <8d2ab0a4-dfcb-c43e-c779-cd62baba9fa3@solidoak.dev> Hello, I need to disable AEAD for Password Store only. There's a poorly behaving android implementation of OpenPGP which doesn't properly understand AEAD from the passwords generated using GPG 2.3. I understand this isn't really a bug with Password Store, but I couldn't find anything which would solve this without disabling AEAD globally for my public key. Does anyone have a solution to this? The warnings on man gpg regarding --rfc2440 scared me off from adding that to PASSWORD_STORE_GPG_OPTS (I don't quite understand the implications of that well enough). Sorry if this was already discussed somewhere. I didn't see a simple way to search the archives, and I just subscribed to this mailing list. Respectfully, Gregory Oakes From aner at zakobar.com Wed Aug 24 05:41:09 2022 From: aner at zakobar.com (Aner Zakobar) Date: Wed, 24 Aug 2022 08:41:09 +0300 Subject: [PATCH] Emacs - Interactive function for generating w/o symbols Message-ID: <874jy2ci6i.fsf@lauretta.mail-host-address-is-not-set> Hi! First timer here. For your consideration, patch to add support for no-symbols password generation to Emacs. This currently is supported, but is not reflected in an interactive call, so I tended to do this through terminal. -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Interactive-function-to-generate-w-o-symbols.patch Type: text/x-patch Size: 1420 bytes Desc: Patch for generation w/o symbols in Emacs, aner at zakobar.com URL: -------------- next part -------------- If I sent this wrong, please tell me! -Aner From trice at posteo.net Thu Aug 25 06:34:48 2022 From: trice at posteo.net (Tim Rice) Date: Thu, 25 Aug 2022 06:34:48 +0000 Subject: Keep commit message header short Message-ID: Hey there, Thanks for your work on pass. I both enjoy it personally, and it is also a central part of our organization's workflow. We noticed that as .gpg-id grows, the automated recrypt commit message gets longer without bound. An example line from git log (identities masked to protect my coworkers): * 1ea2589 (2022-05-06) Timothy Rice Reencrypt password store using new GPG id XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX, XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX, XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX, XXXXXXXXXXXXXXXX, XXXXXXXXXXXXXXXX, XXXXXXXXXXXXXXXX, XXXXXXXXXXXXXXXX, XXXXXXXXXXXXXXXX, XXXX at XXXXXXXXXXX.XXX, XXXXXXXX at XXXXX.XXX, XXXX.XXX at XXXX.XXX.XX, XXXXXX.XXX at XXXXX.XXX, X.XXXXXXX at XX.XXX.XX, XXXXXXXXX at XXXXX.XXX, XXXXXXX.XXXXX at XXXXXX.XXX, XXX.XXXXX at XXXXX.XXX, XXXXX.XXXXXX at XXXX.XXX.XX. In case you have automatic word wrapping your email, note that this is all on the very first line of the commit message. It is all one line when unwrapped, as in git log and the like. Since we have such a number of people using this password store, it is routine to need to recrypt it as staff turn over. People come and people go, but the commit message never gets shorter. We now have many commits with such long lines. I believe people can already use Git to assess which version of gpg-id was active when the commit was made. Commands like `git diff`, `git blame` and `git show` will allow people to view how gpg-id changes over time without it needing to appear in every recrypt commit message. I couldn't find any past mention of this in the mailing list archive. Sorry if it was already discussed before and I overlooked it. Please find attached a patch which changes the commit message to keep it short and sweet. An alternative solution would be to move the extra long parts of the commit message onto a lower line, so that only people using --pretty=full or so would see it. Please let me know what you think :) Kind regards, Tim -------------- next part -------------- diff --git i/src/password-store.sh w/src/password-store.sh index 22e818f..b19ae38 100755 --- i/src/password-store.sh +++ w/src/password-store.sh @@ -362,7 +362,7 @@ cmd_init() { fi reencrypt_path "$PREFIX/$id_path" - git_add_file "$PREFIX/$id_path" "Reencrypt password store using new GPG id ${id_print%, }${id_path:+ ($id_path)}." + git_add_file "$PREFIX/$id_path" "Reencrypt password store using latest .gpg-id" } cmd_show() { From tino.calancha at gmail.com Sat Aug 27 19:17:59 2022 From: tino.calancha at gmail.com (Tino Calancha) Date: Sat, 27 Aug 2022 21:17:59 +0200 (CEST) Subject: [PATCH] Emacs - Interactive function for generating w/o symbols In-Reply-To: <874jy2ci6i.fsf@lauretta.mail-host-address-is-not-set> References: <874jy2ci6i.fsf@lauretta.mail-host-address-is-not-set> Message-ID: On Wed, 24 Aug 2022, Aner Zakobar wrote: > Hi! First timer here. Welcome! > For your consideration, patch to add support for no-symbols password > generation to Emacs. This currently is supported, but is not reflected > in an interactive call, so I tended to do this through terminal. Thanks. Your patch looks good. I am just wondering if adding a new option is better than adding the new command. What do you think about the following patch? >From d2165e27a946bed12a531897c5cf72c2f97b94b3 Mon Sep 17 00:00:00 2001 From: Tino Calancha Date: Sat, 27 Aug 2022 20:59:44 +0200 Subject: [PATCH] emacs: Add option password-store-exclude-symbols When non-nil, exclude symbols when creating a new password. Default value is nil, i.e., symbols included. --- contrib/emacs/password-store.el | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/contrib/emacs/password-store.el b/contrib/emacs/password-store.el index 1d23090..5bafcef 100644 --- a/contrib/emacs/password-store.el +++ b/contrib/emacs/password-store.el @@ -46,6 +46,11 @@ :group 'password-store :type 'number) +(defcustom password-store-exclude-symbols nil + "Exclude symbols when creating a new password." + :group 'password-store + :type 'boolean) + (defcustom password-store-time-before-clipboard-restore (if (getenv "PASSWORD_STORE_CLIP_TIME") (string-to-number (getenv "PASSWORD_STORE_CLIP_TIME")) @@ -344,10 +349,12 @@ Default PASSWORD-LENGTH is `password-store-password-length'." (interactive (list (password-store--completing-read) (when current-prefix-arg (abs (prefix-numeric-value current-prefix-arg))))) - (unless password-length (setq password-length password-store-password-length)) ;; A message with the output of the command is not printed because ;; the output contains the password. - (password-store--run-generate entry password-length t) + (password-store--run-generate + entry + (or password-length password-store-password-length) + 'force password-store-exclude-symbols) nil) ;;;###autoload -- 2.30.2 From aner at zakobar.com Sat Aug 27 20:14:45 2022 From: aner at zakobar.com (Aner Zakobar) Date: Sat, 27 Aug 2022 23:14:45 +0300 Subject: [PATCH] Emacs - Interactive function for generating w/o symbols In-Reply-To: References: <874jy2ci6i.fsf@lauretta.mail-host-address-is-not-set> Message-ID: <87zgfpjvey.fsf@lauretta.mail-host-address-is-not-set> Thank you so much for replying! In general, I'm torn. I, like, you, would rather not add yet another function. The reason I am not sure adding a variable would be good is because this isn't some configuration that one would like to set ahead of time, rather, a choice to make when generating each password individually. In my use case, for instance, I would much rather generate with symbols. The problem is, certain websites do not allow entering special characters as their passwords (I know, right??) So what I'll do is generate non-symbol passwords only for relevant websites. By default, I will generate with symbols, and otherwise, I will generate without. Adding a variable would make sense if this is a one-time choice, but I think it's a choice to make with each password. I could be wrong though, this is just a reflection of my workflow. If most people usually just do either/or, this seems like a good patch. I would have just added a prefix argument, but there already is one (password length). That's the reason I went with a new function. Is there a better way to avoid adding a new function? Thank you for taking time to address this! -Aner Tino Calancha writes: > On Wed, 24 Aug 2022, Aner Zakobar wrote: > > >> Hi! First timer here. > > Welcome! > >> For your consideration, patch to add support for no-symbols password >> generation to Emacs. This currently is supported, but is not reflected >> in an interactive call, so I tended to do this through terminal. > > Thanks. Your patch looks good. > I am just wondering if adding a new option is better than adding the > new command. > What do you think about the following patch? > > From d2165e27a946bed12a531897c5cf72c2f97b94b3 Mon Sep 17 00:00:00 2001 > From: Tino Calancha > Date: Sat, 27 Aug 2022 20:59:44 +0200 > Subject: [PATCH] emacs: Add option password-store-exclude-symbols > > When non-nil, exclude symbols when creating a new password. > Default value is nil, i.e., symbols included. > --- > contrib/emacs/password-store.el | 11 +++++++++-- > 1 file changed, 9 insertions(+), 2 deletions(-) > > diff --git a/contrib/emacs/password-store.el b/contrib/emacs/password-store.el > index 1d23090..5bafcef 100644 > --- a/contrib/emacs/password-store.el > +++ b/contrib/emacs/password-store.el > @@ -46,6 +46,11 @@ > :group 'password-store > :type 'number) > > +(defcustom password-store-exclude-symbols nil > + "Exclude symbols when creating a new password." > + :group 'password-store > + :type 'boolean) > + > (defcustom password-store-time-before-clipboard-restore > (if (getenv "PASSWORD_STORE_CLIP_TIME") > (string-to-number (getenv "PASSWORD_STORE_CLIP_TIME")) > @@ -344,10 +349,12 @@ Default PASSWORD-LENGTH is `password-store-password-length'." > (interactive (list (password-store--completing-read) > (when current-prefix-arg > (abs (prefix-numeric-value current-prefix-arg))))) > - (unless password-length (setq password-length password-store-password-length)) > ;; A message with the output of the command is not printed because > ;; the output contains the password. > - (password-store--run-generate entry password-length t) > + (password-store--run-generate > + entry > + (or password-length password-store-password-length) > + 'force password-store-exclude-symbols) > nil) > > ;;;###autoload > -- > 2.30.2