[PATCH] Support encrypting for PGP keys without subkeys

Axel Beckert abe at deuxchevaux.org
Tue Apr 18 13:32:40 UTC 2023


I wrote:
> But one team member has a older PGP key without a subkey.
> While it might be no more good practice to generate PGP keys without
> subkey, it's still a personal user decision or possibly historic
> circumstance.

That team member solved the situation in a much more easy way that I
had in mind: He simply added a subkey to that existing (so far
subkey-less) key.

This kinda took out the (not explicitly mentioned) urgency of that
matter for me.

(When I wrote that mail, I expected that he needs to generate a new
key and gather most of the signatures on his old key again.)

> So IMHO pass should also work with such keys.

Nevertheless I still think that pass should work with such keys.

On Fri, Apr 14, 2023 at 10:54:49AM +0300, Amir Yalon wrote:
> It adds `pub` records, but not all of them, since field 12 (key
> capabilities) is filtered to include only keys with `e` (the encrypt
> capability).

Yes, on purpose. It's the same for the subkeys, too.

With keys just meant for signing you can't encrypt passwords. :-D

> It is interesting to note that the filter on field 12 seems
> sufficient, which makes the filter on field 1 (type of record)
> redundant (though good for clarity of intent).

Indeed interesting. I wonder if just using that field would cause
rather more or rather less trouble for potential future key types.

I haven't really thought about this when I wrote the patch, but to
stay on the safe side, I on purpose only extended the filter minimally
so it worked with that key without subkeys.

		Kind regards, Axel
PGP: 2FF9CD59612616B5      /~\  Plain Text Ribbon Campaign, http://arc.pasp.de/
Mail: abe at deuxchevaux.org  \ /  Say No to HTML in E-Mail and Usenet
Mail+Jabber: abe at noone.org  X
https://axel.beckert.ch/   / \  I love long mails: https://email.is-not-s.ms/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20230418/42a391dd/attachment.sig>

More information about the Password-Store mailing list