On 3/2/23 9:53 PM, efeizbudak wrote:
Doesn't this sort of defeat the purpose of using pass? I mean if it's always decryptable then is it really useful to have it encrypted in the first place (assuming you have full disk encryption set up)? I may be missing something crucial here so please let me know.
There is value in not having a password in clear text on a file system. It really depends on what your trying to protect from / against.
Grant: This seems like the lesser of all evils to me. As I understand, you're suggesting that I lend the email password to the daemon at start and only have that password stored in memory instead of my actual gpg password, is that correct?
I think we're talking about the same thing.
Again, I may be missing something here, but does having your GPG credentials unprotected offer any real protection?
See my response to your comment / question to Matt.
I guess this is where I'll eventually be heading towards.
I'm personally looking forward to being able to use TPMv2 to protect keys for services running on the system. It requires said services to support the TPM.
By the way, thanks to both of you for your thoughts!
:-) -- Grant. . . . unix || die
