Den 31. aug. 2016 17:48, Brian Candler skreiv: > On 31/08/2016 16:43, Emile Cantin wrote: >> >> In light of the recent Dropbox leak, I wanted to know how old my >> password was, and perhaps if I had any other old passwords that would >> be due for a rotation. I don't think I can rely on the last >> modification date on the files, as a fresh clone of my repo would have >> today's date, even if the file was last modified in my repo in 2012. I >> looked into how to do this with Git, but it's pretty >> ungainly: >> http://serverfault.com/questions/401437/how-to-retrieve-the-last-modification-date-of-all-files-in-a-git-repository >> >> Keepass has an "expiration date" field which you can set when >> generating a password, and it appears in a different color in the list >> when expired. >> >> I think password age is a relevant metric for a password manager, but >> pass doesn't currently offer any visibility into this. >> >> What do you think? > This is (another) reason why it would be good if pass were to sign its > GPG files. The signature includes a timestamp.
re-encrypting the files to a new set of keys will make a new signature. you need to make the date part of the password file itself, or have pass maintain some metadata in a separate file, e.g., "work/supplier.gpg" could have a companion file "work/.meta.supplier.gpg", containing: created: 2015-03-02T14:25:02+0200 updated: 2016-08-31T18:55:32+0200 expire: never the above syntax is valid YAML which can be useful if more complex structures are wanted later. it might be useful to allow encryption of the metadata to be optional. -- Kjetil T. Homme Redpill Linpro - Changing the game
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Password-Store mailing list [email protected] http://lists.zx2c4.com/mailman/listinfo/password-store
