pass integrates with git blame for plaintext comparison. if you can still decrypt older entries, this should give you exact change dates.
try something like date -d @$(git blame -L 1,1 --porcelain dropbox.com.gpg | sed -n 's/^committer-time //p') (taken from this mail on the mailing list: https://lists.zx2c4.com/pipermail/password-store/2016-May/002280.html ) Am 31.08.2016 um 21:09 schrieb Daniel Dörrhöfer: > On 31.08.2016 19:02, Kjetil Torgrim Homme wrote: >> Den 31. aug. 2016 17:48, Brian Candler skreiv: >>> On 31/08/2016 16:43, Emile Cantin wrote: >>>> In light of the recent Dropbox leak, I wanted to know how old my >>>> password was, and perhaps if I had any other old passwords that would >>>> be due for a rotation. I don't think I can rely on the last >>>> modification date on the files, as a fresh clone of my repo would have >>>> today's date, even if the file was last modified in my repo in 2012. I >>>> looked into how to do this with Git, but it's pretty >>>> ungainly: >>>> http://serverfault.com/questions/401437/how-to-retrieve-the-last-modification-date-of-all-files-in-a-git-repository >>>> >>>> Keepass has an "expiration date" field which you can set when >>>> generating a password, and it appears in a different color in the list >>>> when expired. >>>> >>>> I think password age is a relevant metric for a password manager, but >>>> pass doesn't currently offer any visibility into this. >>>> >>>> What do you think? >>> This is (another) reason why it would be good if pass were to sign its >>> GPG files. The signature includes a timestamp. >> re-encrypting the files to a new set of keys will make a new signature. >> you need to make the date part of the password file itself, or have pass >> maintain some metadata in a separate file, e.g., "work/supplier.gpg" >> could have a companion file "work/.meta.supplier.gpg", containing: >> >> created: 2015-03-02T14:25:02+0200 >> updated: 2016-08-31T18:55:32+0200 >> expire: never >> >> the above syntax is valid YAML which can be useful if more complex >> structures are wanted later. >> >> it might be useful to allow encryption of the metadata to be optional. >> > I like the git way of checking it. This is how to get a complete history > of dropbox.com. > > pass git log --pretty="%s %Cgreen %cr %Creset" | grep dropbox.com > > Of course signature is an additional security. > > > > _______________________________________________ > Password-Store mailing list > [email protected] > http://lists.zx2c4.com/mailman/listinfo/password-store
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Password-Store mailing list [email protected] http://lists.zx2c4.com/mailman/listinfo/password-store
