Well, don't forget to send it through pass first to decrypt, like date -d @$(pass git blame -L 1,1 --porcelain dropbox.com.gpg | sed -n 's/^committer-time //p')
as otherwise that will just compare the first lines of encrypted files which shouldn't change with the file because it holds gpg status information. cheers On 08/31/2016 10:52 PM, Lenz Weber wrote: > pass integrates with git blame for plaintext comparison. if you can > still decrypt older entries, this should give you exact change dates. > > try something like > > date -d @$(git blame -L 1,1 --porcelain dropbox.com.gpg | sed -n > 's/^committer-time //p') > > (taken from this mail on the mailing list: > https://lists.zx2c4.com/pipermail/password-store/2016-May/002280.html ) > > > Am 31.08.2016 um 21:09 schrieb Daniel Dörrhöfer: >> On 31.08.2016 19:02, Kjetil Torgrim Homme wrote: >>> Den 31. aug. 2016 17:48, Brian Candler skreiv: >>>> On 31/08/2016 16:43, Emile Cantin wrote: >>>>> In light of the recent Dropbox leak, I wanted to know how old my >>>>> password was, and perhaps if I had any other old passwords that would >>>>> be due for a rotation. I don't think I can rely on the last >>>>> modification date on the files, as a fresh clone of my repo would have >>>>> today's date, even if the file was last modified in my repo in 2012. I >>>>> looked into how to do this with Git, but it's pretty >>>>> ungainly: >>>>> http://serverfault.com/questions/401437/how-to-retrieve-the-last-modification-date-of-all-files-in-a-git-repository >>>>> >>>>> Keepass has an "expiration date" field which you can set when >>>>> generating a password, and it appears in a different color in the list >>>>> when expired. >>>>> >>>>> I think password age is a relevant metric for a password manager, but >>>>> pass doesn't currently offer any visibility into this. >>>>> >>>>> What do you think? >>>> This is (another) reason why it would be good if pass were to sign its >>>> GPG files. The signature includes a timestamp. >>> re-encrypting the files to a new set of keys will make a new signature. >>> you need to make the date part of the password file itself, or have pass >>> maintain some metadata in a separate file, e.g., "work/supplier.gpg" >>> could have a companion file "work/.meta.supplier.gpg", containing: >>> >>> created: 2015-03-02T14:25:02+0200 >>> updated: 2016-08-31T18:55:32+0200 >>> expire: never >>> >>> the above syntax is valid YAML which can be useful if more complex >>> structures are wanted later. >>> >>> it might be useful to allow encryption of the metadata to be optional. >>> >> I like the git way of checking it. This is how to get a complete history >> of dropbox.com. >> >> pass git log --pretty="%s %Cgreen %cr %Creset" | grep dropbox.com >> >> Of course signature is an additional security. >> >> >> >> _______________________________________________ >> Password-Store mailing list >> [email protected] >> http://lists.zx2c4.com/mailman/listinfo/password-store > > > > > _______________________________________________ > Password-Store mailing list > [email protected] > http://lists.zx2c4.com/mailman/listinfo/password-store > -- www.lackerbauer.com B0CB 1DB6 C2E5 8167 4CB4 2136 564A DEDA 01BD 6EFA _______________________________________________ Password-Store mailing list [email protected] http://lists.zx2c4.com/mailman/listinfo/password-store
