nope, not necessary - take a look at your .gitattributes: git diff will use gpg for decrpytion before diffing.
pass sets it up that way for you ;) On 01.09.2016 11:39, Simon Lackerbauer wrote: > Well, don't forget to send it through pass first to decrypt, like > > date -d @$(pass git blame -L 1,1 --porcelain dropbox.com.gpg | sed -n > 's/^committer-time //p') > > as otherwise that will just compare the first lines of encrypted files > which shouldn't change with the file because it holds gpg status > information. > > cheers > > On 08/31/2016 10:52 PM, Lenz Weber wrote: >> pass integrates with git blame for plaintext comparison. if you can >> still decrypt older entries, this should give you exact change dates. >> >> try something like >> >> date -d @$(git blame -L 1,1 --porcelain dropbox.com.gpg | sed -n >> 's/^committer-time //p') >> >> (taken from this mail on the mailing list: >> https://lists.zx2c4.com/pipermail/password-store/2016-May/002280.html ) >> >> >> Am 31.08.2016 um 21:09 schrieb Daniel Dörrhöfer: >>> On 31.08.2016 19:02, Kjetil Torgrim Homme wrote: >>>> Den 31. aug. 2016 17:48, Brian Candler skreiv: >>>>> On 31/08/2016 16:43, Emile Cantin wrote: >>>>>> In light of the recent Dropbox leak, I wanted to know how old my >>>>>> password was, and perhaps if I had any other old passwords that would >>>>>> be due for a rotation. I don't think I can rely on the last >>>>>> modification date on the files, as a fresh clone of my repo would have >>>>>> today's date, even if the file was last modified in my repo in 2012. I >>>>>> looked into how to do this with Git, but it's pretty >>>>>> ungainly: >>>>>> http://serverfault.com/questions/401437/how-to-retrieve-the-last-modification-date-of-all-files-in-a-git-repository >>>>>> >>>>>> Keepass has an "expiration date" field which you can set when >>>>>> generating a password, and it appears in a different color in the list >>>>>> when expired. >>>>>> >>>>>> I think password age is a relevant metric for a password manager, but >>>>>> pass doesn't currently offer any visibility into this. >>>>>> >>>>>> What do you think? >>>>> This is (another) reason why it would be good if pass were to sign its >>>>> GPG files. The signature includes a timestamp. >>>> re-encrypting the files to a new set of keys will make a new signature. >>>> you need to make the date part of the password file itself, or have pass >>>> maintain some metadata in a separate file, e.g., "work/supplier.gpg" >>>> could have a companion file "work/.meta.supplier.gpg", containing: >>>> >>>> created: 2015-03-02T14:25:02+0200 >>>> updated: 2016-08-31T18:55:32+0200 >>>> expire: never >>>> >>>> the above syntax is valid YAML which can be useful if more complex >>>> structures are wanted later. >>>> >>>> it might be useful to allow encryption of the metadata to be optional. >>>> >>> I like the git way of checking it. This is how to get a complete history >>> of dropbox.com. >>> >>> pass git log --pretty="%s %Cgreen %cr %Creset" | grep dropbox.com >>> >>> Of course signature is an additional security. >>> >>> >>> >>> _______________________________________________ >>> Password-Store mailing list >>> [email protected] >>> http://lists.zx2c4.com/mailman/listinfo/password-store >> >> >> >> _______________________________________________ >> Password-Store mailing list >> [email protected] >> http://lists.zx2c4.com/mailman/listinfo/password-store >> > _______________________________________________ Password-Store mailing list [email protected] http://lists.zx2c4.com/mailman/listinfo/password-store
