Hi all, They have been a lot of discussions in this ML about the fact that files and directories names are not encrypted in the password store. Just check [1] for last year discussion and [2] for this year discussion. There aren't any good solution yet. Most of the solution proposed are either not secure or would completely transform pass.
pass-tomb [3] is my solution to these issue. It provides a Unix Philosophy compatible solution to the tree problem in pass. This is a pass extension providing a convenient solution to put you password repository in a tomb [4] and then keep your password tree encrypted when you are not using it. Moreover, it uses the same GPG key to encrypt passwords and tomb (This is only possible now with the coming support of GPG key in tomb [5]) The extension can be used like this: - Create a password tomb with 'pass tomb gpgids...' pass-tomb creates a new tomb and open it in ~/.password-store. Then it initializes the password repository with the same GPG key. - Use tomb as usual - When finished close the password tomb: 'pass close' - To use pass again, you need to open the password tomb: 'pass open' Moreover, tomb support steganography (the tomb key can be buried in a image). Then you can do the same with your password-tomb key. As usual with any GPG based app, if you use a smart card, it will works perfectly fine with pass tomb. More info can be found at https://github.com/roddhjav/pass-tomb Feedback and contributors are all very welcome. Regards, Alex [1] https://lists.zx2c4.com/pipermail/password-store/2016-January/001880.html [2] https://lists.zx2c4.com/pipermail/password-store/2017-February/002700.html [3] https://github.com/roddhjav/pass-tomb [4] https://github.com/dyne/Tomb [5] https://github.com/dyne/Tomb/pull/244 _______________________________________________ Password-Store mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/password-store
