Frank Grüllich: > On Fri, Jun 02, 2017 at 07:42:26AM +0000, Matthieu Fronton wrote: >> Le ven. 2 juin 2017 à 07:42, Frank Grüllich <[email protected]> a >> écrit : >>>> [store raw file] >>> What's the big advantage over >>> >>> % pass insert --multiline "some/path/to/secret" < secret.data >>> >>> ? >> I have to admit I didn't think about in the first place... :) >> But I also believe this is more a workaround than a native feature. > > That workaround enables some nice tricks, eg.: > > % openssl genrsa 2048 | pass insert --multiline > "some/path/to/www.example.com.key" > % pass "some/path/to/www.example.com.key" | openssl req -new -key /dev/stdin > -out "www.example.com.csr" -subj "/CN=www.example.com" > > which stores/uses they secret key almost directly in/from a safe place > (and does not create a useful CSR, of course). Your implementation > enables (if not encourages) the user to put the key on some potential > unsafe storage. > >> And I wonder if it is binary-safe. >> Did you try to store DER certificates for example ? > > For testing, I once stored a JPEG image with no issues when sharing the > store from one Linux box to another one. I'm not sure how cross > platfrom safe it is. I guess it's all a matter how GnuPG deals with > those things. >
Details about this workaround can be found here https://en.wikipedia.org/wiki/Unix_philosophy This workaround can also be used to convert a DER certificate to base64. base64 cert.der | pass insert --multiline "some/path/to/cert.pem" pass some/path/to/cert.pem | base64 -d > ./cert.der I think PEM is just the base64 encoding of der DER file, isn't it? > _______________________________________________ > Password-Store mailing list > [email protected] > https://lists.zx2c4.com/mailman/listinfo/password-store > _______________________________________________ Password-Store mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/password-store
