Hi, I've been using pass for a couple of months now and I like it a lot.
I'm creating a more sophisticated password management setup and I'd appreciate some pointers/tips from more experienced users. I have just received a yubikey 4 and would like to move my gpg key there. However, I'm not sure of the best way to do this: my primary use case (for now) is as the means to control pass. My understanding is that good practice when working with yubikeys is not to put the primary key there, but rather use it to store subkeys which can be used for password decryption (and keep the primary key away from any devices). However, if I lose the yubikey and the subkeys residing on the yubikey, then I lose access to all my passwords. Perhaps one solution is to encrypt all passwords with multiple subkeys - one which is on the yubikey and one which is kept in a safe place. Does this make sense? Is it possible to auto encrypt all password with multiple gpg subkeys hanging off one primary key? Is it possible to eg perform a batch job to ensure that all paawords on my git server have the dual encryption (as I guess that some clients such as mobile apps would not have support for working with multiple keys). Any thoughts/pointers greatly appreciated. BR, Seán. _______________________________________________ Password-Store mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/password-store
