Thanks Brian, Niklas for the pointers - v helpful. BR, Seán.
On Sat, Jan 20, 2018 at 8:06 PM, Brian Minton <[email protected]> wrote: > > > On January 20, 2018 11:05:35 AM EST, Sean Murphy <[email protected]> wrote: > >> Is it possible to auto encrypt all password with >>multiple gpg subkeys hanging off one primary key? > > Yes. I do this. The trick is to initiate your password store with each > subkey. For instance, in my public key Ox0424DC19B678A1A9, I have the > following subkeys (as shown by gpg -K): > > ssb nistp384/EA49CFDB55D113E9 2014-10-12 [E] [expires: 2018-10-11] > ssb ed25519/37B9507ACFF2016E 2014-10-12 [S] [expires: 2018-10-11] > ssb elg3200/28FA8B9659A70692 2016-03-07 [E] [expires: 2018-10-11] > ssb elg2048/25353D56E26A744C 2014-10-09 [E] [expires: 2018-10-11] > ssb elg2048/32483BAF5EA82613 2014-10-10 [E] [expires: 2018-10-11] > ssb dsa2048/6B8EB3A065CFBAA9 2014-10-10 [S] [expires: 2018-10-11] > ssb dsa2048/0BDB2162F1CE5831 2014-10-09 [S] [expires: 2018-10-11] > > For password-store, we don't care about signing subkeys (marked with [S]), > only encryption ones (marked with [E]). That is, > > $ gpg -K 0424DC19B678A1A9 | fgrep -e '[E]' > ssb nistp384/EA49CFDB55D113E9 2014-10-12 [E] [expires: 2018-10-11] > ssb elg3200/28FA8B9659A70692 2016-03-07 [E] [expires: 2018-10-11] > ssb elg2048/25353D56E26A744C 2014-10-09 [E] [expires: 2018-10-11] > ssb elg2048/32483BAF5EA82613 2014-10-10 [E] [expires: 2018-10-11] > > So, init the password store with: > > pass init EA49CFDB55D113E9! 28FA8B9659A70692! 25353D56E26A744C! > 32483BAF5EA82613! > > The ! makes gpg use that exact key, instead of the default encryption key. > > Is it possible >>to eg perform a batch job to ensure that all paawords on my >>git server have the dual encryption (as I guess that some clients >>such as mobile apps would not have support for working with >>multiple keys). > > pass init will re-encrypt everything to all the listed keys (Of course, make > a backup first, just in case). > > >> >>Any thoughts/pointers greatly appreciated. >> >>BR, >>Seán. >>_______________________________________________ >>Password-Store mailing list >>[email protected] >>https://lists.zx2c4.com/mailman/listinfo/password-store > > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity. > _______________________________________________ > Password-Store mailing list > [email protected] > https://lists.zx2c4.com/mailman/listinfo/password-store _______________________________________________ Password-Store mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/password-store
