Hi Cedric. On 2018-12-03 14:38, Cedric Girard wrote: > on one laptop, with GPG 1.4.16, the gpg file is crypted only with the > first key in .gpg-id. Is there a limitation on this old version of > GPG ? I did not find any information about pass requirement.
Well, the README says pass depends on "GnuPG2", but the actual code assumes "gpg" and steps up to using "gpg2" if it is available[0]. [0] https://git.zx2c4.com/password-store/tree/src/password-store.sh#n10 What is the pass version, operating system and OS release of the machine in question? Has pass been installed using the system's package management? I'm thinking that if the distribution ships a ~5 year old gnupg (1.4.16 was released on 2013-12-18[1]) I guess chances are you won't get a pass version that supports teams (multiple recipients in .gpg-id) either. The team feature was committed on 2014-03-19[2] and released in v1.5 on 2014-04-12[3]. [1] https://www.gnupg.org/download/release_notes.html#gnupg-1.4.16 [2] https://git.zx2c4.com/password-store/commit/?id=b1314982194c99361c2b81b3359a21d5a289fdb5 [3] https://git.zx2c4.com/password-store/tag/?h=1.5 The team feature feeds all keys mentioned in .gpg-id to gnupg using multiple --recipient/-r arguments[4] when encrypting. A pre-1.5 pass would use only the first key, exactly as you describe, as they all do "head -n 1" on the file[5]. [4] https://git.zx2c4.com/password-store/tree/src/password-store.sh#n102 [5] https://git.zx2c4.com/password-store/tree/src/password-store.sh?h=1.4#n190 I doubt that any gnupg exists that doesn't support multiple recipients as the hybrid cipher approach[6] making this feasible (data=symmetric, session key=asymmetric pr. recipient) is an OpenPGP[7] requirement. AFAIK it has been supported for ages, maybe even for the entire gnupg lifespan (obsolete rfc2440 from 1998-11[8] talks about it, gnupg v0.0.0 was released 1997-12-20[9]). [6] https://www.gnupg.org/gph/en/manual.html#AEN210 [7] https://tools.ietf.org/html/rfc4880#section-2.1 [8] https://tools.ietf.org/html/rfc2440#section-2.1 [9] https://www.gnupg.org/download/release_notes.html#sec-2-70 Looking specifically into the source of gnupg 1.4.16 it seems to me that it would be able to parse multiple -r flags[10] as the team feature expects. A checkout, compilation and test of the 1.4.16 tag from git on an Ubuntu 16.04 system confirms this. You could do something like the below to assure yourself that it is indeed the case on the system in question (the example encrypts for your and mine pubkey, they need to be available of course); $ echo test | gpg -r B369349A -r 24895E49 -e |gpg --list-packets [10] https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=g10/gpg.c;h=dbf2f40c5b1c5f36f4e0c2e91b8dbfaea7577ea4;hb=7cdb86e0ad7a3f452c2f7358e3e830785281addc#l93 Hope this helps. Regards, -- Mikkel
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Password-Store mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/password-store
