> hardware tokens generally don't allow you to extract the private key again.
Yep - sorry for any confusion there; I meant that you can use the Yubikey to create a decrypted copy of the password store, *not* that one can extract a decrypted copy of the private key from the Yubikey. Cheers, Steve On Fri, 22 Feb 2019, 12:16 GOYOT Martin, <[email protected]> wrote: > Hi! > > You might be interested in looking into something like hashicorp vault for > shared secrets. The use case you are mentioning is a common yet Hard to > deal with one that is solved by Vault for instance. I only know this tool > but others might exist. > > Le ven. 22 févr. 2019 à 00:05, Tobias Girstmair <[email protected]> a > écrit : > >> On Fri, Feb 22, 2019 at 11:55:22AM +1300, Steve Gilberd wrote: >> >Lars - nothing prevents the user from using the Yubikey to create a >> >decrypted copy, >> >> hardware tokens generally don't allow you to extract the private key >> again. >> >> >or re-encrypting to an additional key controlled by the >> >user. >> >> agree. (or just keeping the plaintext around) >> >> >While a hardware token is a good idea, confiscating it doesn't >> >provide a secure solution to denying an untrustworthy user access to the >> >password store. The only safe option is to change the passwords. >> >> indeed. the OP might be interested in >> https://github.com/ddevault/pass-rotate , a tool to help change >> passwords on multiple online services automatically. >> _______________________________________________ >> Password-Store mailing list >> [email protected] >> https://lists.zx2c4.com/mailman/listinfo/password-store >> > _______________________________________________ > Password-Store mailing list > [email protected] > https://lists.zx2c4.com/mailman/listinfo/password-store > -- Cheers, *Steve Gilberd* Erayd LTD *·* Consultant *Phone: +64 4 974-4229 **·** Mob: +64 27 565-3237* *PO Box 10019, The Terrace, Wellington 6143, NZ*
_______________________________________________ Password-Store mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/password-store
