On 30 Aug 2019, at 15:18, Henrik Christian Grove wrote:
[...] one might consider the passwords application
data and implement a password manager using libsodium (as recommended
by
that article, but I think I've heard that recommended before) for
them.
The result would probably end up quite far from the Unix philosophy,
Indeed, `pass` would have to invent its own key management
infrastructure, its own authentication agent protocol, and it would lose
compatibility with OpenPGP cards [1] and the existing authentication
agents which exist (e.g. on macOS I get a graphical dialog when `pass`
needs to access my PGP private key).
[1] https://en.wikipedia.org/wiki/OpenPGP_card
But once an alternative for single file encryption becomes available,
I'm sure people will start thinking of porting pass to use that.
Yes, once `age` is at feature parity with PGP for single-file
encryption, it should be trivial to make `pass` use `age` instead of PGP
and re-encrypt passwords.
In that sense, I am happy that `pass` is not using some proprietary
storage format (based on libsodium) for my passwords.
As for `age` though, I cannot find anything beyond the Google document
and this blog post [1], no source code seems available, so don’t know
how far along the project is.
https://blog.filippo.io/using-ed25519-keys-for-encryption/
_______________________________________________
Password-Store mailing list
[email protected]
https://lists.zx2c4.com/mailman/listinfo/password-store
