If the specified gpg-id is different from the key used in any existing files, these files will be reencrypted to use the new id.
This means that you cannot migrate specifically files encrypted with 1 GPG ID1 to another GPG ID2, right? Does this well mean that all files encrypted with anything other than GPG ID2 will be re-encrypted to GPG ID2? In this case, migrate would do a slightly different task? On Wed, Apr 8, 2020 at 2:48 PM J Rt <[email protected]> wrote: > > Oooh, sorry I missed this, my bad, and thank you for pointing to this > :) . I think this is exactly what you said: a bit surprising this is > done by the init command. Do you think it would be reasonable to write > a 'thin wrapper' on the init command and call if for example migrate, > with a very easy / rigid syntax, so that n00bs like me do not get > confused and get confident about exactly what they do / how they > migrate? :) > > On Wed, Apr 8, 2020 at 2:40 PM Artur Juraszek <[email protected]> wrote: > > > > > > > My question is then: is there such a command allowing to perform the > > > 'migrate' step without hazzle? > > > > There is! > > Surprisingly it's what 'pass init' can do, copy-pasting an excerpt from the > > manpage: > > > > init [ --path=sub-folder, -p sub-folder ] gpg-id... > > Initialize new password storage and use gpg-id for encryption. > > Multiple gpg-ids may > > be specified, in order to encrypt each password with multiple ids. > > This command must > > be run first before a password store can be used. If the specified > > gpg-id is differ- > > ent from the key used in any existing files, these files will be > > reencrypted to use > > the new id. Note that use of gpg-agent(1) is recommended so that > > the batch decryp- > > tion does not require as much user intervention. If --path or -p > > is specified, along > > with an argument, a specific gpg-id or set of gpg-ids is assigned > > for that specific > > sub folder of the password store. If only one gpg-id is given, > > and it is an empty > > string, then the current .gpg-id file for the specified sub-folder > > (or root if un- > > specified) is removed. > > > > -- > > Artur Juraszek
