Hi,
From the manpage, it looks like PASSWORD_STORE_SIGNING_KEY doesn't
apply to the files with passwords, just .gpg-id and non-system
extensions. Is that right? Would it be possible to expand it to cover
the password files too?
If I'm understanding the way things work now, I think an attacker with
write access to the password store and read access to the *public*
key(s) could replace any password file with any contents they want, and
it wouldn't be detectable. Replacing just a password isn't really a big
deal, because the worst it could do is lock the user out of their
account. Deleting the files would have that same effect, so there's no
real reason to protect against it. Where I think this becomes more of a
big deal is in combination with software that parses the files. E.g.,
https://github.com/browserpass/browserpass-extension#organizing-password-store
looks like it parses usernames from the files. So if I have a password
file that contains this text, encrypted:
my-random-password
login: dseomn
And the attacker replaces it with a file that contains the encrypted
version of this text:
attackers-password
login: dseonm
The next time I go to log in, I could pretty easily log into an account
controlled by the attacker. (Assuming I don't notice the swapped letters
in the username, and either don't look at the password itself or don't
notice that it's a different random password of the same length.) If I
had logged in to that site in order to upload sensitive data to my
account, the attacker would have gotten me to upload the data to their
account instead.
I just started looking into using pass yesterday, so it's entirely
possible I'm missing something that would prevent that attack. But if
not, would it be possible to get support for signing password files on
write, and verifying them on read?
