Hello all, I have been thinking of ways of configuring pass in my multiple devices. Currently, I use: - pass + gpg2 in a void-linux desktop - QtPass + Kleopatra in Windows on the same desktop - QtPass + GNOME Keyring in Fedora on a laptop - Password Store + OpenKeyChain in my Android phone Transferring a single GPG private key to all my devices is anything but secure, so I thought it could be a good idea to have a single GPG key in each one of my devices. This however is anything but scalable right now, as for each new device I have to add the public key of all previously added devices.
I have thought that this may be supported implementing these two use cases: - Calling the PGP backend to create a new key when init'ing a new repository - Calling the PGP backend to create a new key when cloning a repository to a new device - Fetching currently active public keys in a repository from a public index (such as https://keys.openpgp.org/) Of course these use cases should be implemented in all clients, but I'm willing to start with pass itself. Do you think it's a good idea? Thanks & BR P.S.: I have searched for this topic using a search engine and have not found anything similar, short of a thread about migrating GPG keys.
