[PATCH] Support encrypting for PGP keys without subkeys

Thu, 13 Apr 2023 11:39:54 -0700 

Hi,

I'm trying to setup pass as team password storage shared and synced
via git.

When adding the keys of other team members via "pass init", I ran into
the problem that "pass init" did add the additional key id to .gpg-id,
but did not reencrypt all the files for the new key.

It all boiled down to that the variable gpg_keys is only filled with
keys which have subkeys. But one team member has a older PGP key
without a subkey.

While it might be no more good practice to generate PGP keys without
subkey, it's still a personal user decision or possibly historic
circumstance. So IMHO pass should also work with such keys.

So I came up with the attached patch which does not only filter the
list of target keys for subkeys but also for public keys. The
remainder seems to still work as intended: Having two keys with
subkeys and one without, there are not five key ids (pub and sub) in
gpg_keys but still only the expected three.

                Kind regards, Axel
-- 
PGP: 2FF9CD59612616B5      /~\  Plain Text Ribbon Campaign, http://arc.pasp.de/
Mail: [email protected]  \ /  Say No to HTML in E-Mail and Usenet
Mail+Jabber: [email protected]  X
https://axel.beckert.ch/   / \  I love long mails: https://email.is-not-s.ms/

From 8fa92d07ffcd6d837db2e7e54d165d1d019a6d01 Mon Sep 17 00:00:00 2001
From: Axel Beckert <[email protected]>
Date: Thu, 13 Apr 2023 20:21:14 +0200
Subject: [PATCH] Support encrypting for PGP keys without subkeys

---
 src/password-store.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/password-store.sh b/src/password-store.sh
index 22e818f..6be9b4a 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -127,7 +127,7 @@ reencrypt_path() {
 				IFS=";" eval 'GPG_RECIPIENTS+=( $group )' # http://unix.stackexchange.com/a/92190
 				unset "GPG_RECIPIENTS[$index]"
 			done
-			gpg_keys="$($GPG $PASSWORD_STORE_GPG_OPTS --list-keys --with-colons "${GPG_RECIPIENTS[@]}" | sed -n 's/^sub:[^idr:]*:[^:]*:[^:]*:\([^:]*\):[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[a-zA-Z]*e[a-zA-Z]*:.*/\1/p' | LC_ALL=C sort -u)"
+			gpg_keys="$($GPG $PASSWORD_STORE_GPG_OPTS --list-keys --with-colons "${GPG_RECIPIENTS[@]}" | sed -n 's/^[ps]ub:[^idr:]*:[^:]*:[^:]*:\([^:]*\):[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[a-zA-Z]*e[a-zA-Z]*:.*/\1/p' | LC_ALL=C sort -u)"
 		fi
 		current_keys="$(LC_ALL=C $GPG $PASSWORD_STORE_GPG_OPTS -v --no-secmem-warning --no-permission-warning --decrypt --list-only --keyid-format long "$passfile" 2>&1 | sed -nE 's/^gpg: public key is ([A-F0-9]+)$/\1/p' | LC_ALL=C sort -u)"
 
-- 
2.30.2

Attachment: signature.asc
Description: PGP signature

Reply via email to