Re: GPG sub-keys
Thanks, Grégoire. That solved it! Akiva Levy https://sixthirteen.co F05B 121F 6E07 3216 BE35 E425 5524 34F0 F754 BE67 On Tue, 4 Jan 2022 at 02:20, Grégoire Détrez ⠬⠆ wrote: > > On Mon, Jan 03, 2022 at 11:26:55AM -0800, Akiva Levy wrote: > > I keep my master secret key offline and issue each of my devices a > > unique sub-key. I have tried using these device sub-key IDs when > > initialising a new password store (ie. `pass init 0x123... 0x456...`), > > but it seems sub-keys aren't working as I only get `decryption > > failed: No secret key` errors. To verify, I have tried using my e-mail > > address and temporarily using my offline master key ID with GPG and > > that does work. Is there a way to solve this problem for my use-case? > > If I remember correctly you need to add ! to force gnupg to use specific > subkeys. E.g. `pass init 1234! abcd!`. > Cheers, > > /ǵ
Re: Problems in the macOS Terminal app with `pass show -c some/password`?
Thanks for the suggestions "yanchenko.igor" and Oliver! Perhaps most importantly, as a general update, I haven't observed the original behavior at all in the past few days. I didn't see anything informative in the log file from running `script` as suggested. The `TERM` variable seems fine too: ``` $ echo "$TERM" xterm-256color ``` I haven't set it anywhere and its value is, AFAIK, the initial system default. I'm only using the macOS Terminal app as-is; neither tmux nor anything similar. Thanks again for your help! If I learn anything more that might be pertinent (and potentially helpful for others), I'll reply to this thread. On Thu, Dec 30, 2021 at 12:45 AM yanchenko.i...@gmail.com wrote: > > I suggest to record your terminal using script: > > script logfile.txt > pass show -c some/password > exit > > And then check the logfile.txt, which might give you some ideas. > > > On Thu, Dec 30, 2021 at 1:57 AM Kenny Evitt wrote: > > > > I installed `pass` via Homebrew – version `v1.7.4`. > > > > I'm setting-up a new Mac (macOS 12.0.1) and I've noticed a weird > > problem with the (macOS included) Terminal app whenever I use the > > `pass show -c ...` command. > > > > It _seems_ like maybe the 'clip' program that's being used doesn't > > work well with the (new?) version of the Terminal app – or something > > along those lines. > > > > After I run `show -c` commands (which works), the "Copied ... to > > clipboard" messages 'clobbers' the shell prompt and then further input > > doesn't _visibly_ work – I can type and maybe (?) run commands, but > > the command seems to be 'erased' after I run it (i.e. hit Enter) and > > no output is visible in the shell. I'd _guess_ somehow the same 'line' > > of the shell output/history is being repeatedly overwritten. > > > > Any ideas?
Re: GPG sub-keys
On 4.01.2022 13:04, Jan Christian Grünhage wrote: Because if they're all to be treated the same, you can just use the primary key ID and pass should still just use the encryption sub-keys available for that PGP key. Nope, GnuPG will use just one single valid, most recent encryption subkey and completely disregard all others. For the record this part is actually not specified in the OpenPGP spec and other implementations (such as Sequoia PGP or OpenKeychain) do it differently, and - in my opinion - better: they encrypt to all valid encryption subkeys. GnuPG actually makes it worse because using subkey fingerprint will not use that fingerprint but rather use the following logic: - if the fingerprint is for subkey look go to primary key, - if you want encryption subkey from primary find the most recent encryption subkey. The workaround is, as Grégoire mentioned, to append "!" to the fingerprint. That will force it to use that exact specific key. Kind regards, Wiktor
Re: GPG sub-keys
> Is there a way to solve this problem for my use-case? Can you clarify what your use-case is exactly? Do you intend to have different privileges on different sub-keys, or are they all treated the same? Because if they're all to be treated the same, you can just use the primary key ID and pass should still just use the encryption sub-keys available for that PGP key. -- JC
Re: GPG sub-keys
On Mon, Jan 03, 2022 at 11:26:55AM -0800, Akiva Levy wrote: > I keep my master secret key offline and issue each of my devices a > unique sub-key. I have tried using these device sub-key IDs when > initialising a new password store (ie. `pass init 0x123... 0x456...`), > but it seems sub-keys aren't working as I only get `decryption > failed: No secret key` errors. To verify, I have tried using my e-mail > address and temporarily using my offline master key ID with GPG and > that does work. Is there a way to solve this problem for my use-case? If I remember correctly you need to add ! to force gnupg to use specific subkeys. E.g. `pass init 1234! abcd!`. Cheers, /ǵ