Re: GPG sub-keys

2022-01-04 Thread Akiva Levy 
Thanks, Grégoire. That solved it!


Akiva Levy
https://sixthirteen.co
F05B 121F 6E07 3216 BE35 E425 5524 34F0 F754 BE67

On Tue, 4 Jan 2022 at 02:20, Grégoire Détrez ⠬⠆  wrote:
>
> On Mon, Jan 03, 2022 at 11:26:55AM -0800, Akiva Levy wrote:
> > I keep my master secret key offline and issue each of my devices a
> > unique sub-key. I have tried using these device sub-key IDs when
> > initialising a new password store (ie. `pass init 0x123... 0x456...`),
> > but  it seems sub-keys aren't working as I only get `decryption
> > failed: No secret key` errors. To verify, I have tried using my e-mail
> > address and temporarily using my offline master key ID with GPG and
> > that does work. Is there a way to solve this problem for my use-case?
>
> If I remember correctly you need to add ! to force gnupg to use specific
> subkeys. E.g. `pass init 1234! abcd!`.
> Cheers,
>
> /ǵ

Re: Problems in the macOS Terminal app with `pass show -c some/password`?

2022-01-04 Thread Kenny Evitt 
Thanks for the suggestions "yanchenko.igor" and Oliver!

Perhaps most importantly, as a general update, I haven't observed the
original behavior at all in the past few days.

I didn't see anything informative in the log file from running
`script` as suggested.

The `TERM` variable seems fine too:

```
$ echo "$TERM"
xterm-256color
```

I haven't set it anywhere and its value is, AFAIK, the initial system
default. I'm only using the macOS Terminal app as-is; neither tmux nor
anything similar.

Thanks again for your help! If I learn anything more that might be
pertinent (and potentially helpful for others), I'll reply to this
thread.

On Thu, Dec 30, 2021 at 12:45 AM yanchenko.i...@gmail.com
 wrote:
>
> I suggest to record your terminal using script:
>
> script logfile.txt
> pass show -c some/password
> exit
>
> And then check the logfile.txt, which might give you some ideas.
>
>
> On Thu, Dec 30, 2021 at 1:57 AM Kenny Evitt  wrote:
> >
> > I installed `pass` via Homebrew – version `v1.7.4`.
> >
> > I'm setting-up a new Mac (macOS 12.0.1) and I've noticed a weird
> > problem with the (macOS included) Terminal app whenever I use the
> > `pass show -c ...` command.
> >
> > It _seems_ like maybe the 'clip' program that's being used doesn't
> > work well with the (new?) version of the Terminal app – or something
> > along those lines.
> >
> > After I run `show -c` commands (which works), the "Copied ... to
> > clipboard" messages 'clobbers' the shell prompt and then further input
> > doesn't _visibly_ work – I can type and maybe (?) run commands, but
> > the command seems to be 'erased' after I run it (i.e. hit Enter) and
> > no output is visible in the shell. I'd _guess_ somehow the same 'line'
> > of the shell output/history is being repeatedly overwritten.
> >
> > Any ideas?

Re: GPG sub-keys

2022-01-04 Thread Wiktor Kwapisiewicz 

On 4.01.2022 13:04, Jan Christian Grünhage wrote:

Because if they're all to be treated the same, you can just use
the primary key ID and pass should still just use the encryption
sub-keys available for that PGP key.


Nope, GnuPG will use just one single valid, most recent encryption 
subkey and completely disregard all others. For the record this part is 
actually not specified in the OpenPGP spec and other implementations 
(such as Sequoia PGP or OpenKeychain) do it differently, and - in my 
opinion - better: they encrypt to all valid encryption subkeys.


GnuPG actually makes it worse because using subkey fingerprint will not 
use that fingerprint but rather use the following logic:

  - if the fingerprint is for subkey look go to primary key,
  - if you want encryption subkey from primary find the most recent 
encryption subkey.


The workaround is, as Grégoire mentioned, to append "!" to the 
fingerprint. That will force it to use that exact specific key.


Kind regards,
Wiktor

Re: GPG sub-keys

2022-01-04 Thread Jan Christian Grünhage 
> Is there a way to solve this problem for my use-case?

Can you clarify what your use-case is exactly? Do you intend to have
different privileges on different sub-keys, or are they all treated the
same? Because if they're all to be treated the same, you can just use
the primary key ID and pass should still just use the encryption
sub-keys available for that PGP key.

--
JC

Re: GPG sub-keys

2022-01-04 Thread Grégoire Détrez ⠬⠆ 
On Mon, Jan 03, 2022 at 11:26:55AM -0800, Akiva Levy wrote:
> I keep my master secret key offline and issue each of my devices a
> unique sub-key. I have tried using these device sub-key IDs when
> initialising a new password store (ie. `pass init 0x123... 0x456...`),
> but  it seems sub-keys aren't working as I only get `decryption
> failed: No secret key` errors. To verify, I have tried using my e-mail
> address and temporarily using my offline master key ID with GPG and
> that does work. Is there a way to solve this problem for my use-case?

If I remember correctly you need to add ! to force gnupg to use specific
subkeys. E.g. `pass init 1234! abcd!`.
Cheers,

/ǵ