Den 19/01/2023 10:36, skreiv pass-maillingl...@artursterz.de:
the other day I was thinking about whether it might be time to
replace GPG with another backend. age [1]
Even if Pass were to support Age as an alternate backend, why replace
GPG? None of the reasons given is compelling enough for
Den 18/01/2023 23:46, skreiv Judd Montgomery:
From 4b547b5332110c19ebdc8802d1cd628979ade59a Mon Sep 17 00:00:00 2001
From: Judd Montgomery
Date: Wed, 18 Jan 2023 17:32:56 -0500
Subject: [PATCH] The pipe to a tail and then head -1 can fail due to a
pipefail.
Den 18/01/2023 18:22, skreiv Judd Montgomery:
the patch looks good to me, much simpler and safer, and guaranteed to
not trigger EPIPE. you should however move your comments from the patch
into a commit message, I don't think we want history like that in the
script itself.
>
Is there a way
Den 13/01/2023 04:13, skreiv Judd Montgomery:
Hi,
I have a secret that is over 1000 lines long and each line is on average
24 characters. I noticed that the pass show -c[line-number] option only
works when trying to clip lines numbers greater than 850 or so. Any
line number less than this
Den 14/01/2023 10:58, skreiv Wolfgang Schildbach:
My question is what are best practices when it comes to (pgp) key
management in this situation, and the documentation seems fairly light
in this respect.
From what I can see, there are two options.
1) Create a different public/private key
On 19/07/2022 11:37, Magnus Sandberg wrote:
Hi,
After a few minutes of manual testing at my shell prompt, I guess this
one does the same;
find ${PREFIX} -type f -name '*.gpg' | grep -i "${terms}" \
| sed -E "s|^${PREFIX}/||" | sed -E 's/\.gpg$//' | sort
Assuming that 'grep -i
Den 29/03/2022 19:05, skreiv Matthias Groß:
If this environment variable is set to "true", the clipboard is cleared
immediately after pasting.
---
I've send this in before but the first try was a bit chaotic and I never
got feedback. I still consider it a useful feature and rebased it onto
On 17/02/2021 17:28, Alec Hill wrote:
> Hello dear people! I'm wondering if there are any
> suggestions/solutions/thoughts about easier selection of passwords...
>
> With dozens of passwords in variously nested directories, it can be
> hard to remember where one lives. I could spend time better
On 28/12/2020 14:21, Allan Odgaard wrote:
On 28 Dec 2020, at 11:32, Nicolai Dagestad wrote:
It might be something fishy with my machine, with:
python -c "print('0'*4097)" | tr 0 1 | head -c 10
I get the broken pipe on my laptop, but on none of my other machines
running arch...
On 23/11/2020 16:50, Jason A. Donenfeld wrote:
> Generally I sweep the list picking up missing patches when it's time
> to make a new release. Most are skipped, because anybody can write a
> little casual bash, and so the signal-to-noise ratio is not very good.
> But releases do get made, and
On 2020-09-24 17:02, Arthur Lutz wrote:> One thing that would be neat
(and maybe is already possible) would be to
> have comments in the .gpg-id file to indicate who the key belongs to.
> Going from :
>
> cat teamA/.gpg-id
> 0123901293
> 0912385810
>
> To
>
> cat teamA/.gpg
> # bob
>
On 05/07/2020 20.53, Vasile Martiniuc wrote:
> you must be doing something different. have you turned on SIGPIPE
> delivering signals?
>
I have not turned on SIGPIPE, this is turned on by default in the pass
script: set -o pipefail
my bad, I forgot pass(1) did this. you are correct, the
On 04/07/2020 01.09, Vasile Martiniuc wrote:
Good afternoon,
This line is wrong:
pass="$($GPG -d "${GPG_OPTS[@]}" "$passfile" | tail -n
+${selected_line} | head -n 1)" || exit $?
"head -n 1" (or "head -1") exits immediately after reading the first
line. And the "tail" is still writing to the
On 6/24/20 10:23 PM, robpill...@gmail.com wrote:
> That's a fair point - my main reason for doing it this way was that I
> imagined exiting with the same code as the git command would be more
> useful, so users can treat `pass git [...]` as a transparent wrapper,
> particularly for commands that
On 14/05/2020 09.28, password-st...@storiepvtride.it wrote:
Am 14.05.20 um 07:55 schrieb Serpent7776:
Maybe a good strategy could be to check in this order:
~/.password-store
$XDG_CONFIG_DIR/.password-store
Shouldn't this be:
~/.password-store
$XDG_DATA_HOME/.password-store
As I understand
On 08/04/2020 14.48, J Rt wrote:
Oooh, sorry I missed this, my bad, and thank you for pointing to this
:) . I think this is exactly what you said: a bit surprising this is
done by the init command. Do you think it would be reasonable to write
a 'thin wrapper' on the init command and call if for
On 01/04/2020 12.20, Lenz Weber wrote:
The "asking" is done by gpg, pass has no way to check (or prevent) if
any asking is done.
well, pass knows the decrypt failed, so it could ask the user whether it
should go on to the next file after N failures.
On 4/1/20 12:17 PM, J Rt wrote:
Ok,
Den 02.03.2020 17:08, skreiv Christian Weiss:
>
> On 02.03.20 17:02, Kjetil Torgrim Homme wrote:
>> however "pass git commit --amend" will always work
>
> But this requires that you are very disciplined - would not work for me,
> a i would forget it mutch t
Den 29.02.2020 13:28, skreiv Gianluca Recchia:
> I like how pass works overall and the way it integrates with Git is great!
> However, there's one thing that I find slightly annoying: the default
> commit message is often not very descriptive of the change I made to an
> entry and I often find
On 07/01/2020 17.27, Kjetil Torgrim Homme wrote:
My pass installation wanted to reencrypt all files every time since the
list it made of encryption keys associated with public keys included
invalid (expired, revoked) keys as well as those that should be used.
I turned the logic from a sed
I was surprised to find there was no command to reencrypt a pass
installation without specifying the key ids manually to pass init. The
code is basically there already, so this patch adds a "reencrypt"
command (basically a copy of "init" with less code) which will use the
correct .gpg-id
My pass installation wanted to reencrypt all files every time since the
list it made of encryption keys associated with public keys included
invalid (expired, revoked) keys as well as those that should be used.
I turned the logic from a sed expression to a function to make it more
readable.
On 18/12/2019 11.39, Rune Juhl Jacobsen wrote:
Ouch, it seems like my editor ate a newline in the diff; sorry.
Hopefully this works better...
diff --git a/src/password-store.sh b/src/password-store.sh
index 77f3eda..ce3f7fb 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@
Den 28.11.2019 12:14, skreiv Jason A. Donenfeld:
> Do you have any other examples of EDITOR being eval'd in this manner?
>
I agree with your skepticism. It is best if pass(1) handles $EDITOR
like other scripts, I'm wary of breaking other people's setup.
I would write a trivial wrapper
On 11/8/18 4:28 PM, HacKan wrote:> Simply issue pass init again with the
new keylist, that's it :)
not really, since the person who left the team can check out an old copy
of the repository and use the key which was valid at that time to
decrypt all passwords.
I am afraid all passwords must be
Den 30. okt. 2018 12:10, skreiv Matthieu Weber:
> On Tue, 30 Oct 2018 at 10:33AM +0100, Kjetil Torgrim Homme wrote:
>> yes, but sometimes you need to enter this password by hand. I use horse
>> battery passwords when I might need to enter the password on a mobile
>>
On 06/29/2018 12:51 PM, Ben Oliver wrote:
> On 18-06-29 11:37:04, Steve Harriss wrote:
>> Is there any value in enabling pass to get just 3, or more, specific
>> characters from a password and just displaying them?
>>
>> A lot of banking sites now ask for specific numbered characters and,
>> in a
Den 24. mai 2018 14:10, skreiv commentsab...@riseup.net:
> I have been using pass for years, my password stores contains over 500
> passwords and I would like to review them (I know that some of them are
> weak and/or old).
>
> Is there an efficient way to do it?
"pass grep ." will do the trick,
Den 22. nov. 2017 20:56, skreiv Jaseem Abid:
> I recently noticed that I could not decrypt some files in the password store
> because I no longer had access to the keys. I also had some corrupt files.
> This
> command adds some basic sanity checks to the password store and prints out
> files
>
Den 12. okt. 2017 15:04, skreiv Allan Odgaard:
> On 12 Oct 2017, at 14:13, Daniel Marks wrote:
>
> […] when I search for anything those links appear in every search
> result no matter what the search term is.
>
> The issue seems to be with |tree|. The manual says:
>
> |By default, when
Den 25. jan. 2017 09:14, Sebastian Reuße skreiv:
> When keeping the password-store under git, it can make sense using a git
> extension such as git-annex instead of the native git object store to
> store the encrypted files. Inter alia, this allows one to selectively
> expire old copies of the
Den 25. jan. 2017 01:11, Marin Usalj skreiv:
> Maybe you can just encrypt it with gpg and store in the same file
> structure?
> One option is to gpg it with --armor and store in the same file, other
> option is to just create a separate file next to it.
>
> Encrypt:
> $ gpg2 --output
Den 02. jan. 2017 08:43, Dahlberg, David skreiv:
> Am Sonntag, den 18.12.2016, 18:21 +0100 schrieb Jason A. Donenfeld:
>> On Sun, Dec 18, 2016 at 4:19 PM, Antoine Beaupré wrote:
>>> /dev/urandom doesn't seem to exist in OpenBSD, as far as I could tell
>>> when i did my
On 2016-12-26 12:36, Martin Weis wrote:
> On 25.12.2016 02:52, Kjetil Torgrim Homme wrote:
>> just a note: Control-L will clear the terminal (surprisingly many people
>> I have met haven't discovered/learnt this.)
>
> Here, it does *not* clean the terminal (gnome-term
On 2016-12-22 06:06, Corey Moncure wrote:
> My reason for going with the graphical display was that I suspected
> gimmick terminal color settings in a graphical desktop, such as odd
> fonts or transparency, could interfere with the legibility of the
> output. I had only looked at the -t ascii
Den 18. des. 2016 00:40, Antoine Beaupré skreiv:
> here are the ones I know of:
>
> * head -c $ENTROPY | base64 | tr -d '=\n'
> * pwqgen - uses a wordlist and a specified entropy level
> * diceware - uses a wordlist and dicerolls (or /dev/random)
>
> the latter two are meant to be
Den 07. des. 2016 17:52, Emile Cantin skreiv:
> As Brian said, in that particular case, I think Alice and Bob should use
> a repo where Eve doesn't have access, or at least write access.
>
> I think the key here is that 'pass init' reads and re-encrypts
> everything with the new key(s), but Eve
Den 31. aug. 2016 17:48, Brian Candler skreiv:
> On 31/08/2016 16:43, Emile Cantin wrote:
>>
>> In light of the recent Dropbox leak, I wanted to know how old my
>> password was, and perhaps if I had any other old passwords that would
>> be due for a rotation. I don't think I can rely on the last
On 08/02/2016 07:11 PM, Allen Li wrote:
Would pass's maintainer/users be open to adding a feature to overriding
the path to the GnuPG binary? This does add some complexity, but I
think it is worth adding, for example if a user needs to use a custom
compiled binary sitting outside of the PATH.
On 03/02/2016 05:28 PM, Matthias Beyer wrote:
> I'd like to have blank a line after each help-text item. It reduces the
> wall-of-text experience of `pass --help`.
>
> Of course this is opinion-based... so I'd like to hear your opinion!
please no. not everyone runs their terminal window in
On 02/09/2016 03:05 PM, Lucas Hoffmann wrote:
> You could also try to split the job into two regexes if there are too
> many differences between the sed versions we want to support.
>
> `man tree` says that it will use $LS_COLORS. But as far as I understand
> it after some tests, this arbitrary
On 01/31/2016 03:06 PM, Anas Syed wrote:
> When one uses autocompletion on bash, autocompleting the only match
> doesn't add an extra space. This is necessary when we are completing
> directory names, however, when we are completing commands and other
> command line flags, then we want an extra
On 01/29/2016 05:44 PM, Dashamir Hoxha wrote:
> But maybe the core dump or swap file issue applies to gpg-agent as well...
no, it turns off core dumps and uses mlock to avoid this problem. a
shell script can't do the latter.
--
Kjetil T. Homme
Redpill Linpro - Changing the game
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2016-01-26 14:29, Dashamir Hoxha wrote:
> If they have your encrypted password files, most probably they also
> have your private keys. At least for most of the people, who are
> not using smartcards, yubikey, nitrokey, etc. (I am one of them).
On 01/19/2016 01:14 PM, Michael Aquilina wrote:
> I'm actually fairly interested in this too. While having the names of my
> passwords on display is not a huge deal, it does leak some information
> in terms of what sites you've signed up for etc...
>
> If there was a way to hide this
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2015-12-18 19:41, Nathan Wallace wrote:
> Great, thanks Kevin. My reasons for including the environment
> variable configuration probably had to do with the fact that I
> chose 15 characters as the default pretty arbitrarily. It seems
> long
On 11/28/2015 06:06 PM, Andrew DeMaria wrote:
> - Hides shown text using terminal color codes by default
> - Adds --no-color/-n option to remove coloring
hmm. I prefer not changing the default behaviour.
> - By default display only the first line regardless of whether clip is
> specified
I
On 09/14/2015 10:06 AM, Lie Ryan wrote:
> Currently, the output of `pass generate` cannot be piped into another
> command that expects a password because it contains git output and other
> interactive outputs. For example:
>
> openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048
>
On 26/05/2015 09:04, cyberxndr . wrote:
This code provides a quick way to retrieve one password from the tree. I
would like to know is whether or not it is accepted.
2015-05-13 13:35 GMT+03:00 cyberxndr:
diff --git a/password-store/src/password-store.sh
On 2015-02-04 09:26, Dahlberg, David wrote:
Am Dienstag, den 03.02.2015, 17:47 +0100 schrieb Marc-Antoine Perennou:
diff --git a/src/password-store.sh b/src/password-store.sh
[..]
+ which gpaste /dev/null gpaste help | grep password
/dev/null gpaste=1
Pardon my Evolutions bad
On 01/19/2015 02:05 PM, Are wrote:
In an environment where my terminals may be viewed by others, I would
prefer to not having my passwords listed in the scrollback buffer. The
easy solution to this is to pipe the command through a pager like
'less'. However, it would be better if this would be
On 01/19/2015 11:45 AM, Jason A. Donenfeld wrote:
On Fri, Jan 16, 2015 at 8:38 PM, Wieland Hoffmann themi...@gmail.com wrote:
echo -n $1 | xclip -selection $X_SELECTION
+ [ $? -ne 0 ] die Error: Could not copy data to the
clipboard.
Pass uses [[ and ]] when it
On 2014-09-21 19:40, Jason A. Donenfeld wrote:
I'm a bit confused. What does this do? What is this?
par2 is a technique like RAID6 which you can apply on individual files.
it was/is quite popular for binary postings on Usenet, where it was
common for pieces to be lost.
IMHO the complexity is
53 matches
Mail list logo