Re: Changing encryption backend (discussion)

Den 19/01/2023 10:36, skreiv pass-maillingl...@artursterz.de: the other day I was thinking about whether it might be time to replace GPG with another backend. age [1] Even if Pass were to support Age as an alternate backend, why replace GPG? None of the reasons given is compelling enough for

Re: [PATCH] The pipe to a tail and then head -1 can fail due to a, pipefail., https://stackoverflow.com/questions/22464786/ignoring-bash-pipefail-for-error-code-141, Since sed is used elsewhere in the

Den 18/01/2023 23:46, skreiv Judd Montgomery: From 4b547b5332110c19ebdc8802d1cd628979ade59a Mon Sep 17 00:00:00 2001 From: Judd Montgomery Date: Wed, 18 Jan 2023 17:32:56 -0500 Subject: [PATCH] The pipe to a tail and then head -1 can fail due to a  pipefail.  

Re: pass show --clip bug

Den 18/01/2023 18:22, skreiv Judd Montgomery: the patch looks good to me, much simpler and safer, and guaranteed to not trigger EPIPE. you should however move your comments from the patch into a commit message, I don't think we want history like that in the script itself. > Is there a way

Re: pass show --clip bug

Den 13/01/2023 04:13, skreiv Judd Montgomery: Hi, I have a secret that is over 1000 lines long and each line is on average 24 characters.  I noticed that the pass show -c[line-number] option only works when trying to clip lines numbers greater than 850 or so.  Any line number less than this

Re: Best practice for multiple-client use keys

Den 14/01/2023 10:58, skreiv Wolfgang Schildbach: My question is what are best practices when it comes to (pgp) key management in this situation, and the documentation seems fairly light in this respect. From what I can see, there are two options. 1) Create a different public/private key

Re: [PATCH] Add option --flat

On 19/07/2022 11:37, Magnus Sandberg wrote: Hi, After a few minutes of manual testing at my shell prompt, I guess this one does the same; find ${PREFIX} -type f -name '*.gpg' | grep -i "${terms}" \    | sed -E "s|^${PREFIX}/||" | sed -E 's/\.gpg$//' | sort Assuming that 'grep -i

Re: [PATCH] clip: add option PASSWORD_STORE_PASTE_ONCE

Den 29/03/2022 19:05, skreiv Matthias Groß: If this environment variable is set to "true", the clipboard is cleared immediately after pasting. --- I've send this in before but the first try was a bit chaotic and I never got feedback. I still consider it a useful feature and rebased it onto

Re: easier selection of passwords

On 17/02/2021 17:28, Alec Hill wrote: > Hello dear people! I'm wondering if there are any > suggestions/solutions/thoughts about easier selection of passwords... > > With dozens of passwords in variously nested directories, it can be > hard to remember where one lives. I could spend time better

Re: [PATCH] Suppress tr's stderr in the generate function

On 28/12/2020 14:21, Allan Odgaard wrote: On 28 Dec 2020, at 11:32, Nicolai Dagestad wrote: It might be something fishy with my machine, with: python -c "print('0'*4097)" | tr 0 1 | head -c 10 I get the broken pipe on my laptop, but on none of my other machines running arch...

Re: curious: why use own hosting rather than github?

On 23/11/2020 16:50, Jason A. Donenfeld wrote: > Generally I sweep the list picking up missing patches when it's time > to make a new release. Most are skipped, because anybody can write a > little casual bash, and so the signal-to-noise ratio is not very good. > But releases do get made, and

Re: [featurerequest] comments in .gpg-id files

On 2020-09-24 17:02, Arthur Lutz wrote:> One thing that would be neat (and maybe is already possible) would be to > have comments in the .gpg-id file to indicate who the key belongs to. > Going from : > >   cat teamA/.gpg-id >   0123901293 >   0912385810 > > To > >   cat teamA/.gpg >   # bob >  

Re: Bug Report

On 05/07/2020 20.53, Vasile Martiniuc wrote: > you must be doing something different.  have you turned on SIGPIPE > delivering signals? > I have not turned on SIGPIPE, this is turned on by default in the pass script: set -o pipefail my bad, I forgot pass(1) did this. you are correct, the

Re: Bug Report

On 04/07/2020 01.09, Vasile Martiniuc wrote: Good afternoon, This line is wrong: pass="$($GPG -d "${GPG_OPTS[@]}" "$passfile" | tail -n +${selected_line} | head -n 1)" || exit $? "head -n 1" (or "head -1") exits immediately after reading the first line. And the "tail" is still writing to the

Re: `pass git` exit code

On 6/24/20 10:23 PM, robpill...@gmail.com wrote: > That's a fair point - my main reason for doing it this way was that I > imagined exiting with the same code as the git command would be more > useful, so users can treat `pass git [...]` as a transparent wrapper, > particularly for commands that

Re: XDG Base Directory Specification

On 14/05/2020 09.28, password-st...@storiepvtride.it wrote: Am 14.05.20 um 07:55 schrieb Serpent7776: Maybe a good strategy could be to check in this order: ~/.password-store $XDG_CONFIG_DIR/.password-store Shouldn't this be: ~/.password-store $XDG_DATA_HOME/.password-store As I understand

Re: pass migrate

On 08/04/2020 14.48, J Rt wrote: Oooh, sorry I missed this, my bad, and thank you for pointing to this :) . I think this is exactly what you said: a bit surprising this is done by the init command. Do you think it would be reasonable to write a 'thin wrapper' on the init command and call if for

Re: bug: blocking the whole computer in some cases

On 01/04/2020 12.20, Lenz Weber wrote: The "asking" is done by gpg, pass has no way to check (or prevent) if any asking is done. well, pass knows the decrypt failed, so it could ask the user whether it should go on to the next file after N failures. On 4/1/20 12:17 PM, J Rt wrote: Ok,

Re: Allow to edit the commit message

Den 02.03.2020 17:08, skreiv Christian Weiss: > > On 02.03.20 17:02, Kjetil Torgrim Homme wrote: >> however "pass git commit --amend" will always work > > But this requires that you are very disciplined - would not work for me, > a i would forget it mutch t

Re: Allow to edit the commit message

Den 29.02.2020 13:28, skreiv Gianluca Recchia: > I like how pass works overall and the way it integrates with Git is great! > However, there's one thing that I find slightly annoying: the default > commit message is often not very descriptive of the change I made to an > entry and I often find

Re: [PATCH] Filter out expired signing keys

On 07/01/2020 17.27, Kjetil Torgrim Homme wrote: My pass installation wanted to reencrypt all files every time since the list it made of encryption keys associated with public keys included invalid (expired, revoked) keys as well as those that should be used. I turned the logic from a sed

[PATCH] add "pass reencrypt" sub command

I was surprised to find there was no command to reencrypt a pass installation without specifying the key ids manually to pass init. The code is basically there already, so this patch adds a "reencrypt" command (basically a copy of "init" with less code) which will use the correct .gpg-id

[PATCH] Filter out expired signing keys

My pass installation wanted to reencrypt all files every time since the list it made of encryption keys associated with public keys included invalid (expired, revoked) keys as well as those that should be used. I turned the logic from a sed expression to a function to make it more readable.

Re: [PATCH] Allow comments in .gpg-id

On 18/12/2019 11.39, Rune Juhl Jacobsen wrote: Ouch, it seems like my editor ate a newline in the diff; sorry. Hopefully this works better... diff --git a/src/password-store.sh b/src/password-store.sh index 77f3eda..ce3f7fb 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@

Re: [PATCH] Use eval() to shell-parse $EDITOR for pass-edit

Den 28.11.2019 12:14, skreiv Jason A. Donenfeld: > Do you have any other examples of EDITOR being eval'd in this manner? > I agree with your skepticism. It is best if pass(1) handles $EDITOR like other scripts, I'm wary of breaking other people's setup. I would write a trivial wrapper

Re: What to do when someone leaves a team?

On 11/8/18 4:28 PM, HacKan wrote:> Simply issue pass init again with the new keylist, that's it :) not really, since the person who left the team can check out an old copy of the repository and use the key which was valid at that time to decrypt all passwords. I am afraid all passwords must be

Re: [PATCH] Add support for XKCD-style wordlist passwords

Den 30. okt. 2018 12:10, skreiv Matthieu Weber: > On Tue, 30 Oct 2018 at 10:33AM +0100, Kjetil Torgrim Homme wrote: >> yes, but sometimes you need to enter this password by hand. I use horse >> battery passwords when I might need to enter the password on a mobile >>

Re: Get n, n1, n2 from password

On 06/29/2018 12:51 PM, Ben Oliver wrote: > On 18-06-29 11:37:04, Steve Harriss wrote: >> Is there any value in enabling pass to get just 3, or more, specific >> characters from a password and just displaying them? >> >> A lot of banking sites now ask for specific numbered characters and, >> in a

Re: List all the passwords cleartext in a comprehensive way

Den 24. mai 2018 14:10, skreiv commentsab...@riseup.net: > I have been using pass for years, my password stores contains over 500 > passwords and I would like to review them (I know that some of them are > weak and/or old). > > Is there an efficient way to do it? "pass grep ." will do the trick,

Re: [PATCH] Check command to ensure basic sanity

Den 22. nov. 2017 20:56, skreiv Jaseem Abid: > I recently noticed that I could not decrypt some files in the password store > because I no longer had access to the keys. I also had some corrupt files. > This > command adds some basic sanity checks to the password store and prints out > files >

Re: Symlinked files appear every search result

Den 12. okt. 2017 15:04, skreiv Allan Odgaard: > On 12 Oct 2017, at 14:13, Daniel Marks wrote: > > […] when I search for anything those links appear in every search > result no matter what the search term is. > > The issue seems to be with |tree|. The manual says: > > |By default, when

Re: [PATCH] Don’t reencrypt data not managed by pass.

Den 25. jan. 2017 09:14, Sebastian Reuße skreiv: > When keeping the password-store under git, it can make sense using a git > extension such as git-annex instead of the native git object store to > store the encrypted files. Inter alia, this allows one to selectively > expire old copies of the

Re: Attachments (arbitrary files) in pass entries?

Den 25. jan. 2017 01:11, Marin Usalj skreiv: > Maybe you can just encrypt it with gpg and store in the same file > structure? > One option is to gpg it with --armor and store in the same file, other > option is to just create a separate file next to it. > > Encrypt: > $ gpg2 --output

Re: [PATCH] stop using pwgen

Den 02. jan. 2017 08:43, Dahlberg, David skreiv: > Am Sonntag, den 18.12.2016, 18:21 +0100 schrieb Jason A. Donenfeld: >> On Sun, Dec 18, 2016 at 4:19 PM, Antoine Beaupré wrote: >>> /dev/urandom doesn't seem to exist in OpenBSD, as far as I could tell >>> when i did my

Re: Displaying passwords as QR codes

On 2016-12-26 12:36, Martin Weis wrote: > On 25.12.2016 02:52, Kjetil Torgrim Homme wrote: >> just a note: Control-L will clear the terminal (surprisingly many people >> I have met haven't discovered/learnt this.) > > Here, it does *not* clean the terminal (gnome-term

Re: Displaying passwords as QR codes

On 2016-12-22 06:06, Corey Moncure wrote: > My reason for going with the graphical display was that I suspected > gimmick terminal color settings in a graphical desktop, such as odd > fonts or transparency, could interfere with the legibility of the > output. I had only looked at the -t ascii

Re: [PATCH] stop using pwgen

Den 18. des. 2016 00:40, Antoine Beaupré skreiv: > here are the ones I know of: > > * head -c $ENTROPY | base64 | tr -d '=\n' > * pwqgen - uses a wordlist and a specified entropy level > * diceware - uses a wordlist and dicerolls (or /dev/random) > > the latter two are meant to be

Re: Protect .gpg-id

Den 07. des. 2016 17:52, Emile Cantin skreiv: > As Brian said, in that particular case, I think Alice and Bob should use > a repo where Eve doesn't have access, or at least write access. > > I think the key here is that 'pass init' reads and re-encrypts > everything with the new key(s), but Eve

Re: [pass] Password age report

Den 31. aug. 2016 17:48, Brian Candler skreiv: > On 31/08/2016 16:43, Emile Cantin wrote: >> >> In light of the recent Dropbox leak, I wanted to know how old my >> password was, and perhaps if I had any other old passwords that would >> be due for a rotation. I don't think I can rely on the last

Re: [pass] Override GPG path

On 08/02/2016 07:11 PM, Allen Li wrote: Would pass's maintainer/users be open to adding a feature to overriding the path to the GnuPG binary? This does add some complexity, but I think it is worth adding, for example if a user needs to use a custom compiled binary sitting outside of the PATH.

Re: [pass] [Proposal] Blank line after each help item in help text

On 03/02/2016 05:28 PM, Matthias Beyer wrote: > I'd like to have blank a line after each help-text item. It reduces the > wall-of-text experience of `pass --help`. > > Of course this is opinion-based... so I'd like to hear your opinion! please no. not everyone runs their terminal window in

Re: [pass] [PATCH 1/1] sed(1) compatibility

On 02/09/2016 03:05 PM, Lucas Hoffmann wrote: > You could also try to split the job into two regexes if there are too > many differences between the sed versions we want to support. > > `man tree` says that it will use $LS_COLORS. But as far as I understand > it after some tests, this arbitrary

Re: [pass] Patch: Add spaces as needed when autocompleting (bash)

On 01/31/2016 03:06 PM, Anas Syed wrote: > When one uses autocompletion on bash, autocompleting the only match > doesn't add an extra space. This is necessary when we are completing > directory names, however, when we are completing commands and other > command line flags, then we want an extra

Re: [pass] Simple password store

On 01/29/2016 05:44 PM, Dashamir Hoxha wrote: > But maybe the core dump or swap file issue applies to gpg-agent as well... no, it turns off core dumps and uses mlock to avoid this problem. a shell script can't do the latter. -- Kjetil T. Homme Redpill Linpro - Changing the game

Re: [pass] Adding support for symmetric encryption

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2016-01-26 14:29, Dashamir Hoxha wrote: > If they have your encrypted password files, most probably they also > have your private keys. At least for most of the people, who are > not using smartcards, yubikey, nitrokey, etc. (I am one of them).

Re: [pass] Encrypt filenames in the store

On 01/19/2016 01:14 PM, Michael Aquilina wrote: > I'm actually fairly interested in this too. While having the names of my > passwords on display is not a huge deal, it does leak some information > in terms of what sites you've signed up for etc... > > If there was a way to hide this

Re: [pass] [PATCH] generate: default length to 15 if not specified

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2015-12-18 19:41, Nathan Wallace wrote: > Great, thanks Kevin. My reasons for including the environment > variable configuration probably had to do with the fact that I > chose 15 characters as the default pretty arbitrarily. It seems > long

Re: [pass] [PATCH] Added show obfuscation

On 11/28/2015 06:06 PM, Andrew DeMaria wrote: > - Hides shown text using terminal color codes by default > - Adds --no-color/-n option to remove coloring hmm. I prefer not changing the default behaviour. > - By default display only the first line regardless of whether clip is > specified I

Re: [pass] Output from pass generate should go to stderr

On 09/14/2015 10:06 AM, Lie Ryan wrote: > Currently, the output of `pass generate` cannot be piped into another > command that expects a password because it contains git output and other > interactive outputs. For example: > > openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 >

Re: [pass] [PATCH][FEATURE] password-store.sh: added option for quick password showing

On 26/05/2015 09:04, cyberxndr . wrote: This code provides a quick way to retrieve one password from the tree. I would like to know is whether or not it is accepted. 2015-05-13 13:35 GMT+03:00 cyberxndr: diff --git a/password-store/src/password-store.sh

Re: [pass] [PATCH 2/2] clip: add GPaste support

On 2015-02-04 09:26, Dahlberg, David wrote: Am Dienstag, den 03.02.2015, 17:47 +0100 schrieb Marc-Antoine Perennou: diff --git a/src/password-store.sh b/src/password-store.sh [..] + which gpaste /dev/null gpaste help | grep password /dev/null gpaste=1 Pardon my Evolutions bad

Re: [pass] Output to less (or another pager)

On 01/19/2015 02:05 PM, Are wrote: In an environment where my terminals may be viewed by others, I would prefer to not having my passwords listed in the scrollback buffer. The easy solution to this is to pipe the command through a pager like 'less'. However, it would be better if this would be

Re: [pass] [PATCH] clip: Show an error message if xclip returns a non-zero exit code

On 01/19/2015 11:45 AM, Jason A. Donenfeld wrote: On Fri, Jan 16, 2015 at 8:38 PM, Wieland Hoffmann themi...@gmail.com wrote: echo -n $1 | xclip -selection $X_SELECTION + [ $? -ne 0 ] die Error: Could not copy data to the clipboard. Pass uses [[ and ]] when it

Re: [pass] pass and par2

On 2014-09-21 19:40, Jason A. Donenfeld wrote: I'm a bit confused. What does this do? What is this? par2 is a technique like RAID6 which you can apply on individual files. it was/is quite popular for binary postings on Usenet, where it was common for pieces to be lost. IMHO the complexity is