I find the GPG groups mechanism slightly cumbersome, especially if you
want to add a new key to the group. It seems non intuitive.
Documentation on the project website with how to use GPG groups to
manage multiple keys would be great. Alternatively, a mechanism in
pass to set this up for you (or maybe even a separate
command/program!) would be nice.
The reason I am critiquing this is my anecdotal experience with trying
to set this up myself. I was using git to sync my password-store
across devices and I exported the public keys of all the devices to
each other device. I also added the group config to each one. Yet it
happened that some devices were not able to decrypt passwords created
by others. I don't know why as the configuration was identical on
each. :(
I haven't gone back to figure out what was wrong due to lack of time.
Now I just sync a key pair on my local network using gpg --export |
ssh 'gpg --import' type commands. This works phenomenally but is
generally frowned upon security wise to export the private key, and I
might run into issues later if I want to change the key.
Dan
Post by Matthew Cengia[...]
Post by Brian ShoreHi,
I can already do this by defining a group in gpg.conf, e.g.
group pass=0x12345678 0x23456789 ...
What is gained by adding this functionality directly to pass?
Uh. Nothing. I think I read about the gpg.conf group directive long ago
but had forgotten about it.
You're absolutely right, gpg.conf is almost certainly the correct place
to specify this.
--
Regards,
Matthew Cengia
_______________________________________________
Password-Store mailing list
http://lists.zx2c4.com/mailman/listinfo/password-store