gopass-ui
gopass-ui copied to clipboard
gopass-UI fails to use encryption subkey
Mac OS 10.14 gopass CLI correctly encrypts & decrypts using my Encryption subkey, but gopass-UI seizes upon the master key, which was "removed" during GPG key creation. Here listed are my keys:
➜ ~ gpg --list-secret-keys /Users/herk/.gnupg/pubring.kbx
sec# rsa4096 2020-05-16 [C] B632FAE4E38007F7E0EAC765977BFD885398E03D uid [ultimate] Rexford Gibbs [email protected] uid [ultimate] RJ Gibbs [email protected] ssb rsa4096 2020-05-16 [S] ssb rsa4096 2020-05-16 [E] ssb rsa4096 2020-05-16 [A]
The hash char (#) after the first key, sec#, indicates that the master key is offline.
Can gopass-UI be configured to use the encryption subkey ssb rsa4096 2020-05-16 [E]?
Thanks. Rexford Gibbs
Hi @HerkOHerk
thanks for contributing. Under the hood we are simply calling the gopass cli like „gopass sync“. (See https://github.com/codecentric/gopass-ui/blob/master/src/renderer/secrets/Gopass.ts)
How do you use the CLI?
Best regards Matthias
Hi, Matthias.
To first test the gpg encryption/decryption I run this:
Simple GPG-Key Test ————————— #1 - A Clear Text Document: ➜ ~ echo 'pseudo-password' > doc #2 - Encrypt: ➜ ~ gpg -c --armor --cipher-algo AES256 --output ~/doc.gpg ~/doc #3 - Decrypt: ➜ ~ gpg -q --for-your-eyes-only -d ~/doc.gpg pseudo-password
Then I test the gopass CLI as follows:
➜ ~ gopass insert personal/email-pw Enter password for personal/email-pw: Retype password for personal/email-pw: ➜ ~ ➜ ~ gopass show personal/email-pw SeanPapa2017
I also tried qtpass, and it had the same problem: could not decrypt secrets.
Regards.
Herk On May 18, 2020, 1:38 AM +0700, Matthias Rütten [email protected], wrote:
Hi @HerkOHerk thanks for contributing. Under the hood we are simply calling the gopass cli like „gopass sync“. (See https://github.com/codecentric/gopass-ui/blob/master/src/renderer/secrets/Gopass.ts) How do you use the CLI? Best regards Matthias — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.