gopass icon indicating copy to clipboard operation
gopass copied to clipboard

Published 20 hours ago verified publisher icon gopasspw

How to prolong expired public keys?

Open robaca opened this issue 4 years ago • 7 comments

Summary

Currently when a public key expires, replacing that key in the repository is not a straightforward task. It also seems that updates keys in .gpg-keys are not updated in other team members' keychains automatically on 'gopass sync, so that they still get errors and have to do it manually via a GPG import. For now at least some docs on how to perform such updates "the right way" would be great.

Expected behavior

There should be a command to update a public key in the repository from the local keyring or even better some convenience command that directly allows us to update the expiry date and keep changes in sync with the keyring. I would also expect that if a public key changed, the teammates are informed on the next sync and get supported on importing the new key.

Environment

  • OS: Mac OS X, NixOS, ...
  • gopass Version: v1.9.2
  • Installation method: via brew / package mgmt.

robaca avatar Jun 24 '20 10:06 robaca

Yes, that seems like a reasonable request. GPG can be quite annoying in that regard.

dominikschulz avatar Jun 24 '20 18:06 dominikschulz

We experience the same issue. Often the result is that previous recipients get deleted by accident and have to ask for access again despite the fact that they had uploaded the re-newed public key. Maybe the config option autoimport could also import changed keys automatically?

resident-uhlig avatar Dec 06 '21 14:12 resident-uhlig

So how do you actually update a key in the .public-keys dir in the repo? Re-adding the key via gopass recipients add doesn't update it...

flixr avatar Aug 26 '22 16:08 flixr

Likely a bug ...

dominikschulz avatar Aug 26 '22 17:08 dominikschulz

Any hints on how to do that manually in the mean time?

Dominik Schulz @.***> schrieb am Fr., 26. Aug. 2022, 19:16:

Likely a bug ...

— Reply to this email directly, view it on GitHub https://github.com/gopasspw/gopass/issues/1430#issuecomment-1228737930, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAZOQJYPGXN7STXJKMD5LTV3D3YNANCNFSM4OGQ2LFQ . You are receiving this because you are subscribed to this thread.Message ID: @.***>

flixr avatar Aug 26 '22 17:08 flixr

Yes, you can export the updated public key into that directory using the correct name and commit the change.

However we won't automatically import/update the key.

dominikschulz avatar Aug 26 '22 17:08 dominikschulz