The following shell transcript shows how to:
- Create a GPG key
- Create a pass database
- Add git support to the pass database
- Create a remote git repository
- Push the pass database to the remote git repository
- Fetch and display your passwords from another host
It is assumed that the pass
package has been installed on both the first and second computers.
user@host:~$ gpg --full-gen-key gpg (GnuPG) 1.4.18; Copyright (C) 2014 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection? 1 RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) 4096 Requested keysize is 4096 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) Key does not expire at all Is this correct? (y/N) y You need a user ID to identify your key; the software constructs the user ID from the Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) <[email protected]>" Real name: First Middle Last Suffix Email address: [email protected] Comment: You selected this USER-ID: "First Middle Last Suffix <[email protected]>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O You need a Passphrase to protect your secret key. We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. Not enough random bytes available. Please do some other work to give the OS a chance to collect more entropy! (Need 172 more bytes) ............+++++ Not enough random bytes available. Please do some other work to give the OS a chance to collect more entropy! (Need 198 more bytes) ..............+++++ We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. Not enough random bytes available. Please do some other work to give the OS a chance to collect more entropy! (Need 250 more bytes) ..........+++++ Not enough random bytes available. Please do some other work to give the OS a chance to collect more entropy! (Need 249 more bytes) ......+++++ gpg: key 68214821 marked as ultimately trusted public and secret key created and signed. gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u pub 4096R/68214821 2015-06-24 Key fingerprint = A5C2 96E8 AC41 0889 60D9 2D1F 0F6D B722 6821 4821 uid First Middle Last Suffix <[email protected]> sub 4096R/36A6F06D 2015-06-24
user@host:~$ gpg --list-secret-keys --keyid-format LONG Copy long id in gpg2.x: gpg --list-keys --keyid-format long | grep -i -B 3 '\[ultimate]' | sed -n -E '2s/^.*rsa[0-9]+\/([0-9A-Z]+) .*/\1/gp' | pbcopy /home/user/.gnupg/pubring.gpg ------------------------------ pub 4096R/68214821 2015-06-24 uid First Middle Last Suffix <[email protected]> sub 4096R/36A6F06D 2015-06-24 user@host:~$ pass init 68214821 mkdir: created directory ‘/home/user/.password-store/’ Password store initialized for 68214821
user@host:~$ pass git init Initialized empty Git repository in /home/user/.password-store/.git/ [master (root-commit) c343a0c] Add current contents of password store. 1 file changed, 1 insertion(+) create mode 100644 .gpg-id [master edaf464] Configure git repository for gpg file diff. 1 file changed, 1 insertion(+) create mode 100644 .gitattributes user@host:~$ pass generate serviceprovider/[email protected] 21 mkdir: created directory ‘/home/user/.password-store/gmail’ [master e6a1974] Add generated password for serviceprovider/[email protected]. 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 serviceprovider/[email protected] The generated password for serviceprovider/[email protected] is: ;J&E_2A55<%=<KxoEDZuL
user@host:~$ pass git remote add origin [email protected]:username/repo.git user@host:~$ pass git push -u --all Counting objects: 10, done. Delta compression using up to 8 threads. Compressing objects: 100% (7/7), done. Writing objects: 100% (10/10), 1.38 KiB | 0 bytes/s, done. Total 10 (delta 1), reused 0 (delta 0) To ssh://[email protected]:gitport/path/to/git/user-password/ * [new branch] master -> master Branch master set up to track remote branch master from origin.
It is assumed here that your GPG key has been migrated to the second computer.
user@host:~$ gpg --list-keys /home/user/.gnupg/pubring.gpg ------------------------------ pub 4096R/68214821 2015-06-24 uid First Middle Last Suffix <[email protected]> sub 4096R/36A6F06D 2015-06-24 user@host:~$ pass init 68214821 mkdir: created directory ‘/home/user/.password-store/’ Password store initialized for 68214821 user@host:~$ pass git init Initialized empty Git repository in /home/user/.password-store/.git/ [master (root-commit) c343a0c] Add current contents of password store. 1 file changed, 1 insertion(+) create mode 100644 .gpg-id [master edaf464] Configure git repository for gpg file diff. 1 file changed, 1 insertion(+) create mode 100644 .gitattributes user@host:~$ pass git remote add origin \ ssh://[email protected]:gitport/path/to/git/user-password/ user@host:~$ git reset origin/master user@host:~$ pass git fetch [email protected]'s password: warning: no common commits remote: Counting objects: 10, done. remote: Compressing objects: 100% (7/7), done. remote: Total 10 (delta 1), reused 0 (delta 0) Unpacking objects: 100% (10/10), done. From ssh://[email protected]:gitport/path/to/git/user-password/ * [new branch] master -> origin/master user@host:~$ pass git rebase origin/master First, rewinding head to replay your work on top of it... user@host:~$ pass show serviceprovider/[email protected] gpg: WARNING: The GNOME keyring manager hijacked the GnuPG agent. gpg: WARNING: GnuPG will not work properly - please configure that tool to not interfere with the GnuPG system! ;J&E_2A55<%=<KxoEDZuL