with multiple keys in gpg-id, passwords only encrypt for one recipient. #654
Comments
|
I did try updating my .gpg-id to include only hex key ID rather than the email, and it appears to have the same behavior. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Version:
Pass for iOS 0.14.0 (20)
To start off, pass for IOS is a fantastic piece of work. I am a new iphone user and was happy to see it.
I'm having a problem with multiple keys listed in my .gpg-id files. It throws an error, and asks me to pick one of the keys. When I do, it does actually encrypt the data, but only for the key I selected.
since there are a million ways to do the same thing, I'll give a detailed explanation of the configuration where I see the error:
Setup
GPG configuration:
I have multiple computers that all run pass. Each computer generates it's own GPG key. I give these
keys fake email addresses
Each of the computers export their public key, and the public key is imported into the keyring on the other, sign, trust.
Pass Configuration
pass has a single .gpg-id file in the root of the password store. It has the fake email addresses, so it looks like this:
The password store is backed by a git repository.
Pass for IOS setup
I generated a new SSH on another machine and setup git access using the key.
I imported the SSH key into Pass for IOS.
I verified that Pass for IOS can download the password store, and it does. So far so good.
Pass for IOS does not support gpg key generation, so on a another machine I created a new GPG key using
gpg --gen-key. This key will beme@iphoneAs with my other machines, I copied the public key to the other machines, and I append
cory@iphoneto my .gpg-id.I use QR codes to transmit the publc keys into the pass for IOS keyring.
So on one of the other computers, I'll run this:
and then on Pass for IOS, I go to Settings>PGP Key>ASCII-Armor Key and I click on "Scan Public Key QR Codes"
I repeat this step for all the public keys, including the new iphone public key.
Then I import the private key for the iphone.
and I import this key in the private key section.
Behavior
Decrypting passwords
I click on one of the passwords.
I am displayed an error saying
Cannot Show password PGP private key (me@laptop me@desktop me@computer123) not found.I click on a button that says "Select key"
I'm presented a menu that says "select from imported keys" and the list contains multiple short key IDs (not my fake emails, just hexidecimal)
If I select the correct key, then I am prompted for a password and the password is successfully decrypted.
Encrypting passwords
I click on the plus sign and add a new password.
I am greted with an error that says `Cannot Encrypt paassword public key (me@desktop me@laptop me@computer123) not found
Like before, I'm shown a list of keys to select.
I can select any one of the keys, and the password will be encrypted using that key as the recipient. But only that one. All the other commputers will not be able to decrypt that password.
Expected Behavior
--try-all-secretsoption.It occurs to me that my problem might just be that I'm using the email addresses in my .gpg-id rather than the hex identifier. But I feel that this should be supported since it's supported by gpg and by pass. I am suspicious that the whole problem might be if I changed my .gpg-id to use
the hex identifiers rather than emails. I haven't tried yet at the time of writing, but I'll
give this a shot to confirm once I have some time.
I don't have any good estimation for how much effort it might be to fix this, but I'd be glad to sponsor if this is an issue you want to take on.
The text was updated successfully, but these errors were encountered: