paapereira.xyz

pass - the standard unix password manager

I’ve been using pass as my password manager for the last months.

In Linux, Android and Windows.

Here’s how I set it up and the apps that can be used.

Installation

Arch Linux

I installed pass, pass-otp for one time password support, dmenu for an easy way to copy your passwords to the clipboard and if you prefer qtpass foi a gui application.

1sudo pacman -S pass pass-otp dmenu qtpass

You can use the command passmenu to open a list of your passwords using dmenu. For convenience you can assign it to a keyboard shortcut.

In XFCE you can go to XFCE > Keyboard > Application Shortcut:

1passmenu | Ctrl+Super+P

Android

pass encrypts your passwords with a gpg key, so you’ll need an app to manage your key and an app compatible with pass.

I’m using OpenKeychain and Password Store.

Firefox

You’ll need to install passff-host and the passff extension.

You can follow the instructions here.

Windows

You can use QtPass or just use the pass script in a bash terminal.

I use the bash shell from git for windows and download the pass script here.

Create a new password store

I will be using git to keep my passwords. This is optional. See more in the pass homepage.

1gpg --full-generate-key

1pass init your_mail@mail.com

1git init --bare ~/.password-store

 1pass git init
 2pass git config --global --edit
 3
 4pass git commit --amend --reset-author
 5pass git remote add origin your_user@server:~/.password-store
 6pass git push -u --all
 7
 8pass insert test/test3
 9pass git push
10
11pass git log --pretty=format:"%h - %ae, %cr - %s" -5

1git clone your_user@server:~/.password-store

GPG tips

Here’s cheetsheet for GPG.

Configuration files

Just some configurations I tuned.

1vi ~/.gnupg/gpg.conf

1	(...)
2	###+++--- GPGConf ---+++###
3	utf8-strings
4	#debug-level basic
5	(...)

1cat ~/.gnupg/gpg-agent.conf

1debug-level basic
2log-file socket:///home/your_user/.gnupg/log-socket
3pinentry-program /usr/bin/pinentry-gtk-2
4default-cache-ttl 1800
5gpg-connect-agent reloadagent /bye

Reset cached passwords

1echo RELOADAGENT | gpg-connect-agent

Transfer GPG keys between machines

  1. Export to file using a temporary random password
1# list gpg private keys
2gpg -K
3# generate random password
4gpg --armor --gen-random 1 20
5		xxxxxxxxxxxxxx
6# export *private* key
7gpg --armor --export-secret-keys your_mail@mail.com | gpg --armor --symmetric --output yourkey.asc
8# export public key
9gpg --armor --export your_mail@mail.com | gpg --armor --symmetric --output yourkey.gpg
  1. Send to another device

Example for Android:

Example in another computer with access to you main machine and using the random password generated:

Managing passwords

Here some examples, be sure to check pass homepage.

 1# insert a new password (multiple lines)
 2# firt line always the password
 3pass insert -m banking/bank
 4	XXXXXXXXX
 5	user: ------
 6	url: https://------
 7	email: @---.---
 8# edit a password (vi like)
 9pass edit banking/bank
10# remove a password
11pass rm banking/bank
12# push local changes to keybase
13pass git push
14# check last 5 commits
15pass git log --pretty=format:"%h - %ae, %cr - %s" -5
16	851fc19 - your_mail@mail.com, 4 hours ago - Add given password for banking/bank to store.
17# show the commit changes (q for quit)
18pass git show 851fc19
19# show commits from a specific dir
20pass git log --follow banking
21# your password are individual gpg files
22ls .password-store/banking
23	bank.gpg
24# copy your passwords to the clipboard
25pass -c banking/bank
26# generate passwords for new sites (with 25 characters for example)
27pass generate banking/bank 25
28# generate passwords for existing passwords
29pass generate --in-place banking/bank 25
30# support for one time passwords
31pass edit banking/bank
32	XXXXXXXXX
33	user: ------
34	url: https://------
35	email: @---.---
36	otpauth://totp/Bank:you_bank_mail@mail.com?secret=YOUR_OTP_KEY&issuer=Bank
37pass otp banking/bank

#Linux #Arch Linux #Tags/Pass