Password Mangement with pass

Pass is a unix password manager Pass. It is a command line utility that helps manage your passwords.

Up until now I never really felt the need for a password manager. But with the complex constraints placed on users while setting up an account on websites, it is starting to dawn upon me to use a password manager. Especially for websites that I don’t login/visit quite often. I always have to play this guessing/memory game of whether the password on a particular site enforced a caps character or a special character or a numeric or some combination of 2 of them or all of them! Now I can surely in few attempts get the password but then again by the time I attempt to get the password right I would have locked myself up for too many incorrect attempts. And then I won’t be able to reuse the same passsword because the system won’t allow me to use password that I used in the last 1 year or 6 months. As a result I will come with a new password that I won’t actually be able to commit to my memory because I don’t visit that site that often and this will turn into a viscious circle and a huge time sink.

While browsing the archlinux applications page I came across ‘Pass’. It appealed to me pretty quickly. It stores the password locally and is a command line utility. The password isn’t stored in plain text(like some of the other command line utilities I have tried in the past and given up on). Its been only what like 10 minutes since I set it up, so I might revisit this post to add my thoughts after I have used for consideribaly longer period of time. But in the 10 minutes that I have used it, I really like it. I am in the process of storing the passwords from firefox to this utility.

The missing manual for setting up

The installation of pass was quite straight forward pacman -S pass. But then the initial setup wasn’t as straight forward as mentioned on the website.

If you followed the website then, the next step after installing is running

pass init "<name for pass store>"

and then

pass insert <nameofwebsite>/<account_name/email>

Which will prompt you to enter the password. But doing that resulted in following error on my arch machine.

gpg: Password store: skipped: No public key
gpg: [stdin]: encryption failed: No public key
Password encryption aborted.

So to solve this problem I had to perform the following operations:

1. Create a gpg key

$ gpg --full-gen-key

I use the defaults for most of the options that was prompted.

2. Export the key

$ gpg --export-secret-keys > ~/keyfile

3. Import it in gpg2.

$ gpg2 --import ~/keyfile

this will print a keyname to prompt.

4. Edit the key to set the trust level for the key

$ gpg2 --edit-key "<Keyname>"

use the keyname from the prompt that printed from running the previous command. You can also use $ gpg --list-keys to get the keyname. After typing the above command it will take to you gpg shell/command kind of environment. Type trust

gpg> trust
[...]
Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y
[...]
gpg> save

5. Lastly run

$ pass init <gpg_keyname>

Hopefully after this you should be able to insert in all the passwords without any problem :).

Stackexchange links that helped solve my problem: Link1 & Link2