pass (unix password manager) for beginners
Hello all, This article will get you started with the unix-style pass Password Manager.
Generate GPG keys
The first step is to generate GPG keys if not done already.
Make sure that you have GnuPG 2 installed. Linux users refer to your package manager, Windows or macOS users, please refer to the Official Webpage.
Note some systems may require you execute gpg2 instead of just gpg.
Start by listing the keys
gpg --list-keys
If you see a key here that you created. Then you might not need to generate a new one. Otherwise start the keygen process:
gpg --full-generate-key
Here is what you should roughly select:
- Select RSA and make sure the key size is
4096bits. - Make sure the key never expires.
- Enter a name and email address. This just identifies the key.
- Now type a secure passphrase, Here is some advice from HowToGeek.
Initialise pass
Re-run the command to --list-keys. You should now have a key with ultimate trust:
pub rsa4096 2021-09-15 [SC]
3E7744C818B6CDF9D4BA27D2995897280F62CA1E
uid [ultimate] John Smith <josm@gmail.com>
sub rsa4096 2021-09-15 [E]
You will now want to initialise pass with your public key:
pass init "3E7744C818B6CDF9D4BA27D2995897280F62CA1E"
I generated that key as an example. Don't use it.
Conclusion
Now that everything is setup, follow the examples mentioned on the pass website to begin using.
Bonus: pass-otp
I hate having to verify my account via a code sent through SMS, it is also insecure that way. The only other alternatives have been with One-time password (otp) apps. I was always under the impression that this was a proprietary mobile app. Turns out any otp application will read the QR codes, and function like a mobile app.
Go to security settings of whatever online service and set up a 2FA app. During the process it should show a QR code, screenshot this. Then using a program called zbarimg scan the screenshot then pipe into pass otp.
You have two options to add an OTP code into pass. Pick either one:
# Append to an already existing pass file:
zbarimg -q --raw qrcode-screenshot.png | pass otp append accounts/example@example.com
# Create a new pass file with only the OTP code:
zbarimg -q --raw qrcode-screenshot.png | pass otp insert otp/example@example.com
Note: I seem to have problems scanning if the background of the QR is transparent, I suggest always using a screenshot to get around this problem!
Now get the code using:
pass otp accounts/example@example.com
Note that the code will expire. For maximum efficiency, pipe that last command into a clipboard copy program, xclip or wl-copy depending on if you use X.org or Wayland.
Updated mid-2020: Adding pass-otp section
Updated 2021-09-15: Overhaul. Removing gpg1 commands