the website of dither8

pass (unix password manager) for beginners

Published on 2019-03-23

Update mid-2020: Adding pass-otp section

Update 2021-09-15: Overhaul. Removing gpg1 commands.

Hello all, This article will get you started with the unix-style pass Password Manager.

Generate GPG keys

The first step is to generate GPG keys if not done already.

Make sure that you have GnuPG 2 installed. Linux users refer to your package manager, Windows or macOS users, please refer to the Official Webpage.

Note some systems may require you execute gpg2 instead of just gpg.

Start by listing the keys

gpg --list-keys

If you see a key here that you created. Then you might not need to generate a new one. Otherwise start the keygen process:

gpg --full-generate-key

Here is what you should roughly select:

Initialise pass

Re-run the command to --list-keys. You should now have a key with ultimate trust:

pub   rsa4096 2021-09-15 [SC]
      3E7744C818B6CDF9D4BA27D2995897280F62CA1E
uid           [ultimate] John Smith <josm@gmail.com>
sub   rsa4096 2021-09-15 [E]

You will now want to initialise pass with your public key:

pass init "3E7744C818B6CDF9D4BA27D2995897280F62CA1E"

I generated that key as an example. Don't use it.

Conclusion

Now that everything is setup, follow the examples mentioned on the pass website to begin using.

Bonus: pass-otp

I hate having to verify my account via a code sent through SMS, it is also insecure that way. The only other alternatives have been with One-time password (otp) apps. I was always under the impression that this was a proprietary mobile app. Turns out any otp application will read the QR codes, and function like a mobile app.

Go to security settings of whatever online service and set up a 2FA app. During the process it should show a QR code, screenshot this. Then using a program called zbarimg scan the screenshot then pipe into pass otp.

You have two options to add an OTP code into pass. Pick either one:

# Append to an already existing pass file:
zbarimg -q --raw qrcode-screenshot.png | pass otp append accounts/example@example.com

# Create a new pass file with only the OTP code:
zbarimg -q --raw qrcode-screenshot.png | pass otp insert otp/example@example.com

Note: I seem to have problems scanning if the background of the QR is transparent, I suggest always using a screenshot to get around this problem!

Now get the code using:

pass otp accounts/example@example.com

Note that the code will expire. For maximum efficiency, pipe that last command into a clipboard copy program, xclip or wl-copy depending on if you use X.org or Wayland.