Linux Password Manager CLI
Jump to navigation
Jump to search
The rngd daemon acts as a bridge between a Hardware TRNG (true random number generator) such as the ones in some Intel/AMD/VIA chipsets, and the kernel's PRNG (pseudo-random number generator).
# Install 'rngd' to gain enough entropy for 'gpg' public and secret key creation $> sudo apt-get install rng-tools
Create a key that will be used by pass to encrypt/decrypt ~/.password-store
$> $ gpg --gen-key
gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Note: Use "gpg --full-generate-key" for a full featured key generation dialog.
GnuPG needs to construct a user ID to identify your key.
Real name: Bob Smith # <- input
Email address: user1@acme.com # <- input
You selected this USER-ID:
"Bob Smith <user1@acme.com>"
Change (N)ame, (E)mail, or (O)kay/(Q)uit? O # <- input
┌──────────────────────────────────────────────────────┐
│ Please enter the passphrase to │
│ protect your new key │
│ │
│ Passphrase: ________________________________________ │ # <- can be
│ │ # left blank
│ <OK> <Cancel> │ # 2x dialog
└──────────────────────────────────────────────────────┘
We need to generate a lot of random bytes.
(..omitted..) to gain enough entropy.
gpg: /home/vagrant/.gnupg/trustdb.gpg: trustdb created
gpg: key 0046C0CB14D14757 marked as ultimately trusted
gpg: directory '/home/vagrant/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/home/vagrant/.gnupg/openpgp-revocs.d/B5FCCC7D6BE3B93F0B5569790046C0CB14D14757.rev'
public and secret key created and signed.
pub rsa3072 2020-02-16 [SC] [expires: 2022-02-15]
B5FCCC7D6BE3B93F0B5569790046C0CB14D14757
uid Bob Smith <user1@acme.com> # <- gpg key
sub rsa3072 2020-02-16 [E] [expires: 2022-02-15]
Generate password strore, by providing gpg key for the store encryption. Identify the key by username or keyID. The file ~/.password-store/.gpg-id will contain the key identifier passed on by pass init <keyIdentifier>
$> $ pass init user1@acme.com # option.1 by the uid $> $ pass init B5FCCC7D6BE3B93F0B5569790046C0CB14D14757 # option.2 by the key fingerprint mkdir: created directory '/home/vagrant/.password-store/' Password store initialized for user1@acme.com $> $ pass ls Password Store $> $ pass insert user1 Enter password for user1: *** Retype password for user1: *** $> $ pass ls Password Store └── user1 $> $ pass user1 password123
GPG keys manipultaion
# Delete GPG key gpg2 --delete-secret-keys user1@acme.com gpg2 --delete-key user1@acme.com # delete a public key (from your public key ring) # delete an private key (a key on your private key ring) # This deletes the secret key from your secret key ring. gpg --delete-secret-key "User Name" # delete a public key (from your public key ring): gpg --delete-key "User Name" This removes the public key from your public key ring. # NOTE! If there is a private key on your private key ring associated with this public key, # you will get an error! You must delete your private key for this key pair from your private key ring first. # To list the keys in your public key ring: gpg --list-keys # To list the keys in your secret key ring: gpg --list-secret-keys