Closed arcxio closed 3 months ago
arcxio
commented
4 months ago this thing also turned out useful for creating encrypted backups of the password store, I accidentally nuked my store a couple times when testing this, which was trivial to restore with a urn saved earlier
arcxio
commented
4 months ago I realized it was a bad idea to store the urn along the keys, so the script now creates and searches for the urn in the working directory and takes an optional argument as path to the urn.
arcxio
commented
4 months ago I found out about gpgtar which is part of gpg, I guess my urn tool is more akin to this than to tomb. I still like urn's name better than "agetar" though. this makes me question why pass folks don't just use this instead of tomb. in my research while doing this, I came accross two alternatives to pass-tomb which are based on the same idea as urn and use tar+gpg separately, and none of them use gpgtar. I guess I'm not the only one who was unaware that it exists, oh well...
arcxio
commented
4 months ago UX of this is also up in the air. my initial goal was to not have any options or arguments required for it to work, but in turn the tool has to imply user's intent inferred from the current state, which may be unexpected. for example, it deletes the urn after opening it (and the password store after closing it), which makes running the script twice idempotent, but it may not be what the user wants, like if they intend to use it to restore from a backup... if it wouldn't delete the urn, it has to have a way of knowing if the user wants to open the urn or overwrite it, most likely with the usual open/close subcommands like pass-tomb does it.
arcxio
commented
4 months ago added 'open' and 'close' subcommands with an optional file argument, pa dir and urn are no longer removed. it works like this now:
~/src/pa> pa a test
Generate a password? [y/N]: y
Saved 'test' to the store.
~/src/pa> pa s test
X3UTsYMcZ_RsFTaQtviCwTc2S3VXUznz8aivbV6sckc_6pyS-K
~/src/pa> contrib/pa-urn close
The store has been closed to /home/ar-1/src/pa/passwords.tar.age
~/src/pa> pa s test
X3UTsYMcZ_RsFTaQtviCwTc2S3VXUznz8aivbV6sckc_6pyS-K
~/src/pa> rm -rf ~/.local/share/pa/passwords
~/src/pa> pa s test
error: Password 'test' doesn't exist.
~/src/pa> pa l
~/src/pa> contrib/pa-urn open
The urn has been opened into /home/ar-1/.local/share/pa/passwords
~/src/pa> pa s test
X3UTsYMcZ_RsFTaQtviCwTc2S3VXUznz8aivbV6sckc_6pyS-K
~/src/pa> file passwords.tar.age
passwords.tar.age: age encrypted file, X25519 recipient
one of the commonly pointed out weaknesses of
pass, which transfers topa, is that it leaks metadata, i.e. the password names which usually refer to the services for which user stores their passwords are plain text, in contrast to something like keepass, where all of the entries are stored in a single encrypted database file. this can be a problem when using untrusted cloud to sync passwords. forpass, this is mitigated by an extension pass-tomb. it wraps around tomb, which is more than 3.5k lines of zsh I'll never comprehend. as an alternative, I came up with urn, which is basically the same premise - creating encrypted containers from directories - but implemented ~100x simpler using tar + age and posix shell. the same concept can easily be integrated with pa, so I did. it works like this: