search

gopasspw / gopass

The slightly more awesome standard unix password manager for teams
https://www.gopass.pw/
MIT License
5.87k stars 493 forks source link

Gopass deletes entry in .public-keys that's used in subdirectory's .gpg-id #2571

Open TheLastProject opened 1 year ago

TheLastProject commented 1 year ago

Summary

To reduce exposure, we want to give some GPG keys only access to certain subdirectories. While gopass recipients doesn't support this, putting the key ID in a .gpg-id file in the directory works. Looking at #1842, this is intended to be supported.

However, just setting up the .gpg-id file isn't enough to let teammates also encrypt. So, I wanted to add the same public key to the .public-keys/. However, gopass explicitly deletes this "extra key", even when explicitly committing it.

Steps To Reproduce

(The name of the key and project have been simplified)

# Create and encrypt the secret
gopass edit test_store/project_123/secret1

# Add the key
echo "0123456789" > ~/.local/share/gopass/stores/test_store/project_123/.gpg-id

# Re-encrypt the secret
gopass fsck --decrypt test_store/project_123

# Sync secrets
gopass sync

# So far so good...

# Attempt to add the public key to .public-keys so others don't have to gpg import it
gpg --armor --export 0123456789 > ~/.local/share/gopass/stores/test_store/.public-keys/0123456789

# Optionally, make an explicit commit in by using "git add, git commit, etc." in ~/.local/share/gopass/stores/test_store/

# Try to sync
gopass sync

Expected behavior

The .public-keys entry is retained to simplify encrypting for teammates. Instead, gopass explicitly removes it and even creates a commit to remove it if you explicitly made another commit.

Environment

Additional context

I might be misunderstanding the purpose of the .public-keys directory, but documentation on the whole concept of limiting the access of a GPG key (a "core" feature of regular pass) is generally very lacking within gopass. If there is a better way to do this, I'm all ears.

dominikschulz commented 1 year ago

limiting the access of a GPG key is generally very lacking within gopass.

Yes, this is true. We do have limited support but it's not great. I usually tend to prefer having different mounts over different encryption keys for subdirs. But this is a valid bug and we should fix it.