Feature request: support "gopass" multiple recipients feature

[hakusaro]

Heya! I've been experimenting with gopass, a fork of the password store model. It's essentially the same, but one critical feature is that it lets you assign multiple recipients to a password. While in theory, this can be used to share passwords across teams, I'm trying to use it as a way of having different secret keys for different devices.

Right now, I have 3 devices that have 3 keys. Two of the keys are actually stored and generated on Yubikeys, so I don't even have access to the private keys directly. This is okay. The one exception is iOS, because there's no gpg support for smart cards (obviously).

So, I'm using Pass on iOS with its own secret key. Every computer has its own Yubikey and each one has its own secret key stored on a smart card.

Currently, the app reads secrets fine. Every secret generated by and stored by gopass is readable in Pass with no problem. This is because each secret has been encrypted with the public keys associated with all of the recipients. The recipients' public keys are stored in the .public-keys folder.

So what's the problem?

If you save a password in Pass for iOS, Pass only adheres to the model that the original password store spec does: it just encrypts the password with the public key on file on the device. It doesn't care about the other public keys in the .public-keys folder. This means that editing a password makes it inaccessible without having the private key that Pass for iOS has on a different device.

Therefore, I'm requesting a feature for Pass for iOS to encrypt password store entries with all of the recipient keys available in .public-keys if writing data back to the store. I'm not sure what the precise implementation details are, admittedly, but right now reading a password encrypted for multiple recipients just works in the app.

Also, I love this app. Thank you! 💚

[nylocx]

Any reason why you closed that request?

[hakusaro]

Yes — I currently sponsor the developer and there was precisely zero traction on this request. I gave up hope.

Lucas Nicodemus http://keybase.io/xn

On Thu, Apr 9 2020 at 15:03, Alexander Görtz < notifications@github.com > wrote:

Any reason why you closed that request?

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub ( https://github.com/mssun/passforios/issues/338#issuecomment-611774857 ) , or unsubscribe ( https://github.com/notifications/unsubscribe-auth/AAECBJ4RH3BZQPXVEU37XYDRLZA3ZANCNFSM4JTIGSMA ).

[nylocx]

Maybe because it’s already partially addressed in https://github.com/mssun/passforios/issues/147

[hakusaro]

I don’t quite understand why you asked then, lol

[nylocx]

I have the same problem and I found your ticket before I found the one I mentioned above. This feature of using multiple keys for encryption and support of multiple stores like gopass mounts would make this app so much more useful in an enterprise/professional environment. I would be perfectly happy if this would be an in app purchase feature for let’s say 5 to 10 bucks. I could finally convince my team at work to use gopass as a replacement for our antique password store.

[mssun]

Hi, thanks for being up this feature request. Let me try to implement it this weekend. Let’s see if I can have it done. Thank you for the support!

[hakusaro]

@mssun just to be clear — I didn’t want to draw more attention to this earlier because, as a sponsor of your work, I don’t want to put leverage on you. I wanted to support you because I like the project as is — I didn’t want to turn it into a money for features thing. If you wanna work on it, that’s cool! But I don’t want you to feel pressured. Part of why I closed the issue was because it bothered me in that state — and if you didn’t want to work on it, I totally understand/understood.

Please do not feel pressured. Really. I honestly really and truly appreciate you and I don’t want you to take this the wrong way.

@nylocx I’m sorry for coming off as caustic there. I understand where you’re coming from. I misinterpreted what you said, and took it the wrong way. I’m sorry. Please forgive me.

[SimplyDanny]

Isn‘t this feature basically the same as #147?

[nylocx]

Yeah as I said they are a pretty close match, but this request had a pretty good explanation so I think you could link from one to the other as duplicate.

[mssun]

375 has been merged. I'll release it in the TestFlight ASAP. Feel free to report any bugs. Thanks.

Now, the app will select key according to .gpg-id to encrypt and decrypt password entry. You can add multiple keys by concatenating multiple keys into one file.

[hakusaro]

@mssun I joined TestFlight and I’ll let you know!

[nylocx]

I’m currently testing this feature and I’m not sure where to provide the „other“ public keys. I am using gopass on the desktop to mount multiple password stores, in my .gpg-id are two fingerprints of the keys in question each on its own line.

And I have a .public-keys directory in the repo that contains the armored exported gpg public keys.

In the settings I only added my private key. Do you look at the .public-keys directory or do I have to add the public key of the „other“ recipient in the settings of pass for iOS (paste below my private key)?

[nylocx]

Ok, I finally managed to test the feature, but for me it is currently not fully working. My scenario is as follows (which is pretty close to @hakusaro use case).

I have a repo with two keys in my .gpg-id

25ED204BBCCF6A4AF94912D75EC557869C54713E
8537D1D5ECE2E6923EF5522C35CFA41773DAF303

The first one is a private sub with encryption feature that is only available via my yubikey device on my notebook. The second one is a key that is available in the pass for ios app.

In the public key settings box I have concatenated the public keys of both keys. In the private key settings box I inserted just the private key (73DAF303).

The app now shows me that I have multiple keys, but if I try to open a secret (that is encrypted with both public keys) pass shows me a dialog that the private key is missing so I have to manually select the 73DAF303 key to decrypt the secret. (Every time I want to use a secret)

The second, maybe even more important, issue is that if I create a new secret I also have to select the key and the secret is only encrypted with the one key I selected. (verified with gpg --pinentry-mode cancel --list-packets secret.gpg)

The expected behavior would be that every new secret is encrypted with both public keys so it can be decrypted with either of the private keys, the one on my yubikey and the one on the iPhone. And for decryption it should try to decrypt with the first available private key.

I hope the explanation was understandable, if not please let me know so I can provide more information.

PS: Importing a huge public key encoded via qrencode and combined to a gif only imports the string from the first frame not all of them, but this will be another issue for a later time.

[mssun]

Hi all, I just want to make sure the current TestFlight is usable for multiple .gpg-id files. Since this feature needs a lot of work and I don't want to block the AppStore release. Can I come back and continue to polish this feature later? Thanks.

[hakusaro]

Hey, it's your project! You can do what's comfortable for you. GitHub notifications@github.com wrote: “Hi all, I just want to make sure the current TestFlight is usable for multiple .gpg-id files. Since this feature needs a lot of work and I don't want to block the AppStore release. Can I come back and continue to polish this feature later? Thanks.”

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.

[hakusaro]

@mssun I don't actually think this is a good idea anymore. It appears that gopass is starting to diverge from the password store spec, and they'll be removing support for other backends. Therefore, I don't think you need to worry about it unless you want to explicitly support their development decisions: https://github.com/gopasspw/gopass/releases/tag/v1.9.3-rc.0.

[Brixy]

It appears that gopass is starting to diverge from the password store spec, and they'll be removing support for other backends.

This is off the table.

Gopass will remain compatible with pass using GPG and git.

The newly introduces mime option will not be the default setting any more.

[awensaunders]

Is there any chance that this feature is still being worked on? I have multiple keys that I'd like to encrypt to in my .gpg-id file. I can successfully import the keys as multiple ascii armoured keys, and select a single key from my keyring to encrypt each secret to, but I can't figure out how to encrypt to more than one recipient.

I suspect that the solution would be to make the interface for encrypt() https://github.com/mssun/passforios/blob/701737fd72458e0c2f298a859fe488e92fe50f16/passKit/Crypto/PGPInterface.swift#L12 an array, and then in the implementation of that interface https://github.com/mssun/passforios/blob/701737fd72458e0c2f298a859fe488e92fe50f16/passKit/Crypto/GopenPGPInterface.swift#L124 just add the extra keys (with the objective-c binding to this https://github.com/ProtonMail/gopenpgp/blob/0e109ca7ce5807d27ed74f26a5bfba2f80c129eb/crypto/keyring.go#L40). Then you'd only need to rewrite the gpg-id finding function https://github.com/mssun/passforios/blob/701737fd72458e0c2f298a859fe488e92fe50f16/passKit/Models/PasswordStore.swift#L737 to split on the newlines and return the array.

I don't have a mac, otherwise I'd submit a PR...