-
Notifications
You must be signed in to change notification settings - Fork 87
Ditch pass dependency in binary #6
Comments
This will make installation easier and we'll be able to support more platforms too (like Windows without cygwin/mingw/whatever). One question is: how to get the PGP key's password? Ask it in the extension? How to save the password in memory? (Note: this could solve #20) |
Start a gpg-agent and keep the correct environment variables. That will also do pop-ups and ask for the password. PS: doing a |
If we ditch the pass dependency, we'll likely also ditch the gpg dependency as soon as there is a good pgp implementation in Go. There are some pinentry libraries in Go if that helps. |
That would make the use of hardware tokens like the OpenPGP Smartcard, the Yubikey or the Nitrokey impossible. |
+1 for GPG agent approach. The agent works flawlessly in complex scenarios (Enigmail or SSH via OpenPGP with smart cards) on Windows too. |
To separate this issue, we could separate the GPG bridge and the frontend, thereby making it more suitable for others to build on. If we clearly define the format of the JSON for the extension and the way it has to connect. |
We already have an interface for password stores, so adding a store without using the GPG binary should be pretty straightforward. EDIT: my bad, decrypting with GPG happens somewhere else. We could define something like |
As I read from the code, |
Since the files are simply GPG encrypted, we could use GPG directly for decrypting the password files.
This way, other software that use a similar approach to storing passwords can be used too. Some people use GPG directly, for example.
The text was updated successfully, but these errors were encountered: