Is this currently possible?

[stuzenz]

Hi Marko,

Thanks for making the extension - it will be be very useful.

I currently use pass and have a large repository of password in the store. the gpg key was generated on my local machine.

I noticed the instructions for building an new password store in your documentation. Using the keybase cli is it possible for me to upload my machine generated gpg key and use it for the keybase git repository?

I could do some trial and error to try and sleuth it, but I thought asking first might be the safer option for me.

Cheers,
Stu

[mbauhardt]

Hey,
sorry I'm a bit late.
The keybase extension and your local gpg key you re using for pass are decoupled and are different things or lets say technologies. You can import your gpg key into your keybase keychain. keybase help pgp gives an good overview how and when your local gpg keychain are touched.

I did not upload/import any of my local gpg key's yet. I'm using my local gpg keys to manage my pass repo. and the keybase extension as an alternative.

What do you mean with keybase git repository? Can you give me more insights about what do you want to achieve?

marko

[stuzenz]

Gidday,

Let me focus on explaining the use case - to stop me making the water murkier through my lack of understanding of the security architecture you are looking at.

I have over 300 gpg encrypted files in my password store. I would like to create a keybase git project for this collection of files and then use the keybase git project to sync password changes between my different computers and android phones (if possible).

At one point I had the above set up working using a personal instance of gogs (go implementation of gitlab) - although at some point it stopped working and I haven't tried to get that set up working again. I could probably get this working again using gogs - but I thought keybase git would be a better solution since it is less self-managed.

Technically, I am guessing there might be a couple of ways of doing the migration. Easiest would be if I could just import my gpg key to keybase and things just work. If this is possible, great. I will have a look at the keybase cli.

If your project can cover my use case - and I get it working. I will document the process to give you some material to edit for adding to the project readme.

Normally, I would just go for it and through trial and error figure it out. Although, I thought it might be best to ask questions first - to stop myself creating new problems for myself.

Any comments are welcome - thanks again.

[mbauhardt]

Hey,
thx for the explaination. Got it.

so your main goal is

1. sharing your pass git repo accross your private machines.
2. encrypt/decrypt the content of this repo again with gpg (btw: the content of the git repo is already encrypted, and will be decrypted since in will be loaded on to your machine)

So sharing the repo can be made with the keybase+git feature. the content would be encryted and signed with your device keys. But you are using a third party app - pass - which encrypts the content again via GPG. So what you need is a mechnism to share the gpg key accross all your machines. You wanna do it with the keybase gpg feature. With that also your gpg key would be available on all your devices. Sure that should work.

My solution is: having a personal server running in my living room where I host my git repo.
I clone it at home on all my machines. Using a yubikey I plugin into all my machines to be able to encrypt/decrypt with it.

Let me now if your idea/workflow works well.

Cheers
Marko