You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
From a patch to pass written by Carl Michael Skog:
When encrypting with a gpg key that has multiple encryption subkeys ONLY
the newest encryption subkey is used when encrypting.
This leads to potential problems in pass when using such a key.
Consider this scenario:
Let's say we are using a key K with encryption subkey A.
We set up two password stores(S1 and S2) plus a git repository(G) with this
key.
All fine so far.
Let's say now that S1 adds a encryption subkey(B) to K.
S2 is still unchanged.
S1 then adds a new password P, and pushes this to G, which S2 then pulls.
When S2 tries to read password P it will get an error message from gpg:
"gpg: decryption failed: No secret key".
Even more dangerous: if S1 after adding the key does a "pass init" with K,
S2 will not be able to read a single password, if it pulls this change.
From a patch to pass written by Carl Michael Skog:
See this thread: https://lists.zx2c4.com/pipermail/password-store/2019-November/003796.html
The text was updated successfully, but these errors were encountered: