ToffelBlog

pass (unix password manager) for beginners

Published on 2019-03-23

Hello all, This article will get you started with the unix-style pass Password Manager.

Generate GPG keys

The first step is to generate GPG keys if not done already.

Make sure that you have GnuPG installed. Linux users refer to your package manager, Windows or macOS users, please refer to the Official Webpage.

Please note that on some systems gpg v1 is still in-use. This guide will include both versions as indicated by gpg or gpg2.

Start by listing the keys

gpg2 --list-keys

gpg --list-secret-keys

If you see keys here that you know you made then you don't need to generate a new one. Otherwise start the keygen process...

gpg2 --full-generate-key

gpg --default-new-key-algo rsa4096 --gen-key

If you executed the first command, you need to walk-through the setup. Make sure the key size is 4096 bits.

When asked when the keys will expire, make sure that they never expire.

Enter your user information including a name and email address.

Now type a secure passphrase, Here is some advice from HowToGeek.

Initialize pass

Re-run the list key command from above. You should now have a key.

You will want to copy the long string of randomly generated text it should look something like this...

3AA5C34371567BD2 (example copied from GitHub tutorial. Don't use this key!)

You will now want to initialize pass with your key...

pass init "3AA5C34371567BD2"

Again, you should replace the string of text inside the quotation marks with your own key.

Bonus: pass-otp

I hate having to verify my account via a code sent through SMS, it is also insecure that way. The only other alternatives have been with otp apps, now I was always under the impression that this was a propritary mobile app. Turns out any otp application will read the barcodes and generate new codes every 30 seconds.

Go to security settings of whatever online service and set up a 2FA app. During the process it should show a QR code, screenshot this. Then using a program called zbarimg scan the screenshot then pipe into pass otp:

zbarimg -q --raw qrcode-screenshot.png | pass otp append accounts/example@example.com

Note: I seem to have problems scanning if the background of the QR is transparent, I suggest always using a screenshot to get around this problem!

Now get the code using:

pass otp accounts/example@example.com

Note that the code will expire. For maximum effientcy pipe that last command into a clipboard copy program, xclip or wl-copy depending on if you use X.org or Wayland.

Conclusion

Now that everything is setup, follow the examples mentioned on the pass website to begin using.