As said in Debian's bug #739780[1]: When inserting or generating a new password, pass does not check whether the call to gpg to store the encrypted password actually succeeds. If GPG fails, the exit code of pass is 0, and in case you generate a new password, the generated password is still printed on the screen or copied to the clipboard. The problem is of course that you think you have stored the password, but in reality it is lost.
[guus@haplo]~>pass generate -c test 10 gpg: please do a --check-trustdb gpg: 1234ABCD: There is no assurance this key belongs to the named user gpg: [stdin]: encryption failed: Onbruikbare publieke sleutel Copied test to clipboard. Will clear in 45 seconds. [guus@haplo]~>echo $? 0 In case GPG fails, pass should NOT return a password and the exit code should be non-zero. Also, in case the --clip option is used, pass should clear the clipboard before doing anything else, to ensure that in case of an error, the clipboard does not contain any other contents from before pass was called. [1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739780 -- Víctor -- E-Mail: <[email protected]>, OpenPGP-Key-ID: 0xA2591E231E251F36 Key fingerprint: E3C5 114C 0C5B 4C49 BA03 0991 A259 1E23 1E25 1F36 My signed E-Mails are trustworthy.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Password-Store mailing list [email protected] http://lists.zx2c4.com/mailman/listinfo/password-store
