On Fri, Jun 02, 2017 at 07:42:26AM +0000, Matthieu Fronton wrote: > Le ven. 2 juin 2017 à 07:42, Frank Grüllich <[email protected]> a > écrit : > > > [store raw file] > > What's the big advantage over > > > > % pass insert --multiline "some/path/to/secret" < secret.data > > > > ? > I have to admit I didn't think about in the first place... :) > But I also believe this is more a workaround than a native feature.
That workaround enables some nice tricks, eg.: % openssl genrsa 2048 | pass insert --multiline "some/path/to/www.example.com.key" % pass "some/path/to/www.example.com.key" | openssl req -new -key /dev/stdin -out "www.example.com.csr" -subj "/CN=www.example.com" which stores/uses they secret key almost directly in/from a safe place (and does not create a useful CSR, of course). Your implementation enables (if not encourages) the user to put the key on some potential unsafe storage. > And I wonder if it is binary-safe. > Did you try to store DER certificates for example ? For testing, I once stored a JPEG image with no issues when sharing the store from one Linux box to another one. I'm not sure how cross platfrom safe it is. I guess it's all a matter how GnuPG deals with those things.
signature.asc
Description: PGP signature
_______________________________________________ Password-Store mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/password-store
