6

I'm using pass password manager on multiple computers, linked via a git repository. Which pgp key do I need to share across computers, the public, private, or both, so that I can add /edit /delete passwords on all computers?

user3037237
  • 161
  • 2

2 Answers2

2

To decrypt (read), you only need the private key.

To encrypt (write), you need the public key.

As editing involves both reading and writing, you need both keys.

I believe that you don't need a key to delete a password as they are stored as individual files (and you don't need to decrypt a file to delete it).

Kusalananda
  • 320,670
  • 36
  • 633
  • 936
  • "to [..] **edit** [..] you need the **public key**." Can this be true? Since for editing you also need to _read_ the current password, which requires _private key_. – alex Jan 16 '20 at 15:11
  • @alex You need to decrypt _before_ editing, if what you're editing in encrypted. Once it is decrypted, you obviously don't need the private key to edit the decrypted text. You also don't need a public key to edit anything, as editing _in it self_ does not involve decrypting or encrypting anything. I will change this and remove the word "edit" as it is confusing. – Kusalananda Jan 16 '20 at 15:20
  • @alex I forgot the context of this question (it's quite old). I think it may be clearer now? – Kusalananda Jan 16 '20 at 15:23
  • Thank you, and have a nice day (-: – alex Jan 17 '20 at 00:08
2

First of all, I'd consider "editing" a passphrase replacing the value for a site by another one, not regarding the old passphrase at all (which would include a read operation). pass stores the site's URL in the file name in plain text, thus does not require any cryptographic operations for finding/"lookup" of the encrypted content at all.

If you only want to add, edit and delete passwords, you only need the public key, to be specific for the add and edit operations which encrypt the passphrase using the public key; in fact deleting does not imply any cryptographic operations at all.

On the other hand, for reading any passphrase, you will need to provide the private key, which is required to decrypt the passphrase.

Jens Erat
  • 2,233
  • 2
  • 21
  • 33
  • "to [..] **edit** [..] you need the **public key**." Can this be true? Since for editing you also need to _read_ the current password, which requires _private key_. – alex Jan 16 '20 at 15:10
  • If editing displays the old content, you're definitely right. If it just replaces the old passphrase without showing, editing is a delete-then-add operation and indeed does _not_ require the private key. Not using `pass` for quite some time now and not sure any more how it works, though. – Jens Erat Feb 09 '20 at 10:37