A Complete Guide to Using pass with GPG: Find and Use Your GPG ID

When initializing your password store with the pass utility, you’ll need to provide the ID of your GPG key to encrypt and protect your passwords. But what exactly are pass and GPG, and why do you need them? This article will explain both tools, walk you through how to find your GPG ID, and help you use it to set up pass for secure password management.

What is pass?

pass, also known as the “Standard Unix Password Manager,” is a simple, command-line-based password management tool. It securely stores passwords by encrypting them using GPG (GNU Privacy Guard). The beauty of pass lies in its simplicity and integration with other Unix-based tools.

Each password is stored as a .gpg file, encrypted by your GPG key. You can organize passwords in folders, search for specific entries, and even sync your password store with version control systems like Git.

Why use pass?

• Lightweight and minimalistic.
• Works well with Git for syncing password stores.
• Secure encryption using GPG.
• Fully open-source and easy to audit.
• Supports sharing passwords with multiple GPG key holders.

What is GPG?

GPG, or GNU Privacy Guard, is an open-source implementation of the OpenPGP standard. It provides encryption and signing services for secure communication. When you use GPG, you create a key pair consisting of:

1. A private (secret) key – This key should be kept secure and is used to decrypt messages and sign documents.
2. A public key – This key can be shared with others, allowing them to encrypt messages for you or verify your signed documents.

In the context of pass, GPG is used to encrypt your passwords. Only someone with the correct private GPG key (and passphrase) can decrypt and access the stored passwords.

How to Find Your GPG ID for pass

Now that you understand the basics of pass and GPG, let’s get into how to find your GPG ID and use it to initialize your password store.

Step 1: List Your GPG Keys

To start, you’ll need to find the GPG keys on your system. Open your terminal and run the following command:

gpg --list-keys

This will show a list of your public GPG keys. Each key has an ID, which you’ll use to initialize your password store. Here’s an example of what the output might look like:

pub   rsa4096 2023-01-01 [SC]
      ABCD1234567890ABCDEF01234567890ABCDEF01234567
uid           [ultimate] Your Name <your.email@example.com>
sub   rsa4096 2023-01-01 [E]

In this case, the GPG ID is the long string of hexadecimal characters below the pub line: ABCD1234567890ABCDEF01234567890ABCDEF01234567. This is the identifier you’ll use with pass.

Step 2: Initialize Your Password Store with pass

Once you’ve identified your GPG ID, you can initialize your password store. To do this, run the following command in your terminal:

pass init ABCD1234567890ABCDEF01234567890ABCDEF01234567

Make sure to replace ABCD1234567890ABCDEF01234567890ABCDEF01234567 with your actual GPG ID.

This command tells pass to use your GPG key to encrypt any passwords you store in your password manager.

Important Notes

• No GPG Key? If you don’t have a GPG key yet, you’ll need to generate one. You can do this by running the following command in your terminal:

  gpg --gen-key
  

  Follow the prompts to create a new key pair. Be sure to choose a strong passphrase, as this protects your private key.

• Choosing the Correct Key: If you have multiple GPG keys, use the uid line in the gpg --list-keys output to identify the correct key by matching the associated name and email address.

Example Breakdown

1. Use gpg --list-keys to list your keys and find your GPG ID (the long hexadecimal string).
2. Use the command pass init <gpg-id> to initialize pass with your GPG key.

Additional Considerations

• Managing Multiple GPG IDs: If you work with multiple GPG keys or want to share your password store with others, you can initialize pass with multiple GPG IDs:

  pass init <gpg-id1> <gpg-id2> ...
  

  This allows different users with different GPG keys to access the same password store.

• Backup Your Keys: It’s essential to back up your GPG keys (especially the private key) so you don’t lose access to your encrypted passwords. You can back up your keys using the following command:

  gpg --export-secret-keys --armor > private-key-backup.asc
  

  Store the backup in a safe place.

Final Thoughts

By following these steps, you can securely set up and initialize your password manager using pass and GPG. The combination of these two tools provides a powerful and secure way to manage your passwords, ensuring they are encrypted and easily accessible via the command line.

Whether you’re an everyday user who needs a reliable password manager or a system administrator looking for a way to securely store and share credentials, pass and GPG are excellent tools to add to your toolkit.

Further Reading

Understanding and Resolving GPG Key Issues in Git