- Install Git for Windows
- Generate ssh key pair
- Clone
password-store
repository from GitLab - [Install pass-winmenu.](#org777c403)
- Set up
gpg
- Test decrypting a password
- Mark key pair as trusted
- (Optional) Delete expired gpg keys
- Go to https://git-scm.com/download/win. Download will start automatically.
- Run the downloaded installer
- Choose all default options
-
Open the "Git Bash" application. (You can also use the Cygwin terminal if Cygwin is installed.)
-
Check whether ssh key pair exists
ls ~/.ssh
If
id_rsa
andid_rsa.pub
already exist, skip to 3. -
Do only if
id_rsa
andid_rsa.pub
do not exist. At the prompt, runssh-keygen
Choose the default location and use an empty passphrase
-
Log into GitLab
-
From the top-right menu, choose "Settings"
-
In the left pane, click on "SSH Keys"
-
Copy the contents of the file
~/.ssh/id_rsa.pub
to the clipboard-
In Git Bash, run
cat ~/.ssh/id_rsa.pub
-
Copy the output (starting with
ssh-rsa
) to the clipboard by highlighting and pressing Ctrl-Insert -
Paste into the text box under "Key" (using Shift-Insert)
-
Click "Add Key"
-
-
Navigate to the
password-store
project in GitLab -
Click "Clone" in the top right
-
Click the clipboard icon to the right of the text under "Clone with SSH" to copy to the clipboard
-
In Git Bash, type
git clone
and paste the text copied in the step above (after a space). You will be prompted to confirm the connection. Answer "yes" and press enter. -
Rename the
password-store
folder to.password-store
usingmv password-store .password-store
or, in equivalent shorthand
mv {,.}password-store
Install pass-winmenu.
- Navigate to the pass-winmenu repo on Github. Click on the "Releases" tab.
- Download the zip file for version 1.9.1. The filename is
pass-winmenu.zip
. (Note: do not download the file with thenogpg
suffix.) - Unpack the zip file to the root directory (e.g.
C:\
) - Inside the unzipped folder, run the
pass-winmenu
executable. You will get an alert saying "no private keys found". Ignore this for now.
-
Locate the
pass-winmenu
icon in the system tray (you may need to click the "^" icon) -
Right click on the
pass-winmenu
tray icon and select "Open Shell" -
Assuming the secret key file is located at
D:\secret.asc
, run the followinggpg --import D:\secret.asc
Basic setup is finished at this point. You can test operation as follows:
Ctrl+Alt+p
to bring up selector- Type to narrow search, Enter to select
- You should see a pop-up indicating that the password has been copied to the clipboard
You will need to mark the imported key pair as trusted in order to use it to encrypt new passwords.
-
Right click on the
pass-winmenu
tray icon and select "Open Shell" -
gpg --list-keys
-
Note the key id of the key pair imported in step 5. The id is the long hex string on the second line of each record. For example, for the output
/Users/matt/.gnupg/pubring.gpg ------------------------------ pub rsa2048 2018-09-27 [SC] [expires: 2020-09-26] 62B64C7C2B289D7AB0AD9DD9B2E52431E1732637 uid [unknown] Matthew Wittmann <mcwitt@gmail.com> sub rsa2048 2018-09-27 [E] [expires: 2020-09-26]
The key id is
62B64C7C2B289D7AB0AD9DD9B2E52431E1732637
. (Note the[unknown]
, meaning this key pair is currently untrusted.) -
Run the following command, substituting the example key id with the one determined in step 3
gpg --edit-key 62B64C7C2B289D7AB0AD9DD9B2E52431E1732637
-
At the
gpg>
prompt, typetrust
. When prompted for the trust level, choose "5" (ultimate) -
Type
Ctrl+d
to exit
-
Right click on the
pass-winmenu
tray icon and select "Open Shell" -
Refer to 2 and 3 above to find the key id of the key pair you want to delete. There should be some indication in the output of
gpg --list-keys
as to which keys are expired. -
To delete the secret key, run (substituting your key id from 2)
gpg --delete-secret-key <key-id>
Answer affirmatively all of the prompts.
-
To delete the public key,
gpg --delete-key <key-id>