Skip to content

Instantly share code, notes, and snippets.

@mcwitt

mcwitt/pass-win10-setup-notes.md

Created January 5, 2020 01:53
Show Gist options
  • Save mcwitt/8d1c65dcc6aa394bd84c22450045a4d0 to your computer and use it in GitHub Desktop.
Save mcwitt/8d1c65dcc6aa394bd84c22450045a4d0 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
pass-win10-setup-notes.md

Install Git for Windows

  1. Go to https://git-scm.com/download/win. Download will start automatically.
  2. Run the downloaded installer
  3. Choose all default options

Generate ssh key pair

  1. Open the "Git Bash" application. (You can also use the Cygwin terminal if Cygwin is installed.)

  2. Check whether ssh key pair exists

    ls ~/.ssh

    If id_rsa and id_rsa.pub already exist, skip to 3.

  3. Do only if id_rsa and id_rsa.pub do not exist. At the prompt, run

    ssh-keygen

    Choose the default location and use an empty passphrase

Clone password-store repository from GitLab

  1. Log into GitLab

  2. From the top-right menu, choose "Settings"

  3. In the left pane, click on "SSH Keys"

  4. Copy the contents of the file ~/.ssh/id_rsa.pub to the clipboard

    • In Git Bash, run

      cat ~/.ssh/id_rsa.pub

    • Copy the output (starting with ssh-rsa) to the clipboard by highlighting and pressing Ctrl-Insert

    • Paste into the text box under "Key" (using Shift-Insert)

    • Click "Add Key"

  5. Navigate to the password-store project in GitLab

  6. Click "Clone" in the top right

  7. Click the clipboard icon to the right of the text under "Clone with SSH" to copy to the clipboard

  8. In Git Bash, type git clone and paste the text copied in the step above (after a space). You will be prompted to confirm the connection. Answer "yes" and press enter.

  9. Rename the password-store folder to .password-store using

    mv password-store .password-store

    or, in equivalent shorthand

    mv {,.}password-store

Install pass-winmenu.

  1. Navigate to the pass-winmenu repo on Github. Click on the "Releases" tab.
  2. Download the zip file for version 1.9.1. The filename is pass-winmenu.zip. (Note: do not download the file with the nogpg suffix.)
  3. Unpack the zip file to the root directory (e.g. C:\)
  4. Inside the unzipped folder, run the pass-winmenu executable. You will get an alert saying "no private keys found". Ignore this for now.

Set up gpg

  1. Locate the pass-winmenu icon in the system tray (you may need to click the "^" icon)

  2. Right click on the pass-winmenu tray icon and select "Open Shell"

  3. Assuming the secret key file is located at D:\secret.asc, run the following

    gpg --import D:\secret.asc

Test decrypting a password

Basic setup is finished at this point. You can test operation as follows:

  1. Ctrl+Alt+p to bring up selector
  2. Type to narrow search, Enter to select
  3. You should see a pop-up indicating that the password has been copied to the clipboard

Mark key pair as trusted

You will need to mark the imported key pair as trusted in order to use it to encrypt new passwords.

  1. Right click on the pass-winmenu tray icon and select "Open Shell"

  2. At the prompt, type

    gpg --list-keys

  3. Note the key id of the key pair imported in step 5. The id is the long hex string on the second line of each record. For example, for the output

    /Users/matt/.gnupg/pubring.gpg
------------------------------
pub   rsa2048 2018-09-27 [SC] [expires: 2020-09-26]
      62B64C7C2B289D7AB0AD9DD9B2E52431E1732637
uid           [unknown] Matthew Wittmann <mcwitt@gmail.com>
sub   rsa2048 2018-09-27 [E] [expires: 2020-09-26]

    The key id is 62B64C7C2B289D7AB0AD9DD9B2E52431E1732637. (Note the [unknown], meaning this key pair is currently untrusted.)

  4. Run the following command, substituting the example key id with the one determined in step 3

    gpg --edit-key 62B64C7C2B289D7AB0AD9DD9B2E52431E1732637

  5. At the gpg> prompt, type trust. When prompted for the trust level, choose "5" (ultimate)

  6. Type Ctrl+d to exit

(Optional) Delete expired gpg keys

  1. Right click on the pass-winmenu tray icon and select "Open Shell"

  2. Refer to 2 and 3 above to find the key id of the key pair you want to delete. There should be some indication in the output of gpg --list-keys as to which keys are expired.

  3. To delete the secret key, run (substituting your key id from 2)

    gpg --delete-secret-key <key-id>

    Answer affirmatively all of the prompts.

  4. To delete the public key,

    gpg --delete-key <key-id>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment