Skip to content

Instantly share code, notes, and snippets.

@mcwitt

mcwitt/pass-win10-setup-notes.md

Created January 5, 2020 15:42
Show Gist options
  • Save mcwitt/9b13506ecf2e57384ae10d6e1fb65ed6 to your computer and use it in GitHub Desktop.
Save mcwitt/9b13506ecf2e57384ae10d6e1fb65ed6 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
pass-win10-setup-notes.md

Install Git for Windows

  1. Go to https://git-scm.com/download/win. Download will start automatically.
  2. Run the downloaded installer
  3. Choose all default options

Generate ssh key pair

  1. Open the "Git Bash" application. (You can also use the Cygwin terminal if Cygwin is installed.)

  2. To check whether ssh key pair already exists, run

    ls ~/.ssh

    If id_rsa and id_rsa.pub are listed, skip to step 3.

  3. Do only if id_rsa and id_rsa.pub do not exist. At the prompt, run

    ssh-keygen

    Choose the default location and use an empty passphrase

Clone password-store repository from GitLab

Set up SSH access to GitLab

  1. Log into GitLab
  2. From the top-right menu, choose "Settings"
  3. In the left pane, choose "SSH Keys"
  4. Copy the contents of the file ~/.ssh/id_rsa.pub to the clipboard. (Important: note the .pub extension. Do not copy id_rsa, as this is your private key). E.g., do the following:

    • In Git Bash, run

      cat ~/.ssh/id_rsa.pub

    • Copy the output (starting with ssh-rsa) to the clipboard by highlighting and pressing Ctrl-Insert

    • Paste into the text box under "Key" (using Shift-Insert)

    • Click "Add Key"

Clone the password store repository

  1. Navigate to your password store project in GitLab. It should be listed here.

  2. Click "Clone" in the top right

  3. Click the clipboard icon to the right of the text under "Clone with SSH" to copy to the clipboard

  4. In Git Bash, run

    cd
git clone <repo-uri>

    where <repo-uri> is replaced by the text copied in step 3. (Press Shift-Insert to paste) You might be prompted to confirm the ssh connection. If so, type "yes" and press enter.

  5. Rename the password-store folder to .password-store (with leading dot; this is where pass-winmenu looks by default) using

    mv password-store .password-store

    or, in equivalent shorthand (documentation here)

    mv {,.}password-store

Install pass-winmenu

  1. Navigate to the pass-winmenu repository on Github. Click on the "Releases" tab.
  2. Download the zip file for version 1.9.1. The filename is pass-winmenu.zip. (Note: do not download the file with the nogpg suffix.)
  3. Unpack the zip file to the root directory (e.g. C:\). (Note: you do not need to create a new directory to unzip into; the root of the zip file contains a single folder)
  4. Inside the unzipped folder, run the pass-winmenu executable. You will get an alert saying "no private keys found". Ignore this for now.
  5. You should now see an icon for pass-winmenu in the system tray (it looks like a key; you may need to click the "^" icon)

Set up gpg

  1. Right click on the pass-winmenu icon in the system tray and select "Open Shell"

  2. Run the following

    gpg --import <path-to-key-file>

    where <path-to-key-file> is the path to the key file on your thumb drive (probably something like D:\secret.asc)

Test decrypting a password

Basic setup is finished at this point. You should be able to copy passwords to the clipboard using the following:

  1. Ctrl-Alt-p to bring up the selector window
  2. Type to narrow search and press enter to copy the selected password to the clipboard. You should see a pop-up indicating that the password has been copied to the clipboard
  3. Press Shift-Insert or Ctrl-v to paste

Mark key pair as trusted

You will need to mark the imported key pair as trusted in order to use it to encrypt new passwords.

  1. Right click on the pass-winmenu tray icon and select "Open Shell"

  2. At the prompt, type

    gpg --list-keys

  3. Note the key id of the key pair imported in step 5. The id is the long hex string on the second line of each record. For example, for the output

    /Users/matt/.gnupg/pubring.gpg
------------------------------
pub   rsa2048 2018-09-27 [SC] [expires: 2020-09-26]
      62B64C7C2B289D7AB0AD9DD9B2E52431E1732637
uid           [unknown] Matthew Wittmann <mcwitt@gmail.com>
sub   rsa2048 2018-09-27 [E] [expires: 2020-09-26]

    The key id is 62B64C7C2B289D7AB0AD9DD9B2E52431E1732637. (Note the [unknown], meaning this key pair is currently untrusted.)

  4. Run the following command, substituting the <key-id> with that determined in step 3

    gpg --edit-key <key-id>

  5. At the gpg> prompt, type trust. When prompted for the trust level, choose "5" (ultimate)

  6. Type Ctrl+d to exit

(Optional) Delete expired gpg keys

  1. Right click on the pass-winmenu tray icon and select "Open Shell"

  2. Refer to 2 and 3 above to find the key id of the key pair you want to delete. There should be some indication in the output of gpg --list-keys as to which keys are expired.

  3. To delete the secret key, run (substituting your key id from 2)

    gpg --delete-secret-key <key-id>

    Answer affirmatively all of the prompts.

  4. To delete the public key,

    gpg --delete-key <key-id>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment