- Go to https://git-scm.com/download/win. Download will start automatically.
- Run the downloaded installer
- Choose all default options
-
Open the "Git Bash" application. (You can also use the Cygwin terminal if Cygwin is installed.)
-
To check whether ssh key pair already exists, run
ls ~/.ssh
If
id_rsa
andid_rsa.pub
are listed, skip to step 3. -
Do only if
id_rsa
andid_rsa.pub
do not exist. At the prompt, runssh-keygen
Choose the default location and use an empty passphrase
- Log into GitLab
- From the top-right menu, choose "Settings"
- In the left pane, choose "SSH Keys"
- Copy the contents of the file
~/.ssh/id_rsa.pub
to the clipboard. (Important: note the.pub
extension. Do not copyid_rsa
, as this is your private key). E.g., do the following:-
In Git Bash, run
cat ~/.ssh/id_rsa.pub
-
Copy the output (starting with
ssh-rsa
) to the clipboard by highlighting and pressing Ctrl-Insert -
Paste into the text box under "Key" (using Shift-Insert)
-
Click "Add Key"
-
-
Navigate to your password store project in GitLab. It should be listed here.
-
Click "Clone" in the top right
-
Click the clipboard icon to the right of the text under "Clone with SSH" to copy to the clipboard
-
In Git Bash, run
cd git clone <repo-uri>
where
<repo-uri>
is replaced by the text copied in step 3. (Press Shift-Insert to paste) You might be prompted to confirm the ssh connection. If so, type "yes" and press enter. -
Rename the
password-store
folder to.password-store
(with leading dot; this is where pass-winmenu looks by default) usingmv password-store .password-store
or, in equivalent shorthand (documentation here)
mv {,.}password-store
- Navigate to the pass-winmenu repository on Github. Click on the "Releases" tab.
- Download the zip file for version
1.9.1
. The filename ispass-winmenu.zip
. (Note: do not download the file with thenogpg
suffix.) - Unpack the zip file to the root directory (e.g.
C:\
). (Note: you do not need to create a new directory to unzip into; the root of the zip file contains a single folder) - Inside the unzipped folder, run the
pass-winmenu
executable. You will get an alert saying "no private keys found". Ignore this for now. - You should now see an icon for pass-winmenu in the system tray (it looks like a key; you may need to click the "^" icon)
-
Right click on the
pass-winmenu
icon in the system tray and select "Open Shell" -
Run the following
gpg --import <path-to-key-file>
where
<path-to-key-file>
is the path to the key file on your thumb drive (probably something likeD:\secret.asc
)
Basic setup is finished at this point. You should be able to copy passwords to the clipboard using the following:
- Ctrl-Alt-p to bring up the selector window
- Type to narrow search and press enter to copy the selected password to the clipboard. You should see a pop-up indicating that the password has been copied to the clipboard
- Press Shift-Insert or Ctrl-v to paste
You will need to mark the imported key pair as trusted in order to use it to encrypt new passwords.
-
Right click on the
pass-winmenu
tray icon and select "Open Shell" -
gpg --list-keys
-
Note the key id of the key pair imported in step 5. The id is the long hex string on the second line of each record. For example, for the output
/Users/matt/.gnupg/pubring.gpg ------------------------------ pub rsa2048 2018-09-27 [SC] [expires: 2020-09-26] 62B64C7C2B289D7AB0AD9DD9B2E52431E1732637 uid [unknown] Matthew Wittmann <mcwitt@gmail.com> sub rsa2048 2018-09-27 [E] [expires: 2020-09-26]
The key id is
62B64C7C2B289D7AB0AD9DD9B2E52431E1732637
. (Note the[unknown]
, meaning this key pair is currently untrusted.) -
Run the following command, substituting the
<key-id>
with that determined in step 3gpg --edit-key <key-id>
-
At the
gpg>
prompt, typetrust
. When prompted for the trust level, choose "5" (ultimate) -
Type
Ctrl+d
to exit
-
Right click on the
pass-winmenu
tray icon and select "Open Shell" -
Refer to 2 and 3 above to find the key id of the key pair you want to delete. There should be some indication in the output of
gpg --list-keys
as to which keys are expired. -
To delete the secret key, run (substituting your key id from 2)
gpg --delete-secret-key <key-id>
Answer affirmatively all of the prompts.
-
To delete the public key,
gpg --delete-key <key-id>