2022-02-24 - Migrating from KeePassXC to pass, the Unix password
================================================================
manager
=======

Since writing this post, i have switched to using puss.sh, a minimal
replacement for the "pass" script.

Puss Password Manager
<gopher://tilde.pink/1/~bencollver/log/
2025-01-26-puss-password-manager>

Contents
========

* Introduction
* Export KeePassXC database to XML
* Install pass Unix password store
* Initialize pass Unix password store
* Import XML database into pass Unix password store
* Using pass Unix password store

Introduction
============

While reading a gemlog post, i learned of the Unix pass program.

software i [Alex/nytpu] use daily
<gemini://nytpu.com/gemlog/2021-01-10.gmi>

> I use pass to store all my passwords and logins.  I use qute-pass
> for entering logins in qutebrowser, and "Password Store" on my
> phone.

pass: the standard Unix password manager
<https://www.passwordstore.org/>

qute-pass
<gopher://tilde.club/0/~freet/cgi-bin/gophhub.sh?
repo=qutebrowser/qutebrowser&file=1&path=misc/userscripts/qute-pass>

I took a look and was delighted by what i found.  "pass" is a
standard Unix shell script that uses the filesystem as a database and
uses standard utilities such as gpg2.  I am familiar with this
concept because i wrote a similar shell script when i was an HP-UX
admin around 2003/2004.

I decided i would like to give pass a try.  I have been using
KeePassXC, which is a QT GUI app.

Export KeePassXC database to XML
================================

The first step is to export the password database to XML.  KeePassXC
has hidden this option in a command-line utility.

Example:
--------

   $ keepassxc-cli export ~/passwords.kdbx >~export.xml

Install pass Unix password store
================================

I browsed to the Tarball section of passwordstore.org and downloaded
Version 1.7.4.

pass Unix password store
<https://www.passwordstore.org/>

I extracted the tarball.  Since it is a shell script, there is
nothing to build.  To an experienced Unix user, the script and
Makefile are plain and easy to read.  I installed it with the
following command.

   $ make install PREFIX=/home/ben/local

Initialize pass Unix password store
===================================

You must initialize your password store before you use it.  The
password store is encrypted with gpg2, so you will need to have a
GPG2 key ready to go.  I already have gpg2 set up.  Below is a link
to the documentation for reference.

GnuPG documentation
<https://www.gnupg.org/documentation/index.html>

Find your gpg2 key name.  I did this using the following command.

   $ gpg2 --list-keys
   /home/ben/.gnupg/pubring.gpg
   ----------------------------
   pub   2048R/97D71B98 2015-04-04
   uid                  Ben Collver (ben@computor) <[email protected]>

In this case my key name is:
"Ben Collver (ben@computor) <[email protected]>"

But i can use any unique substring from this name.

I used the following command to initialize my password store.

   $ pass init "Ben Collver"

Import XML database into pass Unix password store
=================================================

I browsed to the "Migrating to" section of passwordstore.org and
downloaded a copy of keepass2pass.py  I read through the script to
understand how it works.  Note that KeePassXC exports XML in KeePass2
format, not KeePassX format.

   $ python keepass2pass.py -f ~/export.xml

Using pass Unix password store
==============================

First, i listed my imported passwords using the following command.
The pass command outputs ANSI escape sequences, so it is important to
use the less -R option.

   $ pass | less -R
   Password Store
   └── Root
       ├── Internet
       │   ├── angband forums
       │   ├── archive.org

Next, i listed one of the entries with the following command.

   $ pass Root/Internet/archive.org
   1234567890PlainTextPasswordAlert
   UserName: myusernameisgood
   URL: archive.org
   Notes:
   This, that, and the other thing.

   Username formerly: myusernamewasok

Next, i copied the password to the clipboard and verified it with the
following commands.

   $ pass -c Root/Internet/archive.org
   Copied Root/Internet/archive.org to clipboard. Will clear in 45
   seconds.
   $ xclip -o -selection clipboard
   1234567890PlainTextPasswordAlert

That's enough of for one sitting.  Thanks to Jason Donefeld and the
hacker community for this functional tool!

See follow-up post:

<gopher://tilde.pink/1/~bencollver/log/
2024-10-14-export-password-store/>

tags: bencollver,technical,unix

Tags
====

bencollver
<gopher://tilde.pink/1/~bencollver/log/tag/bencollver/>
technical
<gopher://tilde.pink/1/~bencollver/log/tag/technical/>
unix
<gopher://tilde.pink/1/~bencollver/log/tag/unix/>

You are viewing proxied material from tilde.pink. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.