View source | |
# 2022-02-24 - Migrating from KeePassXC to pass, the Unix password | |
# manager | |
Since writing this post, i have switched to using puss.sh, a minimal | |
replacement for the "pass" script. | |
Puss Password Manager | |
# Contents | |
* Introduction | |
* Export KeePassXC database to XML | |
* Install pass Unix password store | |
* Initialize pass Unix password store | |
* Import XML database into pass Unix password store | |
* Using pass Unix password store | |
# Introduction | |
While reading a gemlog post, i learned of the Unix pass program. | |
software i [Alex/nytpu] use daily | |
<gemini://nytpu.com/gemlog/2021-01-10.gmi> | |
> I use pass to store all my passwords and logins. I use qute-pass | |
> for entering logins in qutebrowser, and "Password Store" on my | |
> phone. | |
pass: the standard Unix password manager | |
qute-pass | |
I took a look and was delighted by what i found. "pass" is a | |
standard Unix shell script that uses the filesystem as a database and | |
uses standard utilities such as gpg2. I am familiar with this | |
concept because i wrote a similar shell script when i was an HP-UX | |
admin around 2003/2004. | |
I decided i would like to give pass a try. I have been using | |
KeePassXC, which is a QT GUI app. | |
# Export KeePassXC database to XML | |
The first step is to export the password database to XML. KeePassXC | |
has hidden this option in a command-line utility. | |
## Example: | |
$ keepassxc-cli export ~/passwords.kdbx >~export.xml | |
# Install pass Unix password store | |
I browsed to the Tarball section of passwordstore.org and downloaded | |
Version 1.7.4. | |
pass Unix password store | |
I extracted the tarball. Since it is a shell script, there is | |
nothing to build. To an experienced Unix user, the script and | |
Makefile are plain and easy to read. I installed it with the | |
following command. | |
$ make install PREFIX=/home/ben/local | |
# Initialize pass Unix password store | |
You must initialize your password store before you use it. The | |
password store is encrypted with gpg2, so you will need to have a | |
GPG2 key ready to go. I already have gpg2 set up. Below is a link | |
to the documentation for reference. | |
GnuPG documentation | |
Find your gpg2 key name. I did this using the following command. | |
$ gpg2 --list-keys | |
/home/ben/.gnupg/pubring.gpg | |
---------------------------- | |
pub 2048R/97D71B98 2015-04-04 | |
uid Ben Collver (ben@computor) <[email protected]> | |
In this case my key name is: | |
"Ben Collver (ben@computor) <[email protected]>" | |
But i can use any unique substring from this name. | |
I used the following command to initialize my password store. | |
$ pass init "Ben Collver" | |
# Import XML database into pass Unix password store | |
I browsed to the "Migrating to" section of passwordstore.org and | |
downloaded a copy of keepass2pass.py I read through the script to | |
understand how it works. Note that KeePassXC exports XML in KeePass2 | |
format, not KeePassX format. | |
$ python keepass2pass.py -f ~/export.xml | |
# Using pass Unix password store | |
First, i listed my imported passwords using the following command. | |
The pass command outputs ANSI escape sequences, so it is important to | |
use the less -R option. | |
$ pass | less -R | |
Password Store | |
└── Root | |
├── Internet | |
│ ├── angband forums | |
│ ├── archive.org | |
Next, i listed one of the entries with the following command. | |
$ pass Root/Internet/archive.org | |
1234567890PlainTextPasswordAlert | |
UserName: myusernameisgood | |
URL: archive.org | |
Notes: | |
This, that, and the other thing. | |
Username formerly: myusernamewasok | |
Next, i copied the password to the clipboard and verified it with the | |
following commands. | |
$ pass -c Root/Internet/archive.org | |
Copied Root/Internet/archive.org to clipboard. Will clear in 45 | |
seconds. | |
$ xclip -o -selection clipboard | |
1234567890PlainTextPasswordAlert | |
That's enough of for one sitting. Thanks to Jason Donefeld and the | |
hacker community for this functional tool! | |
See follow-up post: | |
gopher://tilde.pink/1/~bencollver/log/2024-10-14-export-password-store/ | |
tags: bencollver,technical,unix | |
# Tags | |
bencollver | |
technical | |
unix |