Introduction
Introduction Statistics Contact Development Disclaimer Help
View source
# 2022-02-24 - Migrating from KeePassXC to pass, the Unix password
# manager
Since writing this post, i have switched to using puss.sh, a minimal
replacement for the "pass" script.
Puss Password Manager
# Contents
* Introduction
* Export KeePassXC database to XML
* Install pass Unix password store
* Initialize pass Unix password store
* Import XML database into pass Unix password store
* Using pass Unix password store
# Introduction
While reading a gemlog post, i learned of the Unix pass program.
software i [Alex/nytpu] use daily
<gemini://nytpu.com/gemlog/2021-01-10.gmi>
> I use pass to store all my passwords and logins. I use qute-pass
> for entering logins in qutebrowser, and "Password Store" on my
> phone.
pass: the standard Unix password manager
qute-pass
I took a look and was delighted by what i found. "pass" is a
standard Unix shell script that uses the filesystem as a database and
uses standard utilities such as gpg2. I am familiar with this
concept because i wrote a similar shell script when i was an HP-UX
admin around 2003/2004.
I decided i would like to give pass a try. I have been using
KeePassXC, which is a QT GUI app.
# Export KeePassXC database to XML
The first step is to export the password database to XML. KeePassXC
has hidden this option in a command-line utility.
## Example:
$ keepassxc-cli export ~/passwords.kdbx >~export.xml
# Install pass Unix password store
I browsed to the Tarball section of passwordstore.org and downloaded
Version 1.7.4.
pass Unix password store
I extracted the tarball. Since it is a shell script, there is
nothing to build. To an experienced Unix user, the script and
Makefile are plain and easy to read. I installed it with the
following command.
$ make install PREFIX=/home/ben/local
# Initialize pass Unix password store
You must initialize your password store before you use it. The
password store is encrypted with gpg2, so you will need to have a
GPG2 key ready to go. I already have gpg2 set up. Below is a link
to the documentation for reference.
GnuPG documentation
Find your gpg2 key name. I did this using the following command.
$ gpg2 --list-keys
/home/ben/.gnupg/pubring.gpg
----------------------------
pub 2048R/97D71B98 2015-04-04
uid Ben Collver (ben@computor) <[email protected]>
In this case my key name is:
"Ben Collver (ben@computor) <[email protected]>"
But i can use any unique substring from this name.
I used the following command to initialize my password store.
$ pass init "Ben Collver"
# Import XML database into pass Unix password store
I browsed to the "Migrating to" section of passwordstore.org and
downloaded a copy of keepass2pass.py I read through the script to
understand how it works. Note that KeePassXC exports XML in KeePass2
format, not KeePassX format.
$ python keepass2pass.py -f ~/export.xml
# Using pass Unix password store
First, i listed my imported passwords using the following command.
The pass command outputs ANSI escape sequences, so it is important to
use the less -R option.
$ pass | less -R
Password Store
└── Root
├── Internet
│   ├── angband forums
│   ├── archive.org
Next, i listed one of the entries with the following command.
$ pass Root/Internet/archive.org
1234567890PlainTextPasswordAlert
UserName: myusernameisgood
URL: archive.org
Notes:
This, that, and the other thing.
Username formerly: myusernamewasok
Next, i copied the password to the clipboard and verified it with the
following commands.
$ pass -c Root/Internet/archive.org
Copied Root/Internet/archive.org to clipboard. Will clear in 45
seconds.
$ xclip -o -selection clipboard
1234567890PlainTextPasswordAlert
That's enough of for one sitting. Thanks to Jason Donefeld and the
hacker community for this functional tool!
See follow-up post:
gopher://tilde.pink/1/~bencollver/log/2024-10-14-export-password-store/
tags: bencollver,technical,unix
# Tags
bencollver
technical
unix
You are viewing proxied material from tilde.pink. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.