/~bencollver/log/2022-02-24-pass-unix-password-manager on tilde.pink

	View source

	# 2022-02-24 - Migrating from KeePassXC to pass, the Unix password
	# manager

	Since writing this post, i have switched to using puss.sh, a minimal
	replacement for the "pass" script.

	Puss Password Manager

	# Contents

	* Introduction
	* Export KeePassXC database to XML
	* Install pass Unix password store
	* Initialize pass Unix password store
	* Import XML database into pass Unix password store
	* Using pass Unix password store

	# Introduction

	While reading a gemlog post, i learned of the Unix pass program.

	software i [Alex/nytpu] use daily
	<gemini://nytpu.com/gemlog/2021-01-10.gmi>

	> I use pass to store all my passwords and logins. I use qute-pass
	> for entering logins in qutebrowser, and "Password Store" on my
	> phone.

	pass: the standard Unix password manager

	qute-pass

	I took a look and was delighted by what i found. "pass" is a
	standard Unix shell script that uses the filesystem as a database and
	uses standard utilities such as gpg2. I am familiar with this
	concept because i wrote a similar shell script when i was an HP-UX
	admin around 2003/2004.

	I decided i would like to give pass a try. I have been using
	KeePassXC, which is a QT GUI app.

	# Export KeePassXC database to XML

	The first step is to export the password database to XML. KeePassXC
	has hidden this option in a command-line utility.

	## Example:

	$ keepassxc-cli export ~/passwords.kdbx >~export.xml

	# Install pass Unix password store

	I browsed to the Tarball section of passwordstore.org and downloaded
	Version 1.7.4.

	pass Unix password store

	I extracted the tarball. Since it is a shell script, there is
	nothing to build. To an experienced Unix user, the script and
	Makefile are plain and easy to read. I installed it with the
	following command.

	$ make install PREFIX=/home/ben/local

	# Initialize pass Unix password store

	You must initialize your password store before you use it. The
	password store is encrypted with gpg2, so you will need to have a
	GPG2 key ready to go. I already have gpg2 set up. Below is a link
	to the documentation for reference.

	GnuPG documentation

	Find your gpg2 key name. I did this using the following command.

	$ gpg2 --list-keys
	/home/ben/.gnupg/pubring.gpg
	----------------------------
	pub 2048R/97D71B98 2015-04-04
	uid Ben Collver (ben@computor) <[email protected]>

	In this case my key name is:
	"Ben Collver (ben@computor) <[email protected]>"

	But i can use any unique substring from this name.

	I used the following command to initialize my password store.

	$ pass init "Ben Collver"

	# Import XML database into pass Unix password store

	I browsed to the "Migrating to" section of passwordstore.org and
	downloaded a copy of keepass2pass.py I read through the script to
	understand how it works. Note that KeePassXC exports XML in KeePass2
	format, not KeePassX format.

	$ python keepass2pass.py -f ~/export.xml

	# Using pass Unix password store

	First, i listed my imported passwords using the following command.
	The pass command outputs ANSI escape sequences, so it is important to
	use the less -R option.

	$ pass \| less -R
	Password Store
	└── Root
	├── Internet
	│ ├── angband forums
	│ ├── archive.org

	Next, i listed one of the entries with the following command.

	$ pass Root/Internet/archive.org
	1234567890PlainTextPasswordAlert
	UserName: myusernameisgood
	URL: archive.org
	Notes:
	This, that, and the other thing.

	Username formerly: myusernamewasok

	Next, i copied the password to the clipboard and verified it with the
	following commands.

	$ pass -c Root/Internet/archive.org
	Copied Root/Internet/archive.org to clipboard. Will clear in 45
	seconds.
	$ xclip -o -selection clipboard
	1234567890PlainTextPasswordAlert

	That's enough of for one sitting. Thanks to Jason Donefeld and the
	hacker community for this functional tool!

	See follow-up post:

	gopher://tilde.pink/1/~bencollver/log/2024-10-14-export-password-store/

	tags: bencollver,technical,unix

	# Tags

	bencollver
	technical
	unix