2022-02-24 - Migrating from KeePassXC to pass, the Unix password ================================================================ manager ======= Contents ======== * Introduction * Export KeePassXC database to XML * Install pass Unix password store * Initialize pass Unix password store * Import XML database into pass Unix password store * Using pass Unix password store Introduction ============ While reading a gemlog post, i learned of the Unix pass program. software i [Alex/nytpu] use daily > I use pass to store all my passwords and logins. I use qute-pass > for entering logins in qutebrowser, and "Password Store" on my > phone. pass: the standard Unix password manager qute-pass Android pass app I took a look and was delighted by what i found. "pass" is a standard Unix shell script that uses the filesystem as a database and uses standard utilities such as gpg2. I am familiar with this concept because i wrote a similar shell script when i was an HP-UX admin around 2003/2004. I decided i would like to give pass a try. I have been using KeePassXC, which is a QT GUI app. Export KeePassXC database to XML ================================ The first step is to export the password database to XML. KeePassXC has hidden this option in a command-line utility. See the link below for details. KeePassXC UserGuide: Exporting Databases Example: -------- $ keepassxc-cli export ~/passwords.kdbx >~export.xml Install pass Unix password store ================================ I browsed to the Tarball section of passwordstore.org and downloaded Version 1.7.4. pass Unix password store I extracted the tarball. Since it is a shell script, there is nothing to build. To an experienced Unix user, the script and Makefile are plain and easy to read. I installed it with the following command. $ make install PREFIX=/home/ben/local Initialize pass Unix password store =================================== You must initialize your password store before you use it. The password store is encrypted with gpg2, so you will need to have a GPG2 key ready to go. I already have gpg2 set up. Below is a link to the documentation for reference. GnuPG documentation Find your gpg2 key name. I did this using the following command. $ gpg2 --list-keys /home/ben/.gnupg/pubring.gpg ---------------------------- pub 2048R/97D71B98 2015-04-04 uid Ben Collver (ben@computor) In this case my key name is: "Ben Collver (ben@computor) " But i can use any unique substring from this name. I used the following command to initialize my password store. $ pass init "Ben Collver" Import XML database into pass Unix password store ================================================= I browsed to the "Migrating to" section of passwordstore.org and downloaded a copy of keepass2pass.py I read through the script to understand how it works. Note that KeePassXC exports XML in KeePass2 format, not KeePassX format. $ python keepass2pass.py -f ~/export.xml Using pass Unix password store ============================== First, i listed my imported passwords using the following command. The pass command outputs ANSI escape sequences, so it is important to use the less -R option. $ pass | less -R Password Store └── Root ├── Internet │   ├── angband forums │   ├── archive.org Next, i listed one of the entries with the following command. $ pass Root/Internet/archive.org 1234567890PlainTextPasswordAlert UserName: myusernameisgood URL: archive.org Notes: This, that, and the other thing. Username formerly: myusernamewasok Next, i copied the password to the clipboard and verified it with the following commands. $ pass -c Root/Internet/archive.org Copied Root/Internet/archive.org to clipboard. Will clear in 45 seconds. $ xclip -o -selection clipboard 1234567890PlainTextPasswordAlert That's enough of for one sitting. Thanks to Jason Donefeld and the hacker community for this functional tool! tags: bencollver,technical,unix Tags ==== bencollver technical unix