(TXT) View source # 2022-02-24 - Migrating from KeePassXC to pass, the Unix password # manager # Contents * Introduction * Export KeePassXC database to XML * Install pass Unix password store * Initialize pass Unix password store * Import XML database into pass Unix password store * Using pass Unix password store # Introduction While reading a gemlog post, i learned of the Unix pass program. software i [Alex/nytpu] use daily <gemini://nytpu.com/gemlog/2021-01-10.gmi> > I use pass to store all my passwords and logins. I use qute-pass > for entering logins in qutebrowser, and "Password Store" on my > phone. (HTM) pass: the standard Unix password manager (HTM) qute-pass (HTM) Android pass app I took a look and was delighted by what i found. "pass" is a standard Unix shell script that uses the filesystem as a database and uses standard utilities such as gpg2. I am familiar with this concept because i wrote a similar shell script when i was an HP-UX admin around 2003/2004. I decided i would like to give pass a try. I have been using KeePassXC, which is a QT GUI app. # Export KeePassXC database to XML The first step is to export the password database to XML. KeePassXC has hidden this option in a command-line utility. See the link below for details. (HTM) KeePassXC UserGuide: Exporting Databases ## Example: $ keepassxc-cli export ~/passwords.kdbx >~export.xml # Install pass Unix password store I browsed to the Tarball section of passwordstore.org and downloaded Version 1.7.4. (HTM) pass Unix password store I extracted the tarball. Since it is a shell script, there is nothing to build. To an experienced Unix user, the script and Makefile are plain and easy to read. I installed it with the following command. $ make install PREFIX=/home/ben/local # Initialize pass Unix password store You must initialize your password store before you use it. The password store is encrypted with gpg2, so you will need to have a GPG2 key ready to go. I already have gpg2 set up. Below is a link to the documentation for reference. (HTM) GnuPG documentation Find your gpg2 key name. I did this using the following command. $ gpg2 --list-keys /home/ben/.gnupg/pubring.gpg ---------------------------- pub 2048R/97D71B98 2015-04-04 uid Ben Collver (ben@computor) <bencollver@gmail.com> In this case my key name is: "Ben Collver (ben@computor) <bencollver@gmail.com>" But i can use any unique substring from this name. I used the following command to initialize my password store. $ pass init "Ben Collver" # Import XML database into pass Unix password store I browsed to the "Migrating to" section of passwordstore.org and downloaded a copy of keepass2pass.py I read through the script to understand how it works. Note that KeePassXC exports XML in KeePass2 format, not KeePassX format. $ python keepass2pass.py -f ~/export.xml # Using pass Unix password store First, i listed my imported passwords using the following command. The pass command outputs ANSI escape sequences, so it is important to use the less -R option. $ pass | less -R Password Store └── Root ├── Internet │ ├── angband forums │ ├── archive.org Next, i listed one of the entries with the following command. $ pass Root/Internet/archive.org 1234567890PlainTextPasswordAlert UserName: myusernameisgood URL: archive.org Notes: This, that, and the other thing. Username formerly: myusernamewasok Next, i copied the password to the clipboard and verified it with the following commands. $ pass -c Root/Internet/archive.org Copied Root/Internet/archive.org to clipboard. Will clear in 45 seconds. $ xclip -o -selection clipboard 1234567890PlainTextPasswordAlert That's enough of for one sitting. Thanks to Jason Donefeld and the hacker community for this functional tool! tags: bencollver,technical,unix # Tags (DIR) bencollver (DIR) technical (DIR) unix