`pass` was written by Jason Donenfeld, the developer who gave us WireGuard.
It's is a bash script that makes it convenient and easy to use gpg2, the OpenPGP encryption tool. Frankly, I'm kind of shocked at how difficult it is to use the gpg2 command line utility. Clearly it's an extremely powerful tool, but it's written with the assumption that the user has a very deep understanding of how encryption and key signing work. To use `pass` effectively you should have a basic understanding of encryption, but unlike gpg2 you don't need to dedicate a week to grok the manpage.
As much as I love Jason Donenfeld's work, I tried to use pass and the gpg requirement just rubbed me the wrong way. It's basically just gpg-encrpyting a text file and unlocking that along with some wrappers for basic password manager functionality (I guess most important is clipboard functionality and clearing it automatically after some seconds), but somehow that seems like a weak point to me. It's a whole lot of reliance on one extremely bloated suite of applications when I feel like something standalone and about as compact would be better somehow.
A few pass-related projects are working on an age[1] backend in addition to gpg. I think gopass already has support for it.
Correct. Gopass has very early age support. It fully works but the UX is not great (yet).
Oh dammit. I have stopped using Gopass and rewrote pass just for that reason - missing AGE encryption. At least I have learned something new and I feel I have better UI - fuzzy finder instead of their TUI. However, big kudos to Gopass team for awesome work and really useful tool.
Before I start working on next project... Do you recognize any mobile app, which could replace PasswordStore app for Android [0] but with AGE support?
[0]: https://github.com/android-password-store/Android-Password-S...
> missing AGE encryption
I am just curious. What makes AGE backend better than GPG one?
- It works smoothly with SSH keys (generated from ssh-keygen), which are perfectly recognized by possibly any developer.
- No need for external client, such as GpgWin/Kleopatra for Windows.
- Embed-able in Rust[0] and Go[1] (there are libraries), no need to call `gpg --decrypt ...` from the command line.
- Encrypted files by pass and keys are smaller. I guess it is thanks to ecliptic-curve encryption.