Karna
Posts Notes Categories Tags About
Karna

Contents

Password Manager Setup

Karna included in Linux
   434 words   3 minutes 

Introduction

Managing passwords can be a hassle, and choosing between convenience and privacy is a constant struggle. While saving passwords in your browser is an easy solution, it’s not the best choice if privacy is a priority. By using the gpg (GNU Privacy Guard) package to encrypt passwords and the pass password manager to manage encryption and decryption, you can maintain your privacy and keep your passwords secure.

Installation

For Arch Linux, install the necessary package with:

sudo pacman -S pass

There is also a GUI available called qtpass, but I prefer using pass through the CLI or with a tool like rofi.

Before using pass, you need to have a PGP key created with gnupg.

GPG Setup

  1. Install gnupg:
pacman -S gnupg
  1. Generate a new key:
gpg --full-generate-key

Follow the prompts and set a passphrase for security.

  1. List your keys:
gpg --list-keys
  1. Export your public key (optional for sharing/migration):
gpg --armor --export your_email@example.com > public_key.asc

This key will be used by pass to encrypt and decrypt your passwords.

Usage

Generating a New Password

pass generate site.url.tld/username 16

Storing a Password

pass insert site.domain.tld/username

Viewing a Password

pass show domain.tld/username

To copy it to the clipboard:

pass show -c domain.tld/username

Saving Encrypted Passwords

To enable built-in git support:

cd ~/.password-store
pass git init

Then push your encrypted passwords:

pass git push origin master

Improved Workflow with rofi-pass

Install rofi-pass:

pacman -S rofi rofi-pass  # X11 Support
paru -S rofi-pass-wayland-git  # Wayland Support

Set up a shortcut in i3:

bindsym $mod+p exec /usr/bin/rofi-pass

Modify .config/rofi-pass/config:

default_do='typePass'

Fixing rofi-pass Password Prompt

Edit .gnupg/gpg-agent.conf:

pinentry-program /usr/bin/pinentry-gnome3

Reload GPG agent:

gpg-connect-agent reloadagent /bye

Importing Existing Passwords

Install pass-import:

yay -S pass-import

Import passwords from Firefox:

pass import firefox ~/passwordsfile.csv

Automation Script

#!/bin/bash
setup_gpg_pass() {
    echo "Do you want to set up GPG and Pass? (Y/n)"
    read -r RESPONSE
    RESPONSE=${RESPONSE:-y}

    if [[ "$RESPONSE" =~ ^[Nn]$ ]]; then
	echo "Skipping setup." && return
    fi

    echo "Setting up GPG and Pass..."
    sudo pacman -S --noconfirm gnupg pass qrencode
    paru -S --noconfirm rofi-pass-wayland-git pass-import

    echo -n "Enter your email: "
    read -r EMAIL

    if gpg --list-keys "$EMAIL" > /dev/null 2>&1; then
	echo "GPG key exists. Skipping generation."
    else
	echo "Generating a new GPG key..."
	cat >key-config <<EOF
	Key-Type: RSA
	Key-Length: 4096
	Name-Email: $EMAIL
	Expire-Date: 0
	%commit
EOF
	gpg --batch --full-generate-key key-config
	rm -f key-config
    fi

    echo "Initializing pass..."
    pass init "$EMAIL"

    echo "GPG and Pass setup completed!"
}
setup_gpg_pass

Conclusion

Using a secure password manager like pass is crucial for managing the many passwords we accumulate. By combining it with gpg for encryption, you can ensure your passwords remain safe and private.

Updated on 2025-04-01
Read Markdown
 GPGPASSLinux
Back | Home