TEXT View source
# 2022-02-24 - Migrating from KeePassXC to pass, the Unix password
# manager
Since writing this post, i have switched to using puss.sh, a minimal
replacement for the "pass" script.
DIR Puss Password Manager
# Contents
* Introduction
* Export KeePassXC database to XML
* Install pass Unix password store
* Initialize pass Unix password store
* Import XML database into pass Unix password store
* Using pass Unix password store
# Introduction
While reading a gemlog post, i learned of the Unix pass program.
software i [Alex/nytpu] use daily
<gemini://nytpu.com/gemlog/2021-01-10.gmi>
> I use pass to store all my passwords and logins. I use qute-pass
> for entering logins in qutebrowser, and "Password Store" on my
> phone.
HTML pass: the standard Unix password manager
TEXT qute-pass
I took a look and was delighted by what i found. "pass" is a
standard Unix shell script that uses the filesystem as a database and
uses standard utilities such as gpg2. I am familiar with this
concept because i wrote a similar shell script when i was an HP-UX
admin around 2003/2004.
I decided i would like to give pass a try. I have been using
KeePassXC, which is a QT GUI app.
# Export KeePassXC database to XML
The first step is to export the password database to XML. KeePassXC
has hidden this option in a command-line utility.
## Example:
$ keepassxc-cli export ~/passwords.kdbx >~export.xml
# Install pass Unix password store
I browsed to the Tarball section of passwordstore.org and downloaded
Version 1.7.4.
HTML pass Unix password store
I extracted the tarball. Since it is a shell script, there is
nothing to build. To an experienced Unix user, the script and
Makefile are plain and easy to read. I installed it with the
following command.
$ make install PREFIX=/home/ben/local
# Initialize pass Unix password store
You must initialize your password store before you use it. The
password store is encrypted with gpg2, so you will need to have a
GPG2 key ready to go. I already have gpg2 set up. Below is a link
to the documentation for reference.
HTML GnuPG documentation
Find your gpg2 key name. I did this using the following command.
$ gpg2 --list-keys
/home/ben/.gnupg/pubring.gpg
----------------------------
pub 2048R/97D71B98 2015-04-04
uid Ben Collver (ben@computor) <bencollver@gmail.com>
In this case my key name is:
"Ben Collver (ben@computor) <bencollver@gmail.com>"
But i can use any unique substring from this name.
I used the following command to initialize my password store.
$ pass init "Ben Collver"
# Import XML database into pass Unix password store
I browsed to the "Migrating to" section of passwordstore.org and
downloaded a copy of keepass2pass.py I read through the script to
understand how it works. Note that KeePassXC exports XML in KeePass2
format, not KeePassX format.
$ python keepass2pass.py -f ~/export.xml
# Using pass Unix password store
First, i listed my imported passwords using the following command.
The pass command outputs ANSI escape sequences, so it is important to
use the less -R option.
$ pass | less -R
Password Store
└── Root
├── Internet
│ ├── angband forums
│ ├── archive.org
Next, i listed one of the entries with the following command.
$ pass Root/Internet/archive.org
1234567890PlainTextPasswordAlert
UserName: myusernameisgood
URL: archive.org
Notes:
This, that, and the other thing.
Username formerly: myusernamewasok
Next, i copied the password to the clipboard and verified it with the
following commands.
$ pass -c Root/Internet/archive.org
Copied Root/Internet/archive.org to clipboard. Will clear in 45
seconds.
$ xclip -o -selection clipboard
1234567890PlainTextPasswordAlert
That's enough of for one sitting. Thanks to Jason Donefeld and the
hacker community for this functional tool!
See follow-up post:
DIR gopher://tilde.pink/1/~bencollver/log/2024-10-14-export-password-store/
tags: bencollver,technical,unix
# Tags
DIR bencollver
DIR technical
DIR unix