1.8 KiB
gpg crypto backend
The gpgcli backend is the default crypto backend based on the gpg CLI. It depends on the GPG installation to be working and having a properly initialized keyring.
Getting started
WARNING: This backend suffers from myriads of different configuration options, a poor scripting interface and not pure-Go libarary bindings being available.
To start using the gpgcli backend initialize a new (sub) store with the --crypto=gpgcli flag:
gopass init --crypto gpgcli
gopass recipients add 0xDEADBEEF
Features
- Compatible with other password store implementations
- Support for all GPG features, like smart-cards or hardware tokens
Caveats
- Using long key sizes (e.g. 4096 bit or longer) can make many operations a lot slower
- Some GPG installations don't work well with concurrent operations
Roadmap
This backend is the single most annoying source of maintenance workload in this project. We try to keep this backend working as good as possible but there are a lot of reasons why we'd prefer eventually move beyond GPG.
GPG Critism
This section is a growing list of references why GPG is bad and why you should avoid it. That might sound like an unusual thing to say for the authors of a tool whose main use case relies on GPG but whenever we tried to move beyond GPG we got a lot of backlash. So I guess first we need to try to make use understand why you shouldn't hold on to GPG and by then we'll try to have a replacement ready for you.