Here I describe how I'm managing my password store with Linux pass.
My usual setup is Windows (for compatibility with the rest of the world) with VirtualBox Linux (Lubuntu) guests for all important stuff I do for fun and profit.
I use Linux to create the password store and encryption keys and share those manually with USB stick.
In Lubuntu both pass and gpg (GNU Privacy Guard or GnuPG) commands are already available so nothing needs to be
installed.
Install:
Configure GnuPG for QtPass:
Configuration
> Programs
> Native
> pgp: <INSTALL_PATH>/bin/gpg.exe
> Profiles
> Current password-store: <LOCATION>/.password-store
Generate encryption key interactively:
$ gpg --full-generate-key
Give the following answers to the question:
(1) RSA and RSA (default)
What keysize do you want? (3072) 4096
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y
Real name: <YOUR NAME>
Email address: <YOUR EMAIL>
Comment:
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
List secret key id:
$ gpg --list-secret-keys --keyid-format long
/home/jani/.gnupg/pubring.kbx
-----------------------------
sec rsa4096/<SECRET_KEY_ID> 2022-12-24 [SC]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
uid [ultimate] Eric Example <eric@example.com>
ssb rsa4096/XXXXXXXXXXXXXXXX 2022-12-24 [E]
When using VirtualBox I place the password store to VirtualBox shared folder so that the store will be available both the Linux guest and Windows host:
export PASSWORD_STORE_DIR=<VIRTUALBOX_SHARED_FOLDER>/.password-store
Create empty password store:
$ pass init <SECRET_KEY_ID>
where <SECRET_KEY_ID> is the secret (sec) key id and comes from gpg command above.
Export the key:
gpg --output <FILE1>.pgp --armor --export
emacsgpg --output <FILE2>.pgp --armor --export-secret-key
Adjust time how long the gpg password is remembered:
$ cat .gnupg/gpg-agent.conf
default-cache-ttl 86400
max-cache-ttl 86400
The value is in seconds so 86400 is 24 hours.
<PASSWORD>
site: <SITE>
username: <USERNAME>
email: <EMAIL>
any other free text information