Why not simply use PASS with your Keybase gpg key?

woodruffw · on June 8, 2017

Well, I wanted something with structured records. `pass` can sort of do that, but it's not built into it.

I also wanted to take advantage of KBFS to do the encryption transparently and expose records as individual files. KBSecret just provides a structure; you can use plain old shell scripts (and I/O primitives) to access your records once they're in place.

It's more of an experiment than anything else currently, but those are the two big motivating ideas.

rrggrr · on June 8, 2017

Makes sense. Do we know if KBFS is deemed cryptographically secure? I haven't kept up on it.

woodruffw · on June 8, 2017

I don't know if there's been a formal audit, but they've published an overview of their cryptographic methods and practices [1].

They've also open-sourced KBFS itself and the `keybase` client [2][3], but again, not sure on the audit.

[1]: https://keybase.io/docs/crypto/overview

[2]: https://github.com/keybase/kbfs

[3]: https://github.com/keybase/client

shusson · on June 9, 2017

I started using pass last week after a post on HN, loving it so far.

omdv · on June 9, 2017

Could I have a link to that post please?

shusson · on June 9, 2017

it's an old one https://news.ycombinator.com/item?id=12890498

_7ffc · on June 9, 2017

Or even just use Pass as normal, setting the password store directory to a path in your KBFS vfs. Two layers of encryption + standard Pass usage. :D

rrggrr · on June 9, 2017

How do you specify the pass file directory?

_7ffc · on June 10, 2017

The original pass program allows overriding the default directory with the PASSWORD_STORE_DIR environment variable. I use gopass [0] though which supports directly configuring this via cli/config file.

[0]: https://github.com/justwatchcom/gopass