Android Password Store is back on F-Droid (github.com)
from 0bs1d1an@infosec.pub to selfhosted@lemmy.world on 30 May 01:35
https://infosec.pub/post/29085496

Rejoice! Our beloved password manager, ZX2C4’s pass, sees its Android implementation back on F-Droid. This APS fork has been pushing development forward since some time already, and has finally been published on the aforementioned app store earlier this month.

#selfhosted

threaded - newest

Zwuzelmaus@feddit.org on 30 May 02:19 next collapse

How to use this thing?

0bs1d1an@infosec.pub on 30 May 02:37 collapse

Did you see the Documentation section in the README.md? You basically initialise a password store on your server, and you use an implementation like this to sync (SSH + git) your passwords, which are encrypted via your GPG key.

www.passwordstore.org has some instructions how to initialise a password store on, for example, your server. Then refer to github.com/…/First-time-setup to configure the app.

Zwuzelmaus@feddit.org on 30 May 08:10 collapse

Did you see the Documentation section in the README.md?

Yes, that’s why I’m asking.

BozeKnoflook@lemmy.world on 30 May 02:48 next collapse

Unfortunately OpenKeyChain is now no longer being developed. It still works… for now.

0bs1d1an@infosec.pub on 30 May 03:06 collapse

APS moved away from OpenKeychain to PGPainless some time ago, from before this fork started. While not perfect either (see github.com/agrahn/Android-Password-Store/…/287), PGPainless is being maintained, and from what I can tell from this APS fork’s git log, is automatically bumped via their renovate bot (e.g. github.com/…/9a6b596199d7eb87b40b53c4cb111ba7a5b4…)

BozeKnoflook@lemmy.world on 30 May 03:36 collapse

Omg thank you! I was just starting to look for alternatives

0bs1d1an@infosec.pub on 30 May 04:06 collapse

I was too! I almost migrated to Vaultwarden, but I’m very thankful this fork is continuing the original maintainer’s work.

ReginaPhalange@lemmy.world on 30 May 10:10 next collapse

Anyone know what windows client is able to use GNU pass?

AbidanYre@lemmy.world on 30 May 17:41 collapse

It runs fine in wsl. Admittedly that’s not ideal, but may be the best option.

matcha_addict@lemy.lol on 30 May 13:52 next collapse

Is this an alternative to bitwarden and keepass? Is it better in terms of security?

phase@lemmy.8th.world on 31 May 01:19 collapse

I don’t have any experience with bitwarden. The question is what do you want.

I like pass because I can host my password with git, a decentralised storage. I have to manage the key myself.

fireshell@fedia.io on 30 May 23:18 collapse

Integration with Android

The GnuPG implementation for Android is called OpenKeychain. To configure it, just go to the "key management" menu and import the previously created secret key. The only drawback of OpenKeychain for me personally is that there is no fingerprint unlocking.

The pass implementation for Android is called android-password-store, or simply APS.

Install and launch APS. Before synchronizing the password store, go to the "Settings" menu. There we will need the following items:

  1. Git server settings. The resulting URL should be the same as that specified on the repository page on github. Authorization type - OpenKeychain.

  2. Git utils. In this section, specify the username and email from the gpg key.

  3. OpenPGP provider. Select OpenKeychain.

  4. Autofill.

Now you can clone. Select "clone from server" on the main screen, specify the desired location of the repository, check the git settings.

Of course, pass is not that easy to set up. However, this price buys confidence that the tools we use will not one day be declared obsolete, will not change their data format, and will not be left without support.