DEV Community

loading...

Discussion on: Linux: GPG-keys, Pass – passwords manager, and passwords import from a KeePass database

Collapse
setevoy profile image
Arseny Zinchenko Author

Well, actually... Actually - I'd prefer to use KeePassXC as it has better UI.
From the other hand - pass has simple for using CLI (but KeePassXC has keepassxc-cli as well, I just never used it).

Both use the same database mechanism - as a file(s) on a local disk.
Just - KeePass keeps everything in one file while pass keeps all data in a separated dirs/files, so there is less chance it will break everything at the same time.

Also - you can use separated GPG keys to encrypt various pass's files (but again in KeePass(XC) you just can keep different databases with different passwords/keys).

And the built-in Git ability in the pass looks really good (but still - I'm using KeePass with its DB in a Dropbox, so...).

I'd say it's more a matter of taste.
Maybe - pass is more an "oldschool" fashion while KeePassXC is a more modern tool? :-)

P.S. Ah, and there is even WebUI for the pass - github.com/BenoitZugmeyer/pass-web, but it's in Node.js and I didn't trust such a thing, even if run it behind a firewall with HTTPS.

P.P.S keepassxc-cli really simple as well:

$ keepassxc-cli --help
Usage: keepassxc-cli [options] command
KeePassXC command line interface.

Available commands:
add            Add a new entry to a database.
clip           Copy an entry's password to the clipboard.
create         Create a new database.
diceware       Generate a new random diceware passphrase.
edit           Edit an entry.
estimate       Estimate the entropy of a password.
extract        Extract and print the content of a database.
generate       Generate a new random password.
locate         Find entries quickly.
ls             List database entries.
merge          Merge two databases.
rm             Remove an entry from the database.
show           Show an entry's information.
Collapse
tarialfaro profile image
Tari R. Alfaro

Yep. I honestly think we as developers and privacy enthusiasts should be moving away from PGP to better tools that implement better UI/UX and newer algorithms. Not to forget, PGP is hard to use. Long live Libsodium!!!

But I agree. KeePassXC has a pretty UI. I think there are many great things about it.

However there are only a couple reasons one might want to not use it.

  • It's slightly harder to use than other password managers, and can be confusing to non-tech savvy people.
  • It's hard to delegate certain accounts to other people.
  • Possibly more likely to be corrupted and unrecoverable. (Just use a stable application and Operating System and everything should be fine)

But other than that, I see no problem with it.

I found a article explaining why they moved from KeePassXC to pass. It was because they liked using the terminal, and apparently they like doing EVERYTHING in a browser and terminal. I guess it isn't really announced that KeePassXC has a CLI tool. At least I didn't notice anything like that on their homepage.

I think KeePassXC is the best desktop password manager.

On a note, I like to sync my database with Syncthing, which you should definitely check out if you are paranoid about having your database in the "cloud".

I will take KeePassXC over any other password manager any day. Even if I have to manually copy accounts over to another database so someone else can use it. The benefits for me are just too great with KeePassXC.

For people using KeePassXC, I recommend that if they have very important credentials on there, like banking stuff, make sure it is a 6-12 random word passphrase. And print a copy of it and store it somewhere safe. That way if the database gets corrupt you can still easily type it in manually.


Edit

KeePassXC is really nice, because you can set it to automatically minimized the window and select the browser's text field and press Ctrl+C and boom, in 0.25 seconds you copy and pasted your password. It's actually really fast and convenient. Which means I am not being driven insane to take 5 seconds to just paste it, no need for browser integrations. FYI, of your password you generated is longer than 75+ characters, DON'T do auto-type. It can be a little glitchy and it takes forever.

Also, does the auto-type feature prevent clipboard/key-loggers from getting the password?

Thread Thread
tarialfaro profile image
Tari R. Alfaro

A really good idea would be to create a easy to use Libsodium CLI and GUI, kinda like PGP but based on Libsodium.

Thread Thread
setevoy profile image
Arseny Zinchenko Author

Wow... Thanks for the Syncthing! It looks great.
I have two computers at home (PC and laptop) and using a bash-script with rsync to synchronize their /home/setevoy directories, but looks like Syncthing can do it much better. Will investigate it on Saturday.

Just not sure yet if it will be good to sync home folders with gigabytes of data.

And looking at this topic - maybe sync home dirs in such a way will be not the best idea)

Thread Thread
tarialfaro profile image
Tari R. Alfaro

Yeah, Syncthing is pretty cool. I recommend you back up it before messing around. Not trying to imply that it is not stable.

I will warn you not to sync certain folders/files, there MIGHT be folder/file permission issues, which might screw things up. I do not think it is directly related to Syncthing.

Anyways, yeah. I have not synced large amounts of data. I synced a 32mb veracrypt volume and it seemed fine.

At the very least it is great with small amounts of data, e.g: password database.

let me know how it goes, especially how much it can sync.

Collapse
brixy profile image
Brixy

Thank you very much for your great article.

There is also gopass.

gopass is a rewrite of the pass password manager in Go with the aim of making it cross-platform and adding additional features.

It is actively being developed, you can install it without having Go on your machine, and it is 100% compatible with pass.