Pass, pass-otp and nitrokey?

I did import both keys… But i might have intilized the new pass init wrong i choosed a random name… Now when i try to generate a pass i get this:
gpg: user: skipped: No public key
gpg: [stdin]: encryption failed: No public key
Password encryption aborted.

You know what i could try now?
Do i need to init this on every computer then? pass init <gpg_key_in_hex>
I need to look up which key i picked last time or if email did work…

Now when i tried to use a key as init and generate a pass i get this instead:
gpg: 727randomnumbers657: There is no assurance this key belongs to the named user
gpg: [stdin]: encryption failed: Unusable public key
Password encryption aborted.

What do i do now? I’m gonna try to set this up later on… A step-by-step guide online would been nice to have… How to set up this on a machine, and backup, that’s done… But to start on a new machine, i need to learn this. Thanks again for your good answers.

Is it the same keyid? If so, you could just copy over.

Yes everything is the same… Just a copy of everything… What should i copy over exactly? And how do i set up pass init on the new machine? Could you write some steps?
Others are free to answer also, but you seem to know this in detail. Thanks

I also imported the secretkey.asc should i not have done that? How do i set up pass on another machine if i have public.asc and secret.asc? And pass init… Got any link or some tips for a few steps? What key ison the nitrokey? Oh… does the nitrokey have the secret so i should not import the secret key on the machine and in gpg?
Do you know how to set this up on other machines? I should copy the .password folder or whatever it was called… What else? Can i backup the passwords in one file or should i move the folder?

hey dude. I did try to copy .password-store and .gnupg to the homefolder in another debian machine…
And it’s progress i can copy all passwords with the nitrokey…

But when i try to generate a password i get:
“binary operator exptected” You know why? Some progress though and it’s with the pass -c generate test

If i use pass generate test i get:
bash: test: generate: unary operator expected

Everything works good today… wierd. Maybe the reboot. No errors… So yeah i just imported the keys and copied over the folders and everything is working fine! Thanks anyways

Hey again dude…Thanks for sharing your knowledge… But i had to set up it on another machine, and i did import the public key, but then i like just copied over
hidden .gnupg and .password-store

I can copy passwords but i get this message and i edited out some info:
pass -c site/
gpg: WARNING: unsafe permissions on homedir ‘/home/user/.gnupg’
Copied site/ to clipboard. Will clear in 45 seconds.

How do i fix the permissions? What permissions should i have on the folder or files in it? I had a bunch of files in .gnupg …


edit: Even when i try to init i get this… I must have set it up wrong, or the permissions where messed up from the other machine… How do i even fix that, any idea?

kinda like this as your example earlier and your generated code here… but my error instead.

"$ pass init AF45BC550B792328FDA8FDDF52C47BAA4A43C43D
mkdir: created directory ‘/home/user/.password-store/’
Password store initialized for AF45BC550B792328FDA8FDDF52C47BAA4A43C43D
gpg: WARNING: unsafe permissions on homedir ‘/home/user/.gnupg’
gpg: WARNING: unsafe permissions on homedir ‘/home/user/.gnupg’

chown -R $(whoami) ~/.gnupg/
chmod 600 ~/.gnupg/*
chmod 700 ~/.gnupg
1 Like

nku the it oracle… thanks! Works fine now after that and a reboot… pass is such a clean password manager! Enjoy your weekend.

Hey again! Thanks for all of the support, but you could help me further even. :wink:
I did manage to copy all passwords to new machines it’s easy… But i only have one USB with the right key. And that one is glitchy and i can’t almost use it now i might have wrecked the usb contact with a plier some…
How do i copy over the GPG key to other usb sticks again? I have the secret key saved on another stick…
I get the "Please insert the card with the number: numbers

How do i cope over the identical keys to another stick if i have the secret gpg file? I should be able to use the same sticks for that and have multiple…
Thank you again. :slight_smile:
This thread will be backup-ed, and a good reference for the future. The best pass solution ever. Just need to get this right with copying over the same key also to other nitrokeys… Backups are always good to have so you don’t loose all of your passwords if one stick is missing or broke! Might need to buy another nitrokey soon…

gpg --card-status
The encryption key is set to: Encryption key…: [none]
And same with General key info…: [none]

So i have to set it up again, but yeah i do have the secret key still saved… So i just import it?

How do i import a private or secret key to a new nitrokey? The answer is probably here right…

But i don’t want to generate it… Could anyone help me today do you think with an answer? That would be great… If you know the solution you know… if anyone knows it. Thanks

I can still recover the secret key and make another nitrokey the card key correct? If i backed up the private or secret key right? I hope so…

I can temporarily access the nitrokey now… How do i backup everything on to another nitrokey? When i have some contact with one that’s broken. Thanks

By design, key material needs to be backed up during key creation/personalization of the Nitrokey.

Keys stored in the OpenPGP portion of the Nitrokey cannot be extracted and would not have enough information to rebuild a gpg public/private key pair. A external backup can be created during key generation or when you create it using gpg externally and save the key to card. You need the secret and public keyring to do that.

While the Nitrokey is still available (does it have a hardware defect?) you could also eport the passwords in cleartext using a method as described here: scripting - Export passwords from the `pass` password manager - Unix & Linux Stack Exchange

Ok, so it’s possible to have like 2 usb keys that unlocks the same passwords then? because it wants one serial number and usb at the moment… I have temporary access to it now yes… I might need to extract every password in clear-text and set it all up on another nitrokey then?
Yes the usb port is defect so it’s the hardware…
How would i do this in the best way? To send all in clear-text would take time… i’m not even a coder. I don’t really know how to even run that bash file you linked. I managed to follow your earlier step-by-step guides though. :slight_smile: hehe
Can’t i just switch the key somehow from a half broken usb contact to a new nitrokey in some easy way instead? I do have the pubkey.asc and the secret.asc…
How do i fix this in the best or easiest way? And could i have multiple keys? I would want to set up multiple sometimes if i drop one you know… A step-by-step guide for that online or any place would be a great resource of knowledge when it comes to good password managing on unix overall! :slight_smile: thanks

If passwords can’t be copied from the nitrokey i can copy them manually from the broken nitrokey to another…
But i would really appreciate some step-by-step commands to how i switch the unlock key to the database… i do have the public.asc and the secret or private .asc keys… As a backup copy…
I don’t need to copy every password manually from both the nitrokey and then the .passwords database and set up a whole new nitrokey do i from the start? That would take some time…
I would have to read your guide at-least that was a good post. :slight_smile:
I might need a clear text file then later on, and set up a whole new key and a whole new pass database then with the new serial and generate new keys or what…
Can’t i just import the secret.asc or public.asc then to a new nitrokey and unlock the .passwords folder?
And manually copy and paste passwords that are on the slots in the half broken nitrokey then? It did actually also get run over by a car like 6 months ago hehe. It fell out of my pocket on the ground once, and by chance a car went by 10 seconds after that happened… :slight_smile: It still worked i used some tape… It was some pliers and some glitch issue now that was the cause… It did glitch before and i made it worse with some tool. So i gotta fix this. Thanks again for the answers!

So how do i set up two nitrokeys as keys to open passwords then? That was possible right?
You can’t just use one serial/card at a time or what? If i need to backup every passwords in clear-text from time to time… It’s easy to loose one nitrokey and that can’t be the only way to open passwords…
I’m thinking about starting over now with this usb being broken or 90% glitchy…

How would i set this up in the most optimal way really? From the beginning and starting over… I have some steps already to follow that’s good.

See here.

Yeah i need to set up this from start… And three keys, then i can use those… Why can’t someone make a step-by-step guide for that on the nitrokey wiki? Pass and multiple nitrokeys… GPG tokens on more smartcards for passwords. If they drop one, etc…
I have some steps already, gonna try and do that when i get the nitrokey, but yeah, it would be a good official guide… How to set up multiple token GPG keys on nitrokeys…
That you can use with pass and such… Maybe some moderators can write that? Just an idea… People would buy multiple nitrokeys just saying.

Why would you not write that? :slight_smile: Clever solutions… Nitrokey creators. etc

Hello! I have had some progress now. I have the same sums in gpg --card-status

Signature key …: keys same on both nitrokeys
created …: date
Encryption key…: keys same on both nitrokeys
created …: date
Authentication key: keys same on both nitrokeys
created …: date

Those are the same on both keys!
But…always but.

General key info…: …
sec> keys same on both nitrokeys created: date expires: never
card-no: 1 different serial numbers on both keys, so i can’t unlock pass…
ssb> keys same on both nitrokeys created: date expires: never
card-no: 1
ssb> keys same on both nitrokeys created: date expires: never
card-no: 1 different serial numbers on both keys, so i can’t unlock pass…

The card-no is card 1 and that card/nitrokey only works! In pass…
I get the message with "insert the right serial number… "

How do i also add cards two serial number so i can use two tokens? I have done everything right this time i think…
It’s mostly the serial issue i believe…

I might have to use one nitrokey… And backup my passwords in plain-text. And then i could set up a new password store easily if i drop the usb key…
Or if i can just mirror one nitrokey with some mirror software instead???

Why can’t i just mirror a nitrokey like an ISO instead, and then have two with the same values? It’s still the serial i believe that needs to be added and the same, or two in the list instead of one. Then it should work!
Like this:
General key info…: …
sec> keys created: date expires: never
card-no: 1
card-no: 2

ssb> keys created: date expires: never
card-no: 1
card-no: 2
ssb> keys created: date expires: never
card-no: 1
card-no: 2

How do i add the second serial number? I have backed up the public and secret key right and everything… I did restore it on another key correctly i reckon… I just want two usb keys… With pass password manager. Can’t be that hard to set up right? Please help me out someone, i need to get this to work and have put in quite some time, from time to time, to get this setup to work now…
So why give up now? :wink:
Any help would be appreciated! Thanks!