Rejoice! Our beloved password manager, ZX2C4’s pass, sees its Android implementation back on F-Droid. This APS fork has been pushing development forward since some time already, and has finally been published on the aforementioned app store earlier this month.
You must log in or register to comment.
- 0bs1d1an@infosec.pubEnglish1 year
Did you see the Documentation section in the README.md? You basically initialise a password store on your server, and you use an implementation like this to sync (SSH + git) your passwords, which are encrypted via your GPG key.
https://www.passwordstore.org/ has some instructions how to initialise a password store on, for example, your server. Then refer to https://github.com/android-password-store/Android-Password-Store/wiki/First-time-setup to configure the app.
- Zwuzelmaus@feddit.orgEnglish1 year
Did you see the Documentation section in the README.md?
Yes, that’s why I’m asking.
- matcha_addict@lemy.lolEnglish1 year
Is this an alternative to bitwarden and keepass? Is it better in terms of security?
- 卩卄卂丂乇@lemmy.8th.worldEnglish1 year
I don’t have any experience with bitwarden. The question is what do you want.
I like pass because I can host my password with git, a decentralised storage. I have to manage the key myself.
- BozeKnoflook@lemmy.worldEnglish1 year
Unfortunately OpenKeyChain is now no longer being developed. It still works… for now.
- 0bs1d1an@infosec.pubEnglish1 year
APS moved away from OpenKeychain to PGPainless some time ago, from before this fork started. While not perfect either (see https://github.com/agrahn/Android-Password-Store/issues/287), PGPainless is being maintained, and from what I can tell from this APS fork’s git log, is automatically bumped via their renovate bot (e.g. https://github.com/agrahn/Android-Password-Store/commit/9a6b596199d7eb87b40b53c4cb111ba7a5b48188)
- 0bs1d1an@infosec.pubEnglish1 year
I was too! I almost migrated to Vaultwarden, but I’m very thankful this fork is continuing the original maintainer’s work.
- 1 year
Integration with Android
The GnuPG implementation for Android is called OpenKeychain. To configure it, just go to the “key management” menu and import the previously created secret key. The only drawback of OpenKeychain for me personally is that there is no fingerprint unlocking.
The pass implementation for Android is called android-password-store, or simply APS.
Install and launch APS. Before synchronizing the password store, go to the “Settings” menu. There we will need the following items:
-
Git server settings. The resulting URL should be the same as that specified on the repository page on github. Authorization type -OpenKeychain. -
Git utils. In this section, specify the username and email from the gpg key. -
OpenPGP provider. SelectOpenKeychain. -
Autofill.
Now you can clone. Select “clone from server” on the main screen, specify the desired location of the repository, check the git settings.
Of course, pass is not that easy to set up. However, this price buys confidence that the tools we use will not one day be declared obsolete, will not change their data format, and will not be left without support.
-
- AbidanYre@lemmy.worldEnglish1 year
It runs fine in wsl. Admittedly that’s not ideal, but may be the best option.