IJHack
incorporate a new use case: allow sign keys to be optional to encrypt secret for all members
related to issue #41 : can we have a setting option to disable the need to sign keys?
I was investigating to incorporate pass/qtpass in my team. But it did not fit the expectations.
I wanted to hide completely the gpg thing. I mean, helping users to install gpg in the beginning and nothing else. I think GPG is used in just two moments:
- put your password to decrypt secret
- sign the new member's key
solutions respectively:
- use a passwordless gpg key
- making the sign keys not mandatory through a configuration option, but right now this is not possible
With these two points , I think I can completely hide gpg usage and people can start using qtpass-pass and benefiting from it. Then, when people like this, maybe they are more receptive to have a gpg password or to sign keys.
Issue-Label Bot is automatically applying the label feature_request to this issue, with a confidence of 0.94. Please mark this comment with :thumbsup: or :thumbsdown: to give our bot feedback!
Links: app homepage, dashboard and code for this bot.
![issue-label-bot[bot] avatar](https://avatars.githubusercontent.com/in/27079?v=4 "Published by a pub.dev verified publisher"){kind=small}
Let me show an example,
retroshare, that is currently one of the most secure platforms available [1] is not mandatory to sign keys. I'm asking to add an option to allow bypass the key signature procedure
[1] BEST CURRENT PRACTICE RECOMMENDATION: Despite the usability criticism above, RetroShare over Tor is probably the least bad metadata-preserving social network experience available currently
https://secushare.org/comparison
Since QtPass is part of the https://www.passwordstore.org/ ecosystem. We have to adhere to the basic principles of operation of pass.
But since pass and QtPass use gpg in the backend, it should be possible to configure in a way to lower the required minimal trust level.
I'll look into this when I find the time.
