Rejoice! Our beloved password manager, ZX2C4’s pass, sees its Android implementation back on F-Droid. This APS fork has been pushing development forward since some time already, and has finally been published on the aforementioned app store earlier this month.
You must log in or register to comment.
Is this an alternative to bitwarden and keepass? Is it better in terms of security?
I don’t have any experience with bitwarden. The question is what do you want.
I like pass because I can host my password with git, a decentralised storage. I have to manage the key myself.
Integration with Android
The GnuPG implementation for Android is called OpenKeychain. To configure it, just go to the “key management” menu and import the previously created secret key. The only drawback of OpenKeychain for me personally is that there is no fingerprint unlocking.
The pass implementation for Android is called android-password-store, or simply APS.
Install and launch APS. Before synchronizing the password store, go to the “Settings” menu. There we will need the following items:
-
Git server settings. The resulting URL should be the same as that specified on the repository page on github. Authorization type -OpenKeychain. -
Git utils. In this section, specify the username and email from the gpg key. -
OpenPGP provider. SelectOpenKeychain. -
Autofill.
Now you can clone. Select “clone from server” on the main screen, specify the desired location of the repository, check the git settings.
Of course, pass is not that easy to set up. However, this price buys confidence that the tools we use will not one day be declared obsolete, will not change their data format, and will not be left without support.
-
How to use this thing?
Did you see the Documentation section in the README.md? You basically initialise a password store on your server, and you use an implementation like this to sync (SSH + git) your passwords, which are encrypted via your GPG key.
https://www.passwordstore.org/ has some instructions how to initialise a password store on, for example, your server. Then refer to https://github.com/android-password-store/Android-Password-Store/wiki/First-time-setup to configure the app.
Did you see the Documentation section in the README.md?
Yes, that’s why I’m asking.
Anyone know what windows client is able to use GNU pass?
It runs fine in wsl. Admittedly that’s not ideal, but may be the best option.
Unfortunately OpenKeyChain is now no longer being developed. It still works… for now.
APS moved away from OpenKeychain to PGPainless some time ago, from before this fork started. While not perfect either (see https://github.com/agrahn/Android-Password-Store/issues/287), PGPainless is being maintained, and from what I can tell from this APS fork’s git log, is automatically bumped via their renovate bot (e.g. https://github.com/agrahn/Android-Password-Store/commit/9a6b596199d7eb87b40b53c4cb111ba7a5b48188)
Omg thank you! I was just starting to look for alternatives
I was too! I almost migrated to Vaultwarden, but I’m very thankful this fork is continuing the original maintainer’s work.
