Comment by echo42null
2 days ago
Best practice question for syncing pass across devices: Since exporting and re-importing the private key to a phone seems risky, is the recommended approach to generate a separate GPG key pair on the mobile device and re-encrypt secrets to it?
I use yubikey over nfc with my phone. This way the private key material never reaches the phone.
Using the openkeychain app and password store.
I have multiple yubikeys as target for each password of course.
I have a different pubkey per device. I store all the pubkeys in the pass repo, and have a shell script to re-encrypt everything with those keys. So when I add a new device, I just need to add its pubkey, and then re-encrypt on an existing device.