I was taking a look at split-pass threads in this forum, and so far I have come across 3 different implementations:
However, I am queasy about installing external programs to get “simple” split-gpg-like functionality. Is it not possible to simple make pass, pass-tomb, etc, make use of qubes-gpg-client-wrapper and make use of my existing split-gpg setup?
I don’t know how these which you mentioned work. I manage passwords very simply: one password for everything. Wait! Keep reading.
I have a simple bash script that combines mathematically the username, domain and a password, then outputs a complex ASCII string with desired length. So, considering user and domain combination are always different, it makes possible using only one password, resulting in different actual passwords. No need to store secret data anywhere.
Run that script in an offline disposable, copy the password to the qube you want, done.
Simplest example how you can do something like that:
#!/bin/bash
user=peter
domain=yahoo
length=20
pass=mysecret
sha512sum <<< "${user}${domain}${pass}" | head --bytes="${length}"
Mine is more complex and outputs upper and lowercase letters, special chars etc. You can create your own algorithm.
The only inconvenience is for systems which require periodic password change, as you would have to remember new pass for each change. But even that is simple to manage, e.g. pass=mysecretJANUARY25.
I haven’t shared this in a guide as it is not really Qubes specific.
This is not related to what I was asking on my OP.
You said you were queasy about installing external programs, so I shared a simple solution for handling passwords.
Sorry if it is not helpful.
I said, " I am queasy about installing external programs to get “simple” split-gpg-like functionality."
Yes, your message is not helpful.
I understand. I guess I have been mislead by the title.
Sorry.