Skip to content
Yishi Lin edited this page May 14, 2017 · 42 revisions

Welcome to the Pass for iOS wiki!


Table of Contents


Quick-start guide for Pass for iOS

Before using Pass for iOS, please make sure that you have your "password store" set up properly. To set up your "password store", please refer to the official Password Store homepage, or our Quick-start guide for pass.

Setting up password repository

HTTPS URL example

  • Git repository URL: https://gitlab.com/passforios-demo/demo.git
  • Username: passforios-demo
  • Supported authentication Method: Password, SSH Keys

SSH URL example

  • Git repository URL: ssh://git@gitlab.com/passforios-demo/demo.git (original is git@gitlab.com:passforios-demo/demo.git)
    • remember to include username in the url
    • remember to change ":" to "/"
  • Username: git
  • Supported authentication Method: SSH Keys, Password (only for self-built Git server, but note that GitHub, GitLab, etc. don't support password authentication.)

Setting up PGP key

There are various ways to set up PGP keys.

Downloading from URL

First, upload your keys to a temporary server. Make sure the uploaded key can be accessed by https connection (e.g., test via wget). Then, fill in URLs for your public and private keys, tap "Save" and fill in your passphrase. Finally, remember to remove the key from the server. Here goes one quick example:

$ gpg --export -a D4763C61 > key.pub
$ gpg --export-secret-keys -a D4763C61 > key
$ scp key.pub key yourtemporaryserver
$ wget https://...yourtemporaryserver.../key    # make sure the key can be accessed by https connection
$ wget https://...yourtemporaryserver.../key.pub

Importing ASCII-armor encrypted key

Adding PGP key in ASCII armored format is supported. Here are some example codes to generate the ASCII-armored key. You could just copy and paste your keys. You could also convert your ASCII-armored keys to a single or multiple QR codes, and scan them using Pass for iOS.

$ gpg --export -a D4763C61               # copy to the app
$ gpg --export-secret-keys -a D4763C61   # copy to the app

Using keys uploaded via iTunes file sharing

You may also use iTunes file sharing function to upload your keys with names gpg_key.pub and gpg_key to the document root directory. The app will automatically use the keys for encryption and decryption.

Synchronizing your password store

Go to the "Passwords" tab in Pass for iOS, pull down to sync your passwords with the remote git (git pull).

Two-factor authentication support

Pass for iOS provides support for Time-based One-time password (TOTP) and HMAC-based one-time password (HOTP). It is compatible with password entries (files) generated by pass-otp, a pass extension for managing one-time-password (OTP) tokens.

Pass for iOS generates TOTP/HOTP for a password entry if there is enough information to construct a valid OTP token.

  • First, a valid OTPAuth URL (if existed) will be used to construct the OTP token.
  • If the first step failed, OTP-related fields (if any) will be used to construct the OTP token.

OTPAuth Uri

For what is a "valid OTPAuth Uri", please refer to Key Uri Format. Here is just a quick example:

otpauth://totp/Example:alice@google.com?secret=JBSWY3DPEHPK3PXP&issuer=Example

Inserting new TOTP/HOTP entries

To insert a new TOTP/HOTP entry via Pass for iOS, you could scan the QR code of OTPAuth URL or manually type the OTPAuth URL.