Migrating to Password Store

Migrating to Password Store

A few things to note first

• This is best done to a fresh install of Password Store to prevent conflicts. If you've already got some passwords saved in Password Store, back them up somehow, then uninstall & reinstall the Password Store app. Choose to overwrite previous Password Store "databases" if you get such a pop up. See this bug report.
• Password Store is an Android app designed to be compatible with pass "the standard unix password manager". That is, one could call it an Android implementation of pass. That requires maintaining compatibility with pass to be a top priority. For that reason much of pass' documentation will apply, ie file structure & storage conventions.
• Password Store, and pass for that matter, are created in the unix philosophy of "Make each program do one thing well. To do a new job, build afresh rather than complicate old programs by adding new 'features'." This means that conversion between two password managers isn't in the scope of either project. But it can be done, and due to pass' simplified storage convention, it can be done easily. You just do it with something else, with scripts found in the pass project's git repo.

Getting started

To really drive home the point, you aren't going to migrate to Password Store, you're going to migrate to pass. Then you're going to copy (or sync) that data over to your Android device. You can find the documentation for this on pass' homepage. Go there for specific instructions.

Outline of work flow

1. Prep a computer

   • Install pass. See: https://www.passwordstore.org/

   • Initialize pass. See https://www.passwordstore.org/

     • Pass uses gpg2 to encrypt your passwords. You might want to take some time to get that setup BEFORE you initialize pass. Here's a great *nix reference & a windows reference. The authoritative documentation for gpg can be found here.

     • The important knowledge to gain from above is what a gpg key pair is, what the private & public keys are, how you should handle them, and how to export both. You'll need to move BOTH the public & private keys to your Android device. If you don't understand why, go back and read more or google more; this is important to understand. If it's too complicated feel encouraged to use a different password manager that provides less opportunity to put yourself in a risky situation. KeyPass2/KeyPassX, pwsafe, LastPass, and many more are all good options.

2. Export your passwords from your current password manager.

   • How you do that is specific to your password manager. See the below list of "supported" password managers for useful notes.

3. Find out where the conversions scripts are located.

   • /usr/share/pass/importers is likely
   • sudo find / -iname "*pass2pass*"
   • More fancy for Bash: find "`dirname $(sudo find / -iname '*pass2pass*' -print -quit)`" 9 If you can't find the conversion scripts then either your pass installation didn't include them, or you didn't instruct it to include them. No worries, you can grab the one you want from pass' git repo here.

4. Run the correct conversion script on the exported file. 9 Example: /usr/share/pass/importers/lastpass2pass.rb ~/garbage/lastpassexport.csv

5. Move your private & public gpg keys to your Android device, have the OpenKeychain app import them.

6. Do ONE of the below 9 Preferably you'll use git to keep Password Store in sync with you computer's pass' password store. Git is integrated into both pass & Password Store, and provides version control (The password change didn't stick? Well [expletive deleted] what was the password, I already saved the new one!). Follow Password Store's First Time Setup instructions for Cloning.

   • Otherwise, copy the password store from your computer to your device. On your computer it's located by default in ~/.password-store/. Put it somewhere on your device. Point Password Store to that location.

What password managers can I migrate from

pass' storage convention is stupid simple. So, with a bit of thought & scripting knowledge, probably anything you can export your data from. That said, pass provides scripts to convert the following password manager's data:

• 1Password

  • Homepage: https://1password.com/
  • Exporting: https://support.1password.com/export/
  • Conversion notes: Supports comma and tab delimited text files, as well as logins (but not other items) stored in the 1Password Interchange File (1PIF) format.

• FPM

  • Homepage: http://fpm.sourceforge.net/
  • ¿FPM2? Homepage: http://als.regnet.cz/fpm2/
  • Exporting: Is possible, but I can't find any specific instructions...
  • Conversion notes: Converts from XML format.

• Password Gorilla

  • Homepage: https://github.com/zdia/gorilla/wiki
  • Exporting: Is possible, but I can't find any specific instructions...
  • Conversion notes: Converts from CSV format.

• KedPM

  • Homepage: http://kedpm.sourceforge.net/
  • Exporting: see KedPM's README & this random note.
  • Conversion notes: Not clear, but appears to work with ': ' separated value files?

• KeyPass(2)

  • Homepage: http://keepass.info/
  • Exporting: http://keepass.info/help/base/importexport.html
  • Conversion notes: There are three scripts, select the right one from below. * keepass2csv2pass.py: KeePassX 2+ on Mac allows export to CSV. The CSV contains the following headers: "Group","Title","Username","Password","URL","Notes" * keepass2pass.py: For XML export from KeyPass * keepassx2pass.py: For XML export from KeyPassX (homepage).

• KWallet

  • Homepage: https://utils.kde.org/projects/kwalletmanager/
  • Exporting: https://docs.kde.org/stable5/en/kdeutils/kwallet5/kwalletmanager5.html#idp70280384
  • Conversion notes: Converts from XML format.

• LastPass

  • Homepage: https://lastpass.com/
  • Exporting: https://lastpass.com/support.php?cmd=showfaq&id=1206
  • Conversion notes: Converts from CSV format. Script contains instructions to follow the steps in item #3 from the above Exporting guide. I recommend using the steps from #1, and choosing the "LastPass CSV File" format.

• password-exporter

  • Homepage: https://addons.mozilla.org/en-US/firefox/addon/password-exporter/
  • Exporting: See homepage.
  • Conversion notes: Converts from Password Exporter format 1.1 CSV files.

• Password Safe (pwsafe)

  • Homepage: https://pwsafe.org/
  • Exporting: https://en.wikipedia.org/wiki/Password_Safe#Import_and_export
  • Conversion notes: Converts from TAB separated value format.

• Revelation

  • Homepage: https://revelation.olasagasti.info/
  • Exporting: UNCONFIRMED -> Conversion script appears to operate on the original data store. <- UNCONFIRMED
  • Conversion notes: UNCONFIRMED -> Conversion script appears to operate on the original data store. <- UNCONFIRMED

• roboform

  • Homepage: http://www.roboform.com/
  • Exporting: Save roboform print lists (like File > Print lists > Logins) to ~/roboform_print_lists.
  • Conversion notes: Run import: ./roboform2pass.rb ~/roboform_print_lists