Skip to main content
XIII
February 15, 2022
Question

GPG support? (like SSH)

  • February 15, 2022
  • 80 replies
  • 17164 views

Would it be possible to add similar support for GPG keys?

80 replies

kherge
April 8, 2023

After having the pleasure of using 1Password's SSH agent, I am also very excited about the possibility of using my GnuPG keys with 1Password and a https://www.gnupg.org/documentation/manuals/gnupg/Agent-Protocol.html#Agent-Protocol. SSH is nice, but I value GnuPG's sub keys support greatly.

  • I generally manage my identity with GnuPG keys, not SSH keys.
  • It's already been mentioned, but key servers for verification is great.
    • The ability to publish and revoke these keys.
  • Being able to create distinct sub keys allows me to avoid using a master key.
    • I can sign for things using dedicated signing keys.
    • I can encrypt things using dedicated encryption keys.

From what I understand, if you wanted any of this without GnuPG you would have to use certificates and certificate authorities.

April 10, 2023

GnuPG/PGP is almost entirely different from SSH. Having one does not make up for not having the other. The whole point of 1password is to support all of these different tools in one system. Please stop distracting with SSH and just implement similar GnuPG support.

owenvoke
April 17, 2023

Would love to have support for GnuPG / PGP as well. Been using it for years for commit signing, file encryption / signatures, and for communication.

Ryan_Parman
May 9, 2023

I started watching this issue 15 months ago, shortly after it was opened.

  • I use GPG for signing my Git commits
  • I use it for signing/encrypting emails
  • I use it with GoReleaser to generate GPG signatures for software packages I release
  • I use it with Keybase.io
  • I use it to encrypt new credentials for people who do not yet have a password manager, so that I can send them over Slack and email.

In the interim, I've been using https://gpgtools.org (macOS) with https://github.com/jorgelbg/pinentry-touchid for a reasonably modern GPG experience.

May 30, 2023

GPG/PGP offers various features for security & privacy. It supports keyservers (are there good methods/servers for doing that with SSH keys?), making it convenient to publish your key.
Additionally, it allows the use of revocation certificates and the creation of master and sub keys, which can be particularly beneficial for organizations. With GPG/PGP, you have the ability to sign commits, as well as sign and encrypt emails, text, individual files, and git commits.

Furthermore, GPG/PGP can be used to securely share credentials with others, even when using platforms or channels that may not prioritize privacy, using their pub key, obtained from e.g. keybase.

Finally, it's worth noting that while SSH keys can be used to sign git commits, the level of trust is not as meaningful as a GPG one, due to the absence of infrastructure like keybase, which verifies the authenticity of the signer.

XIII
XIIIAuthor
May 30, 2023

Finally, it's worth noting that while SSH keys can be used to sign git commits, the level of trust is not as meaningful as a GPG one, due to the absence of infrastructure like keybase, which verifies the authenticity of the signer.

Apparently that’s even an (user…) issue with GPG:

https://blog.pypi.org/posts/2023-05-23-removing-pgp/

sannidhyz
June 27, 2023

GPG keys can not only be used for signing commits but also used to sign and encrypt files, emails and other data. We'd love to see GPG support in 1Password.

August 31, 2023

I'd like to clarify my specific part of wanting GPG support. I'd like to have 1PW serve as my gpg-agent process much like it serves as my ssh-agent. This way, when I attempt to use an agent feature, I'm prompted for my password and the agent provides the necessary key. Additionally, having an option to require the 1PW password whenever a key is used similar to a Credit Card entry would be nice!

I feel like one of the advantages GPG keys offer over SSH keys for signing content is the availability of sub keys for different personas. For example, I'm the same person at work and in personal life, but I can have separate keys for both personas as subkeys to my main key. This is how maintainers of several Linux distributions are encouraged to use GPG, and it seems generally like a good practice. Additionally, as already mentioned, GPG can be used to sign and encrypt email, text files, backups, and a host of other things beyond simply signing git commits. GPG public keys are also discoverable, which makes them much easier to use for communication purposes.

Thanks for all the great work on 1PW so far!

October 12, 2023

+1!

aleon1220
November 18, 2023

+1 but maybe support for other encryption mechanisms and certificates as well. thanks