Figuring out how to use multiple password stores, each with their own GPG key.
And importantly, how to make the password stores work transparently with the Android app?

The point is to be able to share a specific folder (and all its subfolders) with a collaborator without exposing the secrets in the rest of the passwordstore.

🚨 I just found out, the Android Password Store has been retired by its author https://github.com/android-password-store/Android-Password-Store/discussions/3260 🚨
But there is a fork! https://github.com/agrahn/Android-Password-Store with an app on the F-Droid store https://f-droid.org/packages/app.passwordstore.agrahn

Some ideas from the interwebs:

• symlink folders into the passwordstore
• use direnv to set the environment var PASSWORD_STORE_DIR
• use git submodules

I tried the symlink approach: it works nicely enough on the desktop computer, but not at all on Android with the Passwordstore app.

I considered but did not test the other ideas.

After some more browsing and reading I realized that the pass init command does everything I want.

Starting from the entire passwordstore being encrypted using key A.
Then, assuming you have created GPG key B, re-encrypt folder aaa in passwordstore:

$ pass init --path=aaa B

That's it. Now only key B can decrypt any secrets in the aaa directory (recursively). We can re-encrypt using multiple key by simply listing them, pass init --path=aaa B C D.

• https://askubuntu.com/questions/929307/how-to-change-the-gpg-key-of-the-pass-password-store
• https://lists.zx2c4.com/pipermail/password-store/2020-June/004183.html

Related: how to generate a new GPG keypair

• https://www.linuxbabe.com/security/a-practical-guide-to-gpg-part-1-generate-your-keypair
• https://docs.github.com/en/authentication/managing-commit-signature-verification/generating-a-new-gpg-key

Note that the --expert flag is required to display the option to use ECC (elliptic curve crypto) keys.

taha@rosetta:~
$ gpg --expert --full-gen-key 
gpg (GnuPG) 2.2.27; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
   (7) DSA (set your own capabilities)
   (8) RSA (set your own capabilities)
   (9) ECC and ECC
  (10) ECC (sign only)
  (11) ECC (set your own capabilities)
  (13) Existing key
  (14) Existing key from card
Your selection? 9
Please select which elliptic curve you want:
   (1) Curve 25519
   (3) NIST P-256
   (4) NIST P-384
   (5) NIST P-521
   (6) Brainpool P-256
   (7) Brainpool P-384
   (8) Brainpool P-512
   (9) secp256k1
Your selection? 1
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: <my name>
Email address: <email address>
Comment:
You selected this USER-ID:
    "<Real name> (<Comment>) <Email address>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
Please enter the passphrase to
protect your new key
Passphrase: 
Repeat: 
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key <short key id> marked as ultimately trusted
gpg: directory '~/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '~/.gnupg/openpgp-revocs.d/<long key id>.rev'
public and secret key created and signed.

pub   ed25519 2026-02-24 [SC]
      <long key ID>
uid                      <Real name> (<Comment>) <Email address>
sub   cv25519 2026-02-24 [E]

RSA 4096 is only marginally more secure than RSA 2048 and the consensus is that it is not worth it. For better security than RSA 2048, use elliptic curve crypto instead.
https://www.gnupg.org/faq/gnupg-faq.html#no_default_of_rsa4096

How to export your keypair

Export your public key
gpg --armor --export <key id> > pubkey.asc

Export your private key
gpg --export-secret-keys --armor <key id> > privkey.asc

New idea, perhaps better and less hacky

Directly inspired by this great explainer of how using multiple keys for specific folders should be setup https://github.com/agrahn/Android-Password-Store/issues/512#issuecomment-3387614461

Change passphrase of your GPG key

• https://unix.stackexchange.com/questions/336776/how-to-change-passphrase-for-pass-password-manager

taha@rosetta:~
$ gpg --edit-key <key name>
gpg (GnuPG) 2.2.27; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

sec  rsa2048/<key short id>
     created: 2014-11-28  expires: never       usage: SC  
     trust: ultimate      validity: ultimate
ssb  rsa2048/<key short id>
     created: 2014-11-28  expires: never       usage: E   
[ultimate] (1). <Real name> <Email address>

gpg> passwd
Please enter the passphrase to unlock the OpenPGP secret key:
"<Real name> <Email address>"
2048-bit RSA key, ID <key short id>,
created 2014-11-28.

Passphrase: 
Please enter the new passphrase
Passphrase: 
Repeat: 

Note to self: please come back to this post with links on R, its packages and related resources.

Grammar of graphics

• https://github.com/tidyverse/ggplot2
• https://exts.ggplot2.tidyverse.org/gallery - community-maintained list of extensions
• https://ggplot2-extended-book.com - how to use ggplot2 extensions
• ggiraph - makes ggplot2 graphics interactive.
• ggstraw - custom ggplot2 geom for deviations. Via https://nacnudus.github.io/duncangarmonsway/posts/2019-01-25-a-custom-ggplot2-geom-for-deviations.
• ggpattern - geoms with pattern fills that can be mostly anything (patterns, parts of images, etc.).
• ggside - add side panels to various geoms.

Other visualization frameworks

• https://grantmcdermott.com/tinyplot - tinyplot, an awesome extension of the base R graphics system.
• lattice

Both ggplot2 and lattice are built on top of the lower-level grid package, which was incorporated into the base R distribution back in R 2.0.0.
https://grantmcdermott.com/tinyplot/#fnref1

Pipes, pipes, pipes

• https://nathaneastwood.github.io/2020/02/01/get-and-set-list-elements-with-magrittr - a neat way to get and set list elements in magrittr pipes thanks to some abuse of the .Primitive function. Could offer a nice way to handle higher-dimensional data.

Integration with reference manager Zotero

• https://github.com/oeysan/c2z (manipulate your Zotero collections, items from R; can be integrated with other tools such as cronR, mailR, or even HomeAssistant)

PDF tools

• https://ropensci.org/blog/2016/03/01/pdftools-and-jeroen (pdftools - A fast and portable PDF extractor)

Integration with GPG

• https://ropensci.org/technotes/2016/10/19/gpg-release (Encryption and Digital Signatures in R using GPG)

Web scraping

• https://blog.rsquaredacademy.com/web-scraping Introduction to web scraping with rvest, 2019
• https://www.brodrigues.co/blog/2018-11-01-nethack Scraping with rvest and building a data package, 2018
• My own package periodicdata uses rvest to create a data package

Email from R

• https://github.com/rstudio/blastula send great-looking HTML email messages from R
• https://github.com/datawookie/emayili send email messages from R
• https://github.com/rpremraj/mailR utility to send emails from R

Integration with MS Office (yes, yes, I know...)

• https://ardata-fr.github.io/officeverse
• https://github.com/davidgohel/officer
• https://github.com/davidgohel/flextable

Interfacing with Google Docs

• https://googlesheets4.tidyverse.org

Package repositories

• https://cran.r-project.org/web/packages/available_packages_by_name.html
• https://www.cranhaven.org - for recently archived CRAN packages

Resources

• https://emilyriederer.netlify.app/post/team-of-packages (post of Emily Riederer's rstudio::global 2020 talk)
• https://indrajeetpatil.github.io/awesome-r-pkgtools Awesome R Package Development Tools, compiled by Indrajeet Patil, 2024
• https://win-vector.com/2017/02/05/evolving-r-tools-and-practices John Mount, 2017
• https://github.com/nanxstats/awesome-shiny-extensions
• https://zenodo.org/record/7023492#.YwnwHuxBxhH R from Zero to Hero, slides from talk by Batool Almarzouq (in Arabic)
• https://r-packages.io/datasets - list of R CRAN packages with public datasets

Tools to consider

• https://alexioannides.com/2016/11/02/asynchronous-and-distributed-programming-in-r-with-the-future-package (the futures package: distributed computation, non-blocking async input/output, and more)
• https://cran.r-project.org/web/packages/geomtextpath/vignettes/geomtextpath.html