The last few days have been notable largely thanks to the premature failure of a Samsung Evo 860 SSD which corrupted my Windows 10 install. A bunch of faffing about later (in spite of the fact that I have my PC backed up using the built-in Windows backup feature) I found myself having to setup up my user profile again. I should note that I stopped using Windows regularly in the XP time frame so I'm not particularly comfortable with it, but I keep this one system around to run games since gaming on macOS or Linux is for the youth who have not realized how precious their time is yet.
Anyway, I use pass, the standard unix password manager
to keep all my passwords on all of my devices and while on macOS I just use the
command line version on Windows I wanted a browser extension since it just
seemed like the Windows way and opening up
cmd.exe every time I needed a
password seemed cumbersome.
It turns out that there is a Firefox extension but the install instructions for Windows are... lacking. This is what I did to make it work.
pasff requires you already have a functional password store so we need to do that first. You need to install the following software.
Get the latest release version of everything on this list. Python, Gpg4win, and git all have installers so use them. Make sure that if any of them ask if you want to add them to your PATH you say yes. At this point if you are using an existing password store, you will want to import your GPG public and private keys.
GPG Key Export/Import
The easiest way I found to accomplish this part was to install
PuTTY, ssh into my macOS machine and run
gpg --armor --export $(<~/.password-store/.gpg-id) and
gpg --armor --export-secret-key $(<~/.password-store/.gpg-id). I copied
and pasted the output (including the -----BEGIN PGP ... BLOCK----- and
-----END PGP ... BLOCK----- parts, they are important) into two files on
my Desktop and imported them using
gpg --import %HOMEPATH%\Desktop\New Text Document.txt and
gpg --import %HOMEPATH%\Desktop\New Text Document (2).txt.
(Yes, I just right clicked on the desktop, said New -> New Text Document
twice, opened each in notepad and copy and pasted out of PuTTY. I said it was
easy, not clever.)
The key to all of this is gopass which is a re-implementation of pass written in golang. We won't go into my incredulity of re-implementing a shell script in a compiled and statically linked language that results in a 13MB binary but anyway...
Like so many things people ship written in golang, gopass does not have an
installer. It gives you a zip file filled with stuff, most of which you do
not need. In fact all you need is
gopass.exe and you should put it...
somewhere. I made a directory called
.bin in my
%HOMEPATH% and put it
there. Once you have done that you need to add that location to your PATH
(press the Windows key on your keyboard and then when the start menu pops up
start typing 'path'. You should get a result which will open the magical
control panel which will let you add this folder to your path).
You should now be able to open up
cmd.exe and run either
gopass clone https://your.git.repo or
gopass init to get yourself a working
password store. Once complete
gopass ls should list your stored passwords.
There are two pieces to the Firefox extension, the first is the actual extension that runs inside Firefox. You can snag this from the official Mozilla add-on page. The second part is what they call the 'host application', which seems to be a bridge they wrote between the Firefox extension and the pass program.
Install the Firefox extension first and then run the
from the passff-host page.
Now that you have all the parts installed you are super close to the end. You have to edit the 2 files created by the passff-host installer and you should be good to go.
This is the file that actually gets run by passff, I don't know why it exists
but it just calls the passff.py that we will edit next. By default it changes
the PATH and calls the python using a hardcoded path. This is silly. Make
yours look like mine does. You can find it in
I just used notepad because I'm not interested in an editor holy war, it
comes with Windows, and it works just fine.
This is 3KB of python that takes some funky JSON looking stuff as input
and converts it to some funky JSON looking stuff on the output. I assume
it is to make the Firefox extension happy. Anyway, you just need to change
the program it calls from
gopass and the default action from
ls. Again, see below. You will find passff.py in
You should now be able to restart Firefox and the extension should work for you.
Testing / Troubleshooting
If the extension shows an error at the bottom of the popup, try the following.
Open a command prompt and type
echo  | %APPDATA%\passff\passff.bat
(that is "echo" five spaces then ""). It should give you some idea of what
is going wrong. These are the two things that I ran into. If it emits a bunch
of stuff kind of like the below then the problem is with the Firefox extension
A scary pile of something that ends with subprocess.call
Make sure you took the export PATH= part out of the passff.bat. You want
the PATH you set waaay back up in the prerequisites section, not the one
install_host_app.bat created for you.
Error: usage: gopass show [name]
Make sure you changed the
ls in passff.py. In my version it was
around line 63.
I hope this helps someone, most especially Future Me.