-
-
Notifications
You must be signed in to change notification settings - Fork 496
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GPG 2.3.1-2.3.2 don't show recipients #1977
Comments
here is the decrypted formats of a working and non working entry: nonworking (added today via
working:
both decrypted via |
both files show the same signature: |
ok... i copy pasted from the debug log the actual gpg call:
and it returns nothing.... if i try an older one... it works. |
it looks like the newer entries got created with a newer gpg version.
|
here is the debug log for fsck. one working entry and one thats not:
|
i think i found the error. i read alot through the code and executed the gpg commands and checked the output. i got packet errors here and there. right now my i think my trustdb was corrupted. so nothing to do with this wonderful piece of software, |
Glad you could find the solution, on my side the only thing that came to mind was this: See e.g. #1083 |
thats a pretty good hint. i dont have this set in my config but i wonder if its somewhere enabled in the default config... i wish gpg could just print out its enabled options. |
Please forgive me if it is the wrong thing to do, to comment on this closed issue, but I have the same issue, and the fixes suggested above do not work for me. Specifically I have:
with everything installed via Homebrew. With
I can decrypt the file via gpg:
I have only the
I recreated my GPG trustdb with these commands with no change in behavior. I have not set the throw-keyids GPG config option. This is a single-user store - I haven't used Is there anything further I can do to debug? |
@matthew-brett I think you could try and fix this by running:
And see if now it works or not. This would basically "reencrypt" the secret. I think running Otherwise, could you run in DEBUG mode and give us the (redacted) part around this issue? You can do so by running:
and then look at the |
Is there a good private way to send you the debug log (sorry, I am somewhat paranoid about leaking GPG information)? |
The part relevant to the entry causing the error is:
However, for the first key it checks, just before this in the log, that does not raise an error on the command line, I get the same
followed by |
And what happens when you are running manually
@matthew-brett ? |
I get:
When I delete this entry in Gopass, and create a new one in Gopass, with the same password, then running the same command on the new entry file:
|
Wow, I'm now able to reproduce this with Gopass 1.12.8 on a test entry. |
this is exactly what i got. i created a fresh gpg dir and it worked again. so i thought it was an error with my keyring. |
I think GPG 2.3.2 is the culprit: I updated and am now trying to bissect the origin of the bug, but this isn't working even with 1.10.0, which makes no sense. So Gopass isn't really at fault, but we will have to dig into what's changed in GPG 2.3.2 I guess. |
@matthew-brett A workaround for now is to stick to the stable GnuPG 2.2 using: And making sure you export the 2.2 version in your path first as brew will tell you. |
On Mi, 20. Okt 02:34, Yolan Romailler wrote:
I think GPG 2.3.2 is the culprit: I updated and am now trying to bissect the origin of the bug, but this isn't working even with 1.10.0, which makes no sense.
So Gopass isn't really at fault, but we will have to dig into what's changed in GPG 2.3.2 I guess.
I'll try to install multiple versions of GPG to find which one brought the issue.
one more info from me... i started to get this error after upgrading
from ubuntu 18.04 to 20.04.
|
On my side I downgraded to GnuPG 2.2 and everything is working correctly, as soon as I update to 2.3.2 again, |
Thanks - yes - that also works for me - for fixing I made a new secret called However, when I clone the store to another machine, also running GnuPG 2.2 (2.2.12) I have the same problem that originally set me to investigating, which is:
On the other hand, the new secret I just made on my GnuPG 2.2 mac gives:
(I'm not using that secret, so no leak of anything interesting). Is there a way to rebuild the store so it works correctly on another machine? |
should decrypt and rencrypt all secrets, so I guess adding gpg 2.2 to your path and then running it could solve it? |
Tried that first - but that doesn't seem to rewrite the encrypted files in the store ... |
I'm afraid then the only solution is to add a new "test" recipient on the machine where it works and then remove that recipient: it will reencrypt everything for sure. Make sure you create a new gpg key and then delete that key if you do so. |
Thanks for the suggestion - and yes - thanks - that fixes it ... |
I guess we might want to add something to do re-encryption on demand to |
It appears that GPG 2.3.3 has solved the issue: Amusingly they didn't exit with an error code when reading files encrypted with older GPG versions. Notice that GnuPG 2.2 is a LTS, so to avoid such issues it might still be best to stay on GnuPG 2.2 |
Summary
i get failed to read recipient IDs from raw secret on gopass fsck on some passwords.
Steps To Reproduce
i run
gopass fsck
.Environment
Linux troy 5.4.0-81-generic #91-Ubuntu SMP Thu Jul 15 19:09:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
brew install gopass
Additional context
i can decrypt the files manually with
gpg --decrypt .password-store/websites/bla.gpg
.with
gopass show
they get shown. but with rofi-gopass i getempty secret
in the debug logs. after that i tried thegopass fsck
and ran in this. i have the feeling that this happens on passwords i added the last.here is a snippet from the debug log:
and all the newer passwords are also not readable by the classic
pass
command. did something changed in the format?The text was updated successfully, but these errors were encountered: