Problem with pinentry on Mac OSX
CCheCastaldo opened this issue · comments
General information. Describe your environment
- Versions
- Operating system: MAC OS 10.13.4
- Browser: Firefox 59.0.2
- PassFF: 1.3
- Host app: Current master branch
Status line output: [21:35:46] show -> gpg: decryption failed: No sec... (2)
- Your preferences
- In PassFF: Defaults
- In the host app
passff.py
: Defaults except path to passff.py
- Messages in the web console:
Actual behaviour
passff
only works when pass
has has recently decrypted a file in the terminal. If this is the case, passff
works for any entry. If pass
has not been used recently then passff
can see the files in pass. However, when I click on them and select an action, nothing happens (there is no output to the web console either). I tried/confirmed:
-
I deleted any file
passff.json
in the folderNativeMessagingHosts
and reinstalled the latest version of the host application. The only place on my systempassff.json
was installed was in theApplication support
folder in my home directory. -
I made sure
passff.py
is executable and I openedpassff.json
and verified the path is set to the absolute path of the host executablepassff.py
. -
I confirmed in the
passff.py
script that the path to pass matches its location in/usr/local/bin/pass
, right where homebrew put it. -
I ran
echo -e "\x02\x00\x00\x00[]" | /path/to/passff.py | tail -c +4; echo
and the output was similar to the empty store output plus my actual files in pass. -
I know pass works just fine as I use it all the time from the command line.
Expected behaviour
passff
should just work all the time and, I assume, prompt me for the passphrase within firefox? To be clear currently passff
never prompts me for the passphrase to my gpg key responsible for encryption in pass
.
Steps to reproduce the behaviour
-
Try
passff
and it does not work. -
Decrypted a file with
pass / gpg2
, so I enter my passphrase. -
Tried
passff
. It works. -
Wait until
pass
requires the passphrase again and repeat step 3. -
passff
fails.
Thanks for the troubleshooting help 5btentz!
Chris
Thanks for the thorough report!
I'm sorry to tell you the problem must not be in PassFF, or at least not directly. The problem is in the interaction of PassFF with its environment: presumably gpg-agent and your pinentry program.
I understood your problem because PassFF would sometimes work. It means something keeps states of what you are doing: this is the gpg-agent. It caches your passphrase for a while.
What kind of pin-entry program are you using?
Maybe a console pinentry cannot work with PassFF since the console is run by PassFF/Python3.
Is your pinentry working when the shell is non-interactive?
You can test that with this command: change the password name and the path to your passwords
echo 'cd /path/to/.password-store; pass show passname' | at 'now + 1 minutes'
EDIT: at
run the command from the standard input 1 minute from now ;)
I don't have a Mac so I cannot help much more. You are on your own 😢
For reference, I moved the old conversation (#324) here
CCheCastaldo
I am having a similar, if not identical issue.
General information. Describe your environment
Versions Operating system: MAC OS 10.13.4 Browser: Firefox 59.0.2 PassFF: 1.3 Host app: Current master branch
Status line output:
[21:35:46] show -> gpg: decryption failed: No sec... (2)
Your preferences In PassFF: Defaults In the host app passff.py: Defaults except path to passff.py
Actual Behavior
I originally got
passff
to work but only intermittently. Sometimes it would connect to pass without a gpg error and I was able to goto, fill, etc. and sometimes I would get the gpg error and nothing would happen when trying to usepassff
. I saw this post and tried the suggestions from 5bentz and now it does not work at all. Right now,passff
can see the files in pass. However, when I click on them and select an action, nothing happens (there is no output to the web console either). I tried/confirmed:
I deleted any file
passff.json
in the folderNativeMessagingHosts
and reinstalled the latest version of the host application. This is the only location on OS X where the host application puts files according to thepassff
documentation.I made sure
passff.py
is executable and I openedpassff.json
and verified the path is set to the absolute path of the host executablepassff.py
.I confirmed in the
passff.py
script that the path to pass matches its location in/usr/local/bin/pass
, right where homebrew put it.I ran
echo -e "\x02\x00\x00\x00[]" | /path/to/passff.py | tail -c +4; echo
and the output was similar to the empty store output plus my actual files in pass.I know pass works just fine as I use it all the time from the command line.
Any help would be greatly appreciated. Thanks.
Chris
5bentz
@CCheCastaldo
To be honest, your problem is not similar since you don't have the same error in the statusline. Moreover, your passff can list the files whereas OP's cannot.This is the only location on OS X where the host application puts files according to the passff documentation.
Actually the doc seems wrong since the installer of the native host app has 2 paths for Firefox:
- OS X
- Per-user:
~/Library/Application Support/Mozilla/NativeMessagingHosts/passff.json
- System-wide:
/Library/Application Support/Mozilla/NativeMessagingHosts/passff.json
I guess you have a second path to check, while I do believe there should be nothing there.
Do a search ofpassff.json
if you feel like doing it (find / -type f -name 'passff.json''
on GNU)I know pass works just fine as I use it all the time from the command line.
OK.
Your error message may be
[11:13:19] show -> gpg: decryption failed: No secret key (2)
I triggered this error by not entering my passphrase when I'm supposed to enter it in pinentry.I suspect a problem with pin-entry. I do think your gpg-agent works since your passff would sometimes work.
- Try passff. (It should not work: error 2)
- Decrypt a file with pass / gpg2, so as to enter your passphrase. Theory: gpg-agent stores your passphrase for a while
- Try passff. Theory: it will work since gpg-agent will gracefully give the pw for you
You can create a new issue.
Ok, I figured this out. If you use homebrew to install gnupg
, it installs pinentry
as a dependency. However, pinentry
only runs on the command line and therefore will not work with passff
. The solution is to:
-
brew install pinentry-mac
-
Add
pinentry-program /usr/local/bin/pinentry-mac
to~/.gnupg/gpg-agent.conf
. You may need to create this file. -
Restart gpg from the terminal with
gpgconf --kill gpg-agent
.
Now if you use passff
it will prompt you for your passphrase, which you can choose to save in the keychain if you like.
Credit to this post by Harpo Jaeger who had a similar problem with enigmail
.
Chris