General information. Describe your environment

• Versions
  • Operating system: MAC OS 10.13.4
  • Browser: Firefox 59.0.2
  • PassFF: 1.3
  • Host app: Current master branch

Status line output: [21:35:46] show -> gpg: decryption failed: No sec... (2)

• Your preferences
  • In PassFF: Defaults
  • In the host app passff.py: Defaults except path to passff.py
• Messages in the web console:

Actual behaviour

passff only works when pass has has recently decrypted a file in the terminal. If this is the case, passff works for any entry. If pass has not been used recently then passff can see the files in pass. However, when I click on them and select an action, nothing happens (there is no output to the web console either). I tried/confirmed:

1. I deleted any file passff.json in the folder NativeMessagingHosts and reinstalled the latest version of the host application. The only place on my system passff.json was installed was in the Application support folder in my home directory.

2. I made sure passff.py is executable and I opened passff.json and verified the path is set to the absolute path of the host executable passff.py.

3. I confirmed in the passff.py script that the path to pass matches its location in /usr/local/bin/pass, right where homebrew put it.

4. I ran echo -e "\x02\x00\x00\x00[]" | /path/to/passff.py | tail -c +4; echo and the output was similar to the empty store output plus my actual files in pass.

5. I know pass works just fine as I use it all the time from the command line.

Expected behaviour

passff should just work all the time and, I assume, prompt me for the passphrase within firefox? To be clear currently passff never prompts me for the passphrase to my gpg key responsible for encryption in pass.

Steps to reproduce the behaviour

1. Try passff and it does not work.

2. Decrypted a file with pass / gpg2, so I enter my passphrase.

3. Tried passff. It works.

4. Wait until pass requires the passphrase again and repeat step 3.

5. passff fails.

Thanks for the troubleshooting help 5btentz!

Chris

Thanks for the thorough report!
I'm sorry to tell you the problem must not be in PassFF, or at least not directly. The problem is in the interaction of PassFF with its environment: presumably gpg-agent and your pinentry program.

I understood your problem because PassFF would sometimes work. It means something keeps states of what you are doing: this is the gpg-agent. It caches your passphrase for a while.

What kind of pin-entry program are you using?

Maybe a console pinentry cannot work with PassFF since the console is run by PassFF/Python3.

Is your pinentry working when the shell is non-interactive?

You can test that with this command: change the password name and the path to your passwords

echo 'cd /path/to/.password-store; pass show passname' | at 'now + 1 minutes'

EDIT: at run the command from the standard input 1 minute from now ;)

I don't have a Mac so I cannot help much more. You are on your own 😢

For reference, I moved the old conversation (#324) here

CCheCastaldo

I am having a similar, if not identical issue.

General information. Describe your environment

Versions
    Operating system: MAC OS 10.13.4
    Browser: Firefox 59.0.2
    PassFF: 1.3
    Host app: Current master branch

Status line output: [21:35:46] show -> gpg: decryption failed: No sec... (2)

Your preferences
    In PassFF: Defaults
    In the host app passff.py: Defaults except path to passff.py

Actual Behavior

I originally got passff to work but only intermittently. Sometimes it would connect to pass without a gpg error and I was able to goto, fill, etc. and sometimes I would get the gpg error and nothing would happen when trying to use passff. I saw this post and tried the suggestions from 5bentz and now it does not work at all. Right now, passff can see the files in pass. However, when I click on them and select an action, nothing happens (there is no output to the web console either). I tried/confirmed:

1. I deleted any file passff.json in the folder NativeMessagingHosts and reinstalled the latest version of the host application. This is the only location on OS X where the host application puts files according to the passff documentation.

2. I made sure passff.py is executable and I opened passff.json and verified the path is set to the absolute path of the host executable passff.py.

3. I confirmed in the passff.py script that the path to pass matches its location in /usr/local/bin/pass, right where homebrew put it.

4. I ran echo -e "\x02\x00\x00\x00[]" | /path/to/passff.py | tail -c +4; echo and the output was similar to the empty store output plus my actual files in pass.

5. I know pass works just fine as I use it all the time from the command line.

Any help would be greatly appreciated. Thanks.

Chris

5bentz

@CCheCastaldo
To be honest, your problem is not similar since you don't have the same error in the statusline. Moreover, your passff can list the files whereas OP's cannot.

This is the only location on OS X where the host application puts files according to the passff documentation.

Actually the doc seems wrong since the installer of the native host app has 2 paths for Firefox:

• OS X
  • Per-user: ~/Library/Application Support/Mozilla/NativeMessagingHosts/passff.json
  • System-wide: /Library/Application Support/Mozilla/NativeMessagingHosts/passff.json

I guess you have a second path to check, while I do believe there should be nothing there.
Do a search of passff.json if you feel like doing it (find / -type f -name 'passff.json'' on GNU)

I know pass works just fine as I use it all the time from the command line.

OK.

Your error message may be [11:13:19] show -> gpg: decryption failed: No secret key (2)
I triggered this error by not entering my passphrase when I'm supposed to enter it in pinentry.

I suspect a problem with pin-entry. I do think your gpg-agent works since your passff would sometimes work.

1. Try passff. (It should not work: error 2)
2. Decrypt a file with pass / gpg2, so as to enter your passphrase. Theory: gpg-agent stores your passphrase for a while
3. Try passff. Theory: it will work since gpg-agent will gracefully give the pw for you

You can create a new issue.

Ok, I figured this out. If you use homebrew to install gnupg, it installs pinentry as a dependency. However, pinentry only runs on the command line and therefore will not work with passff. The solution is to:

1. brew install pinentry-mac

2. Add pinentry-program /usr/local/bin/pinentry-mac to ~/.gnupg/gpg-agent.conf. You may need to create this file.

3. Restart gpg from the terminal with gpgconf --kill gpg-agent.

Now if you use passff it will prompt you for your passphrase, which you can choose to save in the keychain if you like.

Credit to this post by Harpo Jaeger who had a similar problem with enigmail.

Chris