Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check the key is capable of encryption / decryption before trying to add to the store #1917

Closed
hackaugusto opened this issue May 4, 2021 · 3 comments
Closed

Check the key is capable of encryption / decryption before trying to add to the store #1917

hackaugusto opened this issue May 4, 2021 · 3 comments
Labels
gpg GPG related Hacktoberfest help-wanted
Milestone
1.x.x

Comments

@hackaugusto
Copy link

Summary

This is not really a bug, more of an usability issue. When running gopass recipients add --store <store> <user_id> for a key that can not do encryption (say, it is a certificate only key), gopass will run and the encryption will just fail on every secret.

Steps To Reproduce

  • create a new private / public key pair, which does not support encryption
  • import on a test keystore
  • try to add the key to a password store

Expected behavior

A friendly user message saying the key of user_id can not be used because it does not support encryption.

Environment

  • OS: Fedora
  • OS version: Linux .. 5.11.15-200.fc33.x86_64 Add template feature #1 SMP Fri Apr 16 13:41:20 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
  • gopass Version: gopass 1.8.6 (d5b0d3b 2021-01-27 21:11:07) go1.15.6 linux amd64
  • Installation method: compiled

Additional context

Cool project, thanks for it :)
@dominikschulz
Copy link
Member

This is definitely something I'd like to add.

Not sure how, but I guess some GPG trickery should be able to give that information.

@dominikschulz dominikschulz added this to the 1.x.x milestone May 4, 2021
@hackaugusto
Copy link
Author

@dominikschulz I didn't check how gopass is using gpg, but it is possible to list the keys with gpg --with-colons --list-public-keys <user_id>, and then the field 12 will have e in it if the key has encryption capabilities ref

@hackaugusto hackaugusto mentioned this issue May 4, 2021
Closed
@dominikschulz
Copy link
Member

That's helpful, thank you. We already parse that output but we don't seem to evaluate the key capabilities, yet.

TM2500 added a commit to TM2500/gopass that referenced this issue Jul 1, 2021
@TM2500
add deactivated keycap flag gopasspw#1917
bfa4f59
TM2500 added a commit to TM2500/gopass that referenced this issue Jul 1, 2021
@TM2500
simple key-caps parser gopasspw#1917
a416ae2
TM2500 added a commit to TM2500/gopass that referenced this issue Jul 1, 2021
@TM2500
make key.IsUsable depend on KeyCaps gopasspw#1917
ba57640
TM2500 added a commit to TM2500/gopass that referenced this issue Nov 25, 2021
@TM2500
add deactivated keycap flag gopasspw#1917
70d54d2 
Signed-off-by: Thomas Mantl <thomas.mantl@redgears.net>
TM2500 added a commit to TM2500/gopass that referenced this issue Nov 25, 2021
@TM2500
simple key-caps parser gopasspw#1917
37eebc6 
Signed-off-by: Thomas Mantl <thomas.mantl@redgears.net>
TM2500 added a commit to TM2500/gopass that referenced this issue Nov 25, 2021
@TM2500
make key.IsUsable depend on KeyCaps gopasspw#1917
ef47c57 
Signed-off-by: Thomas Mantl <thomas.mantl@redgears.net>
TM2500 added a commit to TM2500/gopass that referenced this issue Nov 25, 2021
@TM2500
add deactivated keycap flag gopasspw#1917
e769380 
RELEASE_NOTES=[FEATURE] Add GPG key capabilities and check in key.isUsable

Signed-off-by: Thomas Mantl <thomas.mantl@redgears.net>
TM2500 added a commit to TM2500/gopass that referenced this issue Nov 25, 2021
@TM2500
simple key-caps parser gopasspw#1917
e63590f 
RELEASE_NOTES=[FEATURE] Add GPG key capabilities and check in key.isUsable

Signed-off-by: Thomas Mantl <thomas.mantl@redgears.net>
TM2500 added a commit to TM2500/gopass that referenced this issue Nov 25, 2021
@TM2500
make key.IsUsable depend on KeyCaps gopasspw#1917
59a6c69 
RELEASE_NOTES=[FEATURE] Add GPG key capabilities and check in key.isUsable

Signed-off-by: Thomas Mantl <thomas.mantl@redgears.net>
TM2500 added a commit to TM2500/gopass that referenced this issue Nov 25, 2021
@TM2500
add deactivated keycap flag gopasspw#1917
cc44864 
RELEASE_NOTES=[FEATURE] Add GPG key capabilities and check in key.isUsable

Signed-off-by: Thomas Mantl <thomas.mantl@redgears.net>
TM2500 added a commit to TM2500/gopass that referenced this issue Nov 25, 2021
@TM2500
simple key-caps parser gopasspw#1917
08f417d 
RELEASE_NOTES=[FEATURE] Add GPG key capabilities and check in key.isUsable

Signed-off-by: Thomas Mantl <thomas.mantl@redgears.net>
TM2500 added a commit to TM2500/gopass that referenced this issue Nov 25, 2021
@TM2500
make key.IsUsable depend on KeyCaps gopasspw#1917
e7eb731 
RELEASE_NOTES=[FEATURE] Add GPG key capabilities and check in key.isUsable

Signed-off-by: Thomas Mantl <thomas.mantl@redgears.net>
TM2500 added a commit to TM2500/gopass that referenced this issue Nov 25, 2021
@TM2500
add deactivated keycap flag gopasspw#1917
86c0e96 
RELEASE_NOTES=[FEATURE] Add GPG key capabilities and check in key.isUsable

Signed-off-by: Thomas Mantl <thomas.mantl@redgears.net>
TM2500 added a commit to TM2500/gopass that referenced this issue Nov 25, 2021
@TM2500
simple key-caps parser gopasspw#1917
9500557 
RELEASE_NOTES=[FEATURE] Add GPG key capabilities and check in key.isUsable

Signed-off-by: Thomas Mantl <thomas.mantl@redgears.net>
TM2500 added a commit to TM2500/gopass that referenced this issue Nov 25, 2021
@TM2500
make key.IsUsable depend on KeyCaps gopasspw#1917
10e2f9b 
RELEASE_NOTES=[FEATURE] Add GPG key capabilities and check in key.isUsable

Signed-off-by: Thomas Mantl <thomas.mantl@redgears.net>
TM2500 added a commit to TM2500/gopass that referenced this issue Nov 25, 2021
@TM2500
add deactivated keycap flag gopasspw#1917
1380062 
RELEASE_NOTES=[FEATURE] Add GPG key capabilities and check in key.isUsable

Signed-off-by: Thomas Mantl <thomas.mantl@redgears.net>
TM2500 added a commit to TM2500/gopass that referenced this issue Nov 25, 2021
@TM2500
simple key-caps parser gopasspw#1917
463091e 
RELEASE_NOTES=[FEATURE] Add GPG key capabilities and check in key.isUsable

Signed-off-by: Thomas Mantl <thomas.mantl@redgears.net>
TM2500 added a commit to TM2500/gopass that referenced this issue Nov 25, 2021
@TM2500
make key.IsUsable depend on KeyCaps gopasspw#1917
2ae529f 
RELEASE_NOTES=[FEATURE] Add GPG key capabilities and check in key.isUsable

Signed-off-by: Thomas Mantl <thomas.mantl@redgears.net>
TM2500 added a commit to TM2500/gopass that referenced this issue Nov 25, 2021
@TM2500
gopasspwgh-1917: add key-capabilities in key-tests
db55b20 
RELEASE_NOTES=n/a

Signed-off-by: Thomas Mantl <thomas.mantl@redgears.net>
TM2500 added a commit to TM2500/gopass that referenced this issue Nov 25, 2021
@TM2500
gopasspwgh-1917: add key-capabilities in key-tests
781ec67 
RELEASE_NOTES=n/a

Signed-off-by: Thomas Mantl <thomas.mantl@redgears.net>
TM2500 added a commit to TM2500/gopass that referenced this issue Nov 25, 2021
@TM2500
gopasspwgh-1917: add key-capabilities in key-tests
a3fe25c 
RELEASE_NOTES=n/a

Signed-off-by: Thomas Mantl <thomas.mantl@redgears.net>
TM2500 added a commit to TM2500/gopass that referenced this issue Nov 25, 2021
@TM2500
gopasspwgh-1917: SubKey Capabilities are also in PrimaryKey Caps (upp…
a9e0509 
…ercase)

RELEASE_NOTES=[FEATURE] Parse GPG-PrimaryKeyCaps for the entire Key and subKeys

Signed-off-by: Thomas Mantl <thomas.mantl@redgears.net>
TM2500 added a commit to TM2500/gopass that referenced this issue Nov 25, 2021
@TM2500
gopasspwgh-1917: provide some meaningful pointers in key error msg
582ba75 
RELEASE_NOTES=n/a

Signed-off-by: Thomas Mantl <thomas.mantl@redgears.net>
kpitt pushed a commit to kpitt/gopass that referenced this issue Jul 21, 2022
@TM2500
Fix: 1917 key caps (gopasspw#2047)
a385d8b 
* add Caps type to gpg-keys and dummy parse-func
* add deactivated keycap flag fixes gopasspw#1917
* make key.IsUsable depend on KeyCaps gopasspw#1917
* gopasspwgh-1917: add key-capabilities in key-tests
* gopasspwgh-1917: SubKey Capabilities are also in PrimaryKey Caps (uppercase)
* gopasspwgh-1917: provide some meaningful pointers in key error msg

RELEASE_NOTES=[FEATURE] only accept keys with "encryption" key capability

Signed-off-by: Thomas Mantl <thomas.mantl@redgears.net>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
gpg GPG related Hacktoberfest help-wanted
Projects
None yet
Milestone
1.x.x
Development

No branches or pull requests
3 participants
@hackaugusto @dominikschulz @AnomalRoil