search

Evidlo / passhole

A secure hole for your passwords (KeePass CLI)
GNU General Public License v3.0
199 stars 19 forks source link

Crashes password is used #4

Closed GRBurst closed 6 years ago

GRBurst commented 6 years ago

Hey,

today I tried this tool. Sadly - I can not get it to work.

It is not possible to call ph init or use it with my existing database - it always results in the following error:

Traceback (most recent call last):
  File "/usr/bin/ph", line 11, in <module>
    load_entry_point('passhole==1.5.1', 'console_scripts', 'ph')()
  File "/usr/lib/python3.6/site-packages/passhole/passhole.py", line 523, in main
    args.func(args)
  File "/usr/lib/python3.6/site-packages/passhole/passhole.py", line 205, in type_entries
    kp = open_database(args)
  File "/usr/lib/python3.6/site-packages/passhole/passhole.py", line 188, in open_database
    create_password_cache(args.cache, password, args.gpgkey)
  File "/usr/lib/python3.6/site-packages/passhole/passhole.py", line 134, in create_password_cache
    gpg.encrypt([selected_key], 0, infile, outfile)
gpgme.GpgmeError: (7, 53, 'Unusable public key')

I am using a keyfile and a password. Using only a keyfile and no password (empty) seem to work, but using both or only a password results in the mentioned error.

As far as I can tell it is not an issue with special chars - even if i just try it with a password like "abc" it crashes.

Any advise?

Evidlo commented 6 years ago

Can you check the trust level of your GPG key? You can check it like so.

Evidlo commented 6 years ago

Anyway, the right way to fix this is to change the trust level to 5.

gpg2 --list-keys
gpg2 --edit-key [key_name] trust
GRBurst commented 6 years ago

Hey - thanks for your effort and your response. It think I will test it the next week - couldn't reserve time to test it yet.

GRBurst commented 6 years ago

I thought that passhole creates a new gpg key if I create a new database by calling ph init?

If I list my keys - there are multiple keys. Which one is used by passhole?

Furthermore, how can I enable caching for an existing database with keyfile and password.

It expected that, if I specify a database and a keyfile and run passhole it will handle that automatically, but it tells me that it is unable to decrypt my key.

Could not decrypt cache
Password or keyfile incorrect

So it seems that I have to create a key for gpg manually, is that correct? Can you hint me on what to do exactly?

Evidlo commented 6 years ago

Passhole uses the first gpg-key by default and prints a message telling you to create one if you don't have any keys. The first time you give it your database password, it stores this in an encrypted file on disk.

The error you're getting means that whatever key it's trying to decrypt with isn't what was used to create the cache. Try deleting ~/.cache/passhole_cache and running ph ls.

Evidlo commented 6 years ago

Did this work out for you?

Evidlo commented 6 years ago

I think this issue is fixed. If it's not, feel free to reopen.