search

IJHack / QtPass

QtPass is a multi-platform GUI for pass, the standard unix password manager.
https://qtpass.org/
GNU General Public License v3.0
1.03k stars 162 forks source link

QtPass does not detect current $GNUPGHOME and causes it to fail decryption #569

Closed cindrmon closed 3 years ago

cindrmon commented 3 years ago

Describe the bug It is most likely that QtPass always checks for GPG keypairs in the default directory ~/.gnupg rather than $GNUPGHOME, from where it has changed the location to. So what happens is that it does not detect all my GPG keypairs and when checking for my passwords, the gpg decryption failed error appears. The original program pass does pick up the GPG key even after I changed the $GNUPGHOME wth antidot.

To Reproduce Steps to reproduce the behaviour:

  1. You must have a freshly installed Linux OS, without pass, qtpass, and antidot installed (in my case, I set it up with a fresh Archlinux Install). It's alright if you have GPG keypairs already set up, as antidot would move your .gnupg directory whether it may be empty or not.
  2. Install, Run, and Setup Antidot. Clicking here will give a full explanation on how to install antidot. 1a. If antidot prompts you with the message below, upon running antidot clean, you must apply the rule by typing y and enter: 
    Rule gnupg:
NOTICE You may have to restart gpg-agent with 'gpgconf --kill gpg-agent'
MOVE   /home/cinder/.gnupg → /home/cinder/.local/share/gnupg
EXPORT GNUPGHOME="${XDG_DATA_HOME}/gnupg"
? Apply rule gnupg? (y/N) y

    1b. After doing antidot clean, proceed setting up antidot as normal. You must follow antidot's instructions in restarting the gpg-agent by doing gpgconf --kill gpg-agent.

  3. After setting up antidot successfully, install and initialise pass with your GPG key. (Pass somehow still recognises the gnupg folder, even after it changed)
  4. Once pass has been setup for you, add a couple of passwords onto pass for QtPass to recognise at the least.
  5. After setting up pass, install QtPass on your system.
  6. Run QtPass. You will see the error gpg: decryption failed; No secret key when accesing a single password.

Expected behavior It would most likely not recognise where I have changed my $GNUPGHOME, so it cannot decrypt any password I currently have on password store, and it would end up having this error: gpg: decryption failed: No secret key.

Screenshots Screenshot from 2021-06-05 08-14-51 Screenshot from 2021-06-05 08-14-42

Desktop (please complete the following information):

Additional context I can't tell whether to classify this as a bug or a feature I want for QtPass, because if they don't have a feature where you have the ability to change where to scan for gpg keypairs, I would love for them to have that, or to scan $GNUPGHOME instead of just ~/.gnupg by default.

cindrmon commented 3 years ago

Hello, lesson learned.

I just had a talk with my friend and it just made me go back to the default folder of $GNUPGHOME, which is $HOME/.gnupg instead of wherever it is located.

That was the only solution, and I feel like I can't do anything about it.

Moral of the story: Don't change the default location of your $GNUPGHOME unless you know what you're doing.

Long story short, I just reverted it back to ~/.gnupg, and everything worked fine.

Darkstarinternet commented 2 years ago

I'm having the same problem. QtPass only looks in ~/.gnupg when it should be looking in $GNUPGHOME. This prevents anyone using QtPass from following the XDG Base Specification guidelines for GNUPG. Please can you reopen this issue.