search

ProtonMail / proton-bridge

Proton Mail Bridge application
GNU General Public License v3.0
1.11k stars 145 forks source link

Vault gets wiped on startup when using pass #470

Open beauby opened 3 months ago

beauby commented 3 months ago

Using pass on Linux, the vault gets wiped when starting proton-bridge (bridge -c) if the gpg key is not unlocked (the key has a passphrase):

WARN[Mar 28 17:05:26.856] Failed to get test credentials from keychain  error="exit status 2: gpg: public key decryption failed: No such file or directory\ngpg: decryption failed: No such file or directory\n" helper="*pass.Pass"
WARN[Mar 28 17:05:26.948] Failed to load existing vault, vault has been reset  error="failed to decrypt vault: cipher: message authentication failed"
WARN[Mar 28 17:05:26.953] The vault is corrupt and has been wiped

Expected Behavior

Gracefully fail, or prompt to unlock.

Current Behavior

Wipe out the vault.

Possible Solution

Steps to Reproduce

  1. Set up pass with passphrase-protected gpg key
  2. Run bridge -c

Version Information

3.10.0

Context (Environment)

Detailed Description

Possible Implementation

zwets commented 3 months ago

A big +1 on this issue. It has happened a few times that I either dismissed the GPG password dialog box or waited too long to fill it in (apparently there is a timeout).

What happens then is that I lose everything and need to set up bridge all over again: settings, accounts, client-side passwords, followed by the long and costly re-download of my whole mailbox.

I would be very happy if this were fixed!

deiKruve commented 3 months ago

I use thefollowing sequence on Debian:

pass xxx

This will ask for the passphrase and give the key. It opens the database. The database seems to stay open for a limited time. Thereafter I can start bridge without a problem.

protonmail-bridge --cli

j.

JonathanReeve commented 1 month ago

This is a big problem, since whenever the vault gets wiped, I have to do this:

  1. Check the CLI for a new password
  2. Edit the password in pass with the new password, for IMAP
  3. Do the same for SMTP
  4. Export the new cert.pem key
  5. Move the key to the location where my mail agent (isync/mbsync) is configured to find it
  6. Wait for a large sync operation to sync all my mail over again
  7. Trash my whole maildir folder, since the UID validity has now changed, and mbsync won't sync any more
  8. Recreate the maildir