[BUG] Can't generate an ed25519 key

android-password-store / Android-Password-Store

Android application compatible with ZX2C4's Pass command line application

https://passwordstore.app

GNU General Public License v3.0

2.55k stars 251 forks source link

[BUG] Can't generate an ed25519 key #1144

Closed blastrock closed 3 years ago

blastrock commented 4 years ago

Describe the bug When I generate an ed25519 key I get "Error while trying to generate the ssh-key" "Message : the master key android-keystore://sshkey exists but is unusable".

To Reproduce Steps to reproduce the behavior:

Start the app (for the first time or not)
Follow the tutorial until it asks you to generate a key, or go to settings -> generate ssh key pair
Select ed25519
Click on generate

Expected behavior Success

Device information:

Device: Oneplus 3T
OS: Lineage 16 (Android 9)
App version 1.12.0

fmeum commented 4 years ago

Lineage 16 has had some Issues with the Android Keystore in the past, so it's hard to say whether this isn't just a custom ROM bug.

Have you tried this with both screen lock protection enabled and disabled?

fmeum commented 3 years ago

According to this Tink issue, the issue is that the Android Keystore appears to be broken on OnePlus 3T.

@msfjarvis As we already delete the key prior to recreating it, there doesn't seem to be anything else we can do about this: Tink's self-test for broken Keystore implementations apparently fails to detect the issue, but androidx.security does not provide an API to manually disable Keystore.

msfjarvis commented 3 years ago

According to this Tink issue, the issue is that the Android Keystore appears to be broken on OnePlus 3T.

@msfjarvis As we already delete the key prior to recreating it, there doesn't seem to be anything else we can do about this: Tink's self-test for broken Keystore implementations apparently fails to detect the issue, but androidx.security does not provide an API to manually disable Keystore.

For the first time in 3 years I truly regret the theft of my 3T. I'll try to confirm that the selftest indeed fails and file an issue.

blastrock commented 3 years ago

Have you tried this with both screen lock protection enabled and disabled?

Yes, and both generation of the key and cloning of the repo work with screen lock protection disabled.

You speak about a selftest, would running it on my phone help? Can I find it on the store? Would I need to compile one?

msfjarvis commented 3 years ago

Have you tried this with both screen lock protection enabled and disabled?

Yes, and both generation of the key and cloning of the repo work with screen lock protection disabled.

You speak about a selftest, would running it on my phone help? Can I find it on the store? Would I need to compile one?

I simply added the code Tink was using to my side project and had a 3T user test it on his device. If you wish to compile it yourself, I've pushed the self-test to the tink-test branch. It should show a toast message at the bottom with the self-test result. Here is an APK if you need it.

blastrock commented 3 years ago

Thanks, I tried the APK and the self-test passed on my device too. Let's wait for Tink's answer then, thanks for your help!

blastrock commented 3 years ago

Hi, I have upgraded to Lineage 17.1 from December 7th and the issue is now fixed, we can close this I think.

Magicrafter13 commented 1 year ago

I'm getting this exact issue on a Samsung S10+ after having some issues.

I was messing around in the app settings (I've been using it for a while without issue) and tapped import key, but then tapped "keep" instead of "replace" as I didn't actually want to import a new key.

Then I went to sync git because I had modified a password on another device, but it suddenly asked for a password. Not sure what to do I went and exported the public key to my git server again only to find out the public key was the same. Assuming something went really wrong I went to generate a new ssh key entirely only to run into this issue.

I don't want to clear the app's data because I don't want to lose my settings and stuff related to which passwords go to which apps, but I'm running out of options here.

msfjarvis commented 1 year ago

Unfortunately there's no real alternative available since the upstream bug was never fully addressed, and we have no options on our end. We're using the APIs as they're intended :(

Magicrafter13 commented 1 year ago

That's unfortunate. Not really sure how something like this could happen, I've been using the app without issue for 6 months. Guess I'll reset the data and be more careful in the settings this time.

Magicrafter13 commented 1 year ago

Oh... still happening on fresh install, which means now I can't get my latest changes AND my old copy of the passwords isn't on my phone now either...

Screenshot

![Screenshot_20230125-212322_Password Store](https://user-images.githubusercontent.com/29127566/214764319-9030bbcf-64ac-44a9-964c-51f37d119622.jpg)

Maintainer edit: put screenshot behind a <details> tag to cut down unnecessarily large comment.

msfjarvis commented 1 year ago

You should try a non-ED25519 key.

Magicrafter13 commented 1 year ago

Yeah I was about to edit the comment and say it worked with edcsa. Is ed25519 support broken?

Either way thanks.

msfjarvis commented 1 year ago

Yeah I was about to edit the comment and say it worked with edcsa. Is ed25519 support broken?

It's not generally broken, but it appears to trip a subset of devices irrecoverably. I've owned Pixel devices for too long now so I do not have a broken device handy to attempt debugging this against.