[BUG] Accepts a PGP public key

android-password-store / Android-Password-Store

Android application compatible with ZX2C4's Pass command line application

https://passwordstore.app

GNU General Public License v3.0

2.53k stars 251 forks source link

[BUG] Accepts a PGP public key #3171

Closed apprehensions closed 4 weeks ago

apprehensions commented 4 weeks ago

Describe the bug

When importing a GPG key, you can import a public one, which doesn't work when decrypting and just prompts 'Invalid password'

Steps to reproduce

Steps to reproduce the behavior:

Import public GPG key
Decrypt entry
'Invalid password'

Expected behavior

Errors out when given a public GPG key, as it expects a private key.

Screenshots

No response

Device information

Yes, i am dumb enough to do this.

Additional context

No response

msfjarvis commented 4 weeks ago

The error is incorrect but accepting a public key is intentional, it allows people to share password stores between themselves and having shared secrets without requiring the secret key of the other individual.