[BUG] Accepts a PGP public key

android-password-store / Android-Password-Store

Android application compatible with ZX2C4's Pass command line application

https://passwordstore.app

GNU General Public License v3.0

2.59k stars 270 forks source link

[BUG] Accepts a PGP public key #3171

Closed apprehensions closed 3 months ago

apprehensions commented 3 months ago

Describe the bug

When importing a GPG key, you can import a public one, which doesn't work when decrypting and just prompts 'Invalid password'

Steps to reproduce

Steps to reproduce the behavior:

Import public GPG key
Decrypt entry
'Invalid password'

Expected behavior

Errors out when given a public GPG key, as it expects a private key.

Screenshots

No response

Device information

Yes, i am dumb enough to do this.

Additional context

No response

msfjarvis commented 3 months ago

The error is incorrect but accepting a public key is intentional, it allows people to share password stores between themselves and having shared secrets without requiring the secret key of the other individual.