Unable to fetch and parse login fields

[mcnesium]

Just installed Browserpass extension in brand new Firefox installation on Mac OS Mojave. Native client has been installed using homebrew from brew tap amar1729/formulae. When trying to enter a password into a form, I see the following message instead:

Error: Unable to fetch and parse login fields: Error: {"status":"error","code":24,"version":3000006,"params":{"action":"fetch","error":"Error: exit status 2, Stderr: Warning: Failed to set locale category LC_NUMERIC to en_DE.\nWarning: Failed to set locale category LC_TIME to en_DE.\nWarning: Failed to set locale category LC_COLLATE to en_DE.\nWarning: Failed to set locale category LC_MONETARY to en_DE.\nWarning: Failed to set locale category LC_MESSAGES to en_DE.\ngpg: decryption failed: No secret key\n","file":"www/mywebsite.de/myusername.gpg","message":"Unable to decrypt the password file","storeId":"default","storeName":"pass","storePath":"/Users/myuser/.password-store"}}

Browserpass host app version: 3.0.6 Extension Version 3.1.1

I saw a similar note when using pass and gopass from the command line (missing LC_… etc). Then I found to add export LC_ALL=en_US.UTF-8 to .bash_profile which made both pass and gopass work. Then I tried to add the line to /etc/profile, but this did not work. Any ideas what can help?

[maximbaz]

Hey, could you try doing export LC_ALL=en_US.UTF-8 in the terminal, and then in the same terminal launch Firefox and see if the issue is gone?

Personally, I have LC_ALL=en_US.UTF-8 in /etc/environment (no export there)

[prologic]

I'm running into this as well on macOS:

I do have LC_ALL set though:

$ set | grep LC_ALL
LC_ALL=en_US.utf-8

[erayd]

@prologic Do you have the "no secret key" part of that? Because that's the important bit; the locale stuff is just gpg complaining about trying to format its error messages I think; an incorrect locale doesn't matter for the decryption process.

Do you have gpg-agent and pinentry set up properly?

[prologic]

The full error I get is:

Error: Unable to fetch and parse login fields: Error: {"status":"error","code":22,"version":3000006,"params":{"action":"fetch","error":"Unable to detect the location of the gpg binary to use","message":"Unable to detect the location of the gpg binary"}}

I think this started happening after a `brew upgrade recently.

[prologic]

$ brew ls --versions | grep gpg
gpg-agent 2.0.31
gpgme 1.13.1
libgpg-error 1.36

😲Apparently I don't have the gpg binary installed?

[prologic]

See also this:

prologic@Jamess-MacBook
Sat Sep 07 17:03:04
~
 0 0
$ brew install gpg
Updating Homebrew...
==> Auto-updated Homebrew!
Updated 1 tap (homebrew/core).
==> Updated Formulae
maxwell

Warning: gnupg 2.2.17 is already installed, it's just not linked
You can use `brew link gnupg` to link this version.

prologic@Jamess-MacBook
Sat Sep 07 17:03:55
~
 0
$ brew link gnupg
Linking /usr/local/Cellar/gnupg/2.2.17...
Error: Could not symlink bin/gpg-agent
Target /usr/local/bin/gpg-agent
already exists. You may want to remove it:
  rm '/usr/local/bin/gpg-agent'

To force the link and overwrite all conflicting files:
  brew link --overwrite gnupg

To list all files that would be deleted:
  brew link --overwrite --dry-run gnupg

I use also gpgTools for Mac -- Its possible some newer version of browserpass is not working well with gpgTools?

[erayd]

That's definitely not a Browserpass issue, nor is it the same issue that @mcnesium has reported in the first post of this issue.

Browserpass does have an option that allows you to manually specify the gpg path, in case you have it installed somewhere unusual. That may be a solution you might be interested in pursuing, if you don't want to alter your current gpg situation.

[prologic]

You are quite right! I'll get this going again; I'm sure it's just confused as to where the gpg binary is. I'll post back here with good news hopefully :) Sorry for the fuss!

[prologic]

Going to "Extension Options" and setting "Custom GPG Binary Location" to /usr/local/MacGPG2/bin/gpg fixed this for me.

[maximbaz]

Hey @mcnesium, is this still an issue?

[mcnesium]

I guess not. My friend managed to get it to work as I checked last night :man_shrugging:

[daraul]

I'm getting this issue on my arch machine, but not my ubuntu one. I've tried with both custom gpg paths (/usr/bin/gpg & /usr/bin/gpg2) and without a custom path, and I still get the error.

Do I need to install some package to provide the popup that prompts for my password?

[maximbaz]

Maybe pinentry is to blame, check the end of #155 thread, in particular starting from here: https://github.com/browserpass/browserpass-extension/issues/155#issuecomment-518015917

[daraul]

I think it might have been something to do with xclip, or scrot. I'm not sure, but I installed them both between posting my comment above, and posting this one, and the plugin works like a charm, now.

[ferrao]

I have the same issue and I do have gpg installed in usr/local/bin/gpg.

The full error is:

Error: Unable to fetch and parse login fields: Error: {"status":"error","code":24,"version":3000006,"params":{"action":"fetch","error":"Error: exit status 2, Stderr: Warning: Failed to set locale category LC_NUMERIC to en_PT.\nWarning: Failed to set locale category LC_TIME to en_PT.\nWarning: Failed to set locale category LC_COLLATE to en_PT.\nWarning: Failed to set locale category LC_MONETARY to en_PT.\nWarning: Failed to set locale category LC_MESSAGES to en_PT.\ngpg: decryption failed: No secret key\n","file":"github.com.gpg","message":"Unable to decrypt the password file","storeId":"default","storeName":"pass","storePath":"/Users/ferrao/.password-store"}}

Custom path is set to /usr/local/bin/gpg:

 /usr/local/bin/gpg --version
gpg (GnuPG) 2.2.17
libgcrypt 1.8.5
Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /Users/ferrao/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

[ferrao]

Any chance we can reopen this one @maximbaz ?

[daraul]

I started to get this problem again, but after switching to gopass from pass, on my ubuntu machine. I can get the password just fine from the command line, and it behaves normally. After I input my password I can then use the extension to enter my password. It doesn't give me an error if it fails to input my password. It just does nothing.

[maximbaz]

Have you guys tried to use a different pinentry, and is gpg-agent setup correctly? The error is gpg: decryption failed: No secret key, which probably means gpg is asking for a pin but pinentry dialog doesn't get opened, you don't enter the pin, and decryption fails - or something along the lines.

There isn't much I can do on Browserpass side, sadly, we need to figure out what is misconfigured on your end, and possibly document that in README 🙂

Browserpass does not depend on pass or gopass, so there's probably some side effect of you switching from one to another, again maybe a pinentry was changed or accidentally removed?

[maximbaz]

And by the way, don't get discouraged by the closed state, I will help you get to the bottom of this regardless of issue title or state.

I use states to track which tasks require making changes to the code, and in this case currently there isn't something I change on our end, we just need to figure out the issue with your gpg setup.

Also, if that helps, here are my gpg configs: https://github.com/maximbaz/dotfiles/tree/master/.gnupg

[daraul]

I did forget to mention that I also changed to firefox. Maybe I need to reinstall browserpass-native? I setup both hosts-firefox-user and hosts-firefox after I switched to FF

[maximbaz]

Ah then you probably hit https://github.com/browserpass/browserpass-extension/issues/155 🙂 Check that thread out, it has some workarounds plus a bug reported against Firefox itself.

[ferrao]

@maximbaz Just discovered why sometimes I had this working, other times not... When I invoke pass from the command line, I am forced to enter a password. Once I do that, for a configured amount of time (I believe 45 seconds) I no longer have to introduce a password.

If I use browserpass during this time, everything works well. It's only when I need to insert a password that it fails. I guess this is that pinentry I have seen discussed above, is it possible to trigger this from browserpass? If not, how is this supposed to work?

[maximbaz]

If I use browserpass during this time, everything works well. It's only when I need to insert a password that it fails. I guess this is that pinentry I have seen discussed above...

Yes, precisely!

is it possible to trigger this from browserpass? If not, how is this supposed to work?

It is supposed to be triggered by gpg itself. Browserpass knows nothing about your gpg setup, whether you even have gpg-agent configured or not. Browserpass simply triggers gpg, and it does everything it wants - pass does the same in fact.

When I invoke pass from the command line, I am forced to enter a password.

Where do you enter your password, is this a GUI app, or directly in the terminal? This could be an issue for example, your browser (and thus browserpass) does not run in terminal, so your pinentry application must be set to a GUI application.

[ferrao]

Where do you enter your password, is this a GUI app, or directly in the terminal? This could be an issue for example, your browser (and thus browserpass) does not run in terminal, so your pinentry application must be set to a GUI application.

I guess I must be using this pinentry-tty thing and that is the root of the issue, although I have not configured anything explicitly. I will try to change it to a GUI app (pinentry-mac in my case) and let you know. Thank you so much for your help @maximbaz

[maximbaz]

It should be a one-liner, here's my config for reference: https://github.com/maximbaz/dotfiles/blob/master/.gnupg/gpg-agent.conf

Let me know if this helps!

[ferrao]

Worked like a charm @maximbaz , only had to make sure gpg-agent was restarted with gpgconf --kill gpg-agent!

Once again thanks for all the help, I hope this thread can be useful to others stumbling on the same issue.

[maximbaz]

I have documented in README everything that we discovered in this thread as well as #155 - https://github.com/browserpass/browserpass-extension/commit/7a3965981b77af358ed61434c376da51daa52c4b.

If I missed something, just let me know :)

[hariskar]

In my 1st try of browserpass, I hit too this error: `Error: Unable to fetch and parse login fields: Error:

{"status":"error","code":24,"version":3000006,"params":{"action":"fetch","error":"Error: exit status 2, Stderr: gpg: no valid OpenPGP data found.\ngpg: decrypt_message failed: Unknown system error\n","file":"accounts.google.com.gpg","message":"Unable to decrypt the password file","storeId":"fh8li896n","storeName":"","storePath":"/home/hk/.password-store"}}

I know it is not a browserpass error, but a pgp error, but I cannot solve this. I defined "Custom gpg binary" but the problem exists. I read all above replies. gpg-agent.conf

pinentry-program /usr/bin/pinentry-gtk-2
no-grab
default-cache-ttl 1800

gpg.conf use-agent

My only (test) entry in password-store is accounts.google.com.gpg

url:accounts.google.com
user:xxxxx@xxxxx.com
pass:xxxxxxxxxxxxxxxxx

Thank you for any help!

[maximbaz]

gpg: no valid OpenPGP data found. gpg: decrypt_message failed: Unknown system error Unable to decrypt the password file

Could you confirm that you are able to decrypt this file using plain gpg?

/path/to/your/gpg --decrypt /path/to/accounts.google.com.gpg

[hariskar]

 ~ $ /usr/bin/gpg --decrypt /home/hk/.password-store/accounts.google.com.gpg
gpg: no valid OpenPGP data found.
gpg: decrypt_message failed: Unknown system error

[maximbaz]

How did you create this file? It looks like this is a plain text file, not an encrypted one. Are you using something like pass or gopass?

[hariskar]

No, it is a plain text file... shouldn't it?

[maximbaz]

No :) In short, the files should be encrypted at all times (so nobody can just look in your files and see all your passwords), and only at a short time of you needing your credentials (e.g. during website login) will you use gpg to decrypt the file and get the contents.

Here are some links for you to start getting acquainted with the concept and the idea around password store:

https://www.passwordstore.org/ https://wiki.archlinux.org/index.php/Pass

[hariskar]

Thanks a lot for instant help! I will check the links!

[stravos97]

That's definitely not a Browserpass issue, nor is it the same issue that @mcnesium has reported in the first post of this issue.

Browserpass does have an option that allows you to manually specify the gpg path, in case you have it installed somewhere unusual. That may be a solution you might be interested in pursuing, if you don't want to alter your current gpg situation.

For anyone still having this issue, this setup helped me out: https://soemarko.com/blog/complete-guide-for-passwordstore-on-macos

Specifically step 4, with the commands: vi .password-store/.browserpass.json { "gpgPath": "/opt/homebrew/bin/gpg" }

I had issues with specifying my custom gpg path in Brave due to permissions and this sorted that issue out.