Credential Manager not storing credentials

lesmo commented 3 years ago

I know this repo is kinda old, but... well, you never know:

Description

After proper setup, when using GPG a prompt for the passphrase is shown. However, the password is never stored in Windows Credential Manager when PERSISTENCE is set to LocalMachine:

Setup

Description of your computer hardware:
- Razer Blade 2019 Advanced (i7 8th gen, 32GGB RAM) - not sure what else is relevant
Version of your Operating System and any patches/updates:
- Windows 10 21H1 (Build 19043.1165)
- Ubuntu 20.10 (Kernel 5.10.16.3-microsoft-standard-WSL2)

Version of gpg:

gpg (GnuPG) 2.2.19
libgcrypt 1.8.5
Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/lesmo/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
      CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

Version of pinentry-wsl-ps1.sh:
- master (commit ee9cc0df00f95b358ce45b943eb6427deb80f16f)
Version of the (optional) davotronic5000/PowerShell_Credential_Manager:
- 1.0

Describe how you installed pinentry-wsl-ps1.sh on your computer:

# Cloned the repo
$ git clone https://github.com/diablodale/pinentry-wsl-ps1.git
# Changed the PERSISTANCE var
$ cd pinentry-wsl-ps1
$ nano pinentry-wsl-ps1.sh #to change PERSISTENCE="LocalMachine"
# Configured pinentry
$ chmod ug=rx pinentry-wsl-ps1.sh
$ "pinentry-program /home/lesmo/Coding/Github/pinentry-wsl-ps1/pinentry-wsl-ps1.sh" > ~/.gnupg/gpg-agent.conf

Detail any options you changed inside the pinentry-wsl-ps1.sh file
- PERSISTANCE to "LocalMachine"

Steps to reproduce

Open a terminal in WSL2
Run echo "test" | gpg --clearsign and enter credentials
Open a terminal for Windows Command prompt
Run wsl --shutdown to shutdown WSL
Open a terminal in WS2 and repeat steps 1 and 2

This issue is not presented after the first startup of WSL and/or the agent.

Actual Result

Every time WSL is started and GPG tools used for the first time, the passphrase prompt is shown.
Windows Credential Manager does not get a new record.

Expected Result

Every time WSL is started and GPG tools used for the first time, no passphrase is requested.
Windows Credential Manager gets a new record.

Workarounds

Couldn't find any.

GPG-agent log file

2021-08-14 21:06:33 gpg-agent[2082] listening on socket '/home/lesmo/.gnupg/S.gpg-agent'
2021-08-14 21:06:33 gpg-agent[2082] listening on socket '/home/lesmo/.gnupg/S.gpg-agent.extra'
2021-08-14 21:06:33 gpg-agent[2082] listening on socket '/home/lesmo/.gnupg/S.gpg-agent.browser'
2021-08-14 21:06:33 gpg-agent[2082] listening on socket '/home/lesmo/.gnupg/S.gpg-agent.ssh'
2021-08-14 21:06:33 gpg-agent[2083] gpg-agent (GnuPG) 2.2.19 started
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_10 -> OK Pleased to meet you, process 2080
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_10 <- RESET
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_10 -> OK
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_10 <- OPTION ttyname=/dev/pts/0
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_10 -> OK
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_10 <- OPTION ttytype=xterm-256color
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_10 -> OK
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_10 <- OPTION lc-ctype=C.UTF-8
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_10 -> OK
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_10 <- OPTION lc-messages=C.UTF-8
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_10 -> OK
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_10 <- GETINFO version
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_10 -> D 2.2.19
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_10 -> OK
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_10 <- OPTION allow-pinentry-notify
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_10 -> OK
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_10 <- OPTION agent-awareness=2.1.0
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_10 -> OK
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_10 <- SCD SERIALNO
2021-08-14 21:06:33 gpg-agent[2083] no running SCdaemon - starting it
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 <- ERR 67109133 can't exec `/usr/lib/gnupg/scdaemon': No such file or directory
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 -> BYE
2021-08-14 21:06:33 gpg-agent[2083] can't connect to the SCdaemon: IPC connect call failed
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_10 -> ERR 67108983 No SmartCard daemon <GPG Agent>
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_10 <- HAVEKEY F97938B721362967D00EDADAF39A4C6FF78009B7 1E6705AACF36B2C25CF48379E6F982D595472DCB
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_10 -> OK
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_10 <- KEYINFO F97938B721362967D00EDADAF39A4C6FF78009B7
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_10 -> S KEYINFO F97938B721362967D00EDADAF39A4C6FF78009B7 D - - - P - - -
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_10 -> OK
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_10 <- RESET
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_10 -> OK
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_10 <- SIGKEY F97938B721362967D00EDADAF39A4C6FF78009B7
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_10 -> OK
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_10 <- SETKEYDESC Please+enter+the+passphrase+to+unlock+the+OpenPGP+secret+key:%0A%22Sinuhé+Coronel+(@lesmocasanova)+<lesmo@lesmo.com.mx>%22%0A4096-bit+RSA+key,+ID+1F153B9BC0AC2884,%0Acreated+2020-06-05.%0A
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_10 -> OK
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_10 <- SETHASH 10 1C593A2140452A14C08EAB8054C0EA764B9707A42AF5D0CA40B35E0CC8CD708DB99716E24F7CE5A9DA2184903AEB4545D28BB418FE450E1175102DA14CFCD605
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_10 -> OK
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_10 <- PKSIGN
2021-08-14 21:06:33 gpg-agent[2083] starting a new PIN Entry
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 <- OK Your orders please
2021-08-14 21:06:33 gpg-agent[2083] DBG: connection to PIN entry established
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 -> OPTION no-grab
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 <- OK
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 -> OPTION ttyname=/dev/pts/0
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 <- OK
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 -> OPTION ttytype=xterm-256color
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 <- OK
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 -> OPTION lc-ctype=C.UTF-8
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 <- OK
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 -> OPTION lc-messages=C.UTF-8
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 <- OK
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 -> OPTION allow-external-password-cache
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 <- OK
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 -> OPTION default-ok=_OK
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 <- OK
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 -> OPTION default-cancel=_Cancel
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 <- OK
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 -> OPTION default-yes=_Yes
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 <- OK
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 -> OPTION default-no=_No
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 <- OK
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 -> OPTION default-prompt=PIN:
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 <- OK
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 -> OPTION default-pwmngr=_Save in password manager
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 <- OK
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 -> OPTION default-cf-visi=Do you really want to make your passphrase visible on the screen?
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 <- OK
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 -> OPTION default-tt-visi=Make passphrase visible
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 <- OK
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 -> OPTION default-tt-hide=Hide passphrase
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 <- OK
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 -> OPTION touch-file=/home/lesmo/.gnupg/S.gpg-agent
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 <- OK
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 -> OPTION owner=2080 RAZER-LESMO
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 <- OK
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 -> GETINFO flavor
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 <- ERR 83886355 unknown command
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 -> GETINFO version
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 <- D 0.2.1
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 <- OK
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 -> GETINFO ttyinfo
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 <- ERR 83886355 unknown command
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 -> GETINFO pid
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 <- D 2086
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 <- OK
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_10 -> INQUIRE PINENTRY_LAUNCHED 2086 unknown 0.2.1 ? ? ?
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_10 <- END
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 -> SETKEYINFO n/F97938B721362967D00EDADAF39A4C6FF78009B7
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 <- OK
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 -> SETDESC Please enter the passphrase to unlock the OpenPGP secret key:%0A%22Sinuhé Coronel (@lesmocasanova) <lesmo@lesmo.com.mx>%22%0A4096-bit RSA key, ID 1F153B9BC0AC2884,%0Acreated 2020-06-05.%0A
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 <- OK
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 -> SETPROMPT Passphrase:
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 <- OK
2021-08-14 21:06:33 gpg-agent[2083] DBG: chan_11 -> [[Confidential data not shown]]
2021-08-14 21:06:57 gpg-agent[2083] DBG: chan_11 <- [[Confidential data not shown]]
2021-08-14 21:06:57 gpg-agent[2083] DBG: chan_11 <- [[Confidential data not shown]]
2021-08-14 21:06:59 gpg-agent[2083] DBG: chan_11 -> BYE
2021-08-14 21:07:04 gpg-agent[2083] DBG: chan_10 -> [ 44 20 28 37 3a 73 69 67 2d 76 61 6c 28 33 3a 72 ...(529 byte(s) skipped) ]
2021-08-14 21:07:04 gpg-agent[2083] DBG: chan_10 -> OK
2021-08-14 21:07:04 gpg-agent[2083] DBG: chan_10 <- [eof]

diablodale commented 3 years ago

Hi. I use this every day while I am coding and using git. It is active for me 😉

I noticed difference than my setup.

you listed your gpg agent settings in a file with a starting dot. It is my understanding that the agent settings file has no starting dot. It is simply ~/.gnupg/gpg-agent.conf. My guess is that you have somewhere changed that default, or maybe a typo in your OP?

I use Credential Manager version 2.0.

PS C:\Users\dale> Get-Package CredentialManager
Name                           Version          Source                           ProviderName
----                           -------          ------                           ------------
CredentialManager              2.0

You chose LocalMachine, and I chose Enterprise. Perhaps something changed in Windows Credential Manager and the way davotronic5000/PowerShell_Credential_Manager interacts with it. That powershell addon hasn't changed but Windows 10 has changed much in the last 3 years.

I am thinking also... their may be a related concern involved. I think when a person uses a Windows 10 "Microsoft account" that account is considered a synchronized Enterprise account. Similar to a centralized Enterprise account that an employee would have at a large corporation. These types of accounts are not local computer accounts. Therefore, I suspect that Windows Credential Manager won't cache passwords if LocalMachine is used at the same time a person is logged into an Enterprise account. Does this match your experience? And if you change PERSISTANCE to Enterprise does it work?

lesmo commented 3 years ago

Hi there! Thanks a lot for your quick reply, didn't think I'd get a response. I really appreciate it.

You're right, it's a typo on my part while writing the repro steps - sorry about that! I'll update the issue description. My file is properly named, though. I guess this pinentry wouldn't show the Windows UI otherwise:
That's a good point, I'll try that later today and report back. I have a feeling the CredentialManager version could be the culprit.
I thought the same thing, so I tried Enterprise but it didn't work. I'll report back if it works with the CredentialManager 2.0

lesmo commented 3 years ago

Hey! We're in business!

It seems to be that CredentialManager needs to be 2.0 to work on the most recent Windows 10. LocalMachine persistance does seem to work fine:

Thanks a lot man! I'll close this issue now.

kennu commented 1 year ago

Just to leave a note here, nice to see this is working for me in 2023 with Windows 11, WSL2, CredentialManager 2.0 installed, using PERSISTENCE="Session".

diablodale / pinentry-wsl-ps1