gpg: [stdin]: encryption failed: No public key

[natalie-o-perret]

Summary

There a git repository that has been cloned.

My public key in the repo is matching mine in Kleopatra, but still I can't add a new password, gopass keeps returning: gpg: [stdin]: encryption failed: No public key

Steps To Reproduce

Meow@VP0003784  ~\Desktop\Work\Passwords\pass   master ≣                                             [16:08]
❯ $env:GOPASS_DEBUG = 'true'
Meow@VP0003784  ~\Desktop\Work\Passwords\pass   master ≣                                             [16:09]
❯ gopass insert pass/dev/pgsql-rm/read_model_migrations
[DEBUG] Trying to load config from C:\Users\Meow\.config\gopass\config.yml
[DEBUG] Loaded config: Config[Root:StoreConfig[AskForMore:false,AutoClip:true,AutoImport:true,AutoSync:false,ClipTimeout:45,Concurrency:1,EditRecipients:false,NoColor:false,NoConfirm:true,NoPager:false,Notifications:true,Path:gpgcli-gitcli-fs+file:///C:%5CUsers%5CMeow%5CDesktop%5CWork%5CPasswords%5Cpass,SafeContent:false,UseSymbols:false],Mounts()]
[DEBUG] Loaded config from C:\Users\Meow\.config\gopass\config.yml: Config[Root:StoreConfig[AskForMore:false,AutoClip:true,AutoImport:true,AutoSync:false,ClipTimeout:45,Concurrency:1,EditRecipients:false,NoColor:false,NoConfirm:true,NoPager:false,Notifications:true,Path:gpgcli-gitcli-fs+file:///C:%5CUsers%5CMeow%5CDesktop%5CWork%5CPasswords%5Cpass,SafeContent:false,UseSymbols:false],Mounts()]
[DEBUG] store/root/init.go:18 initializing store and possible sub-stores
[DEBUG] store/sub/store.go:43 sub.New - URL: gpgcli-gitcli-fs+file:///C:%5CUsers%5CMeow%5CDesktop%5CWork%5CPasswords%5Cpass
[DEBUG] store/sub/store.go:57 sub.New - Using storage backend from ctx: fs
[DEBUG] backend/storage/fs/loader.go:23 Using Storage Backend: fs(v0.1.0,path:C:\Users\Meow\Desktop\Work\Passwords\pass)
[DEBUG] store/sub/store.go:66 sub.New - Using RCS backend from ctx: gitcli
[DEBUG] store/sub/store.go:75 sub.New - Using Crypto backend from ctx: gpgcli
[DEBUG] backend/crypto/gpg/cli/loader.go:23 Using Crypto Backend: gpgcli
[DEBUG] store/sub/store.go:81 sub.New - initialized - storage: fs (0xc0002305f0) - rcs: git (0xc00035e000) - crypto: gpg (0xc0002000c0)
[DEBUG] store/root/init.go:116 Root Store initialized with URL gpgcli-gitcli-fs+file:///C:%5CUsers%5CMeow%5CDesktop%5CWork%5CPasswords%5Cpass
[DEBUG] backend/storage/fs/store.go:91 fs.Exists(.gpg-id) - C:\Users\Meow\Desktop\Work\Passwords\pass\.gpg-id
[DEBUG] action/init.go:31 Store is already initialized
[DEBUG] backend/storage/fs/store.go:91 fs.Exists(pass/dev/pgsql-rm/read_model_migrations.gpg) - C:\Users\Meow\Desktop\Work\Passwords\pass\pass\dev\pgsql-rm\read_model_migrations.gpg
Enter password for pass/dev/pgsql-rm/read_model_migrations []: mypassword
Retype password for pass/dev/pgsql-rm/read_model_migrations []: mypassword
[DEBUG] backend/storage/fs/store.go:91 fs.Exists(pass/dev/pgsql-rm/read_model_migrations.gpg) - C:\Users\Meow\Desktop\Work\Passwords\pass\pass\dev\pgsql-rm\read_model_migrations.gpg
[DEBUG] backend/storage/fs/store.go:91 fs.Exists(pass\dev\pgsql-rm\.pass-template) - C:\Users\Meow\Desktop\Work\Passwords\pass\pass\dev\pgsql-rm\.pass-template
[DEBUG] backend/storage/fs/store.go:91 fs.Exists(pass\dev\.pass-template) - C:\Users\Meow\Desktop\Work\Passwords\pass\pass\dev\.pass-template
[DEBUG] backend/storage/fs/store.go:91 fs.Exists(pass\.pass-template) - C:\Users\Meow\Desktop\Work\Passwords\pass\pass\.pass-template
[DEBUG] backend/storage/fs/store.go:91 fs.Exists(.pass-template) - C:\Users\Meow\Desktop\Work\Passwords\pass\.pass-template
[DEBUG] action/templates.go:120 No template found for pass/dev/pgsql-rm/read_model_migrations
[DEBUG] backend/storage/fs/store.go:130 fs.Isdir(pass/dev/pgsql-rm/read_model_migrations) - C:\Users\Meow\Desktop\Work\Passwords\pass\pass\dev\pgsql-rm\read_model_migrations -> false
[DEBUG] backend/storage/fs/store.go:91 fs.Exists(pass\dev\pgsql-rm\read_model_migrations\.gpg-id) - C:\Users\Meow\Desktop\Work\Passwords\pass\pass\dev\pgsql-rm\read_model_migrations\.gpg-id
[DEBUG] backend/storage/fs/store.go:91 fs.Exists(pass\dev\pgsql-rm\.gpg-id) - C:\Users\Meow\Desktop\Work\Passwords\pass\pass\dev\pgsql-rm\.gpg-id
[DEBUG] backend/storage/fs/store.go:91 fs.Exists(pass\dev\.gpg-id) - C:\Users\Meow\Desktop\Work\Passwords\pass\pass\dev\.gpg-id
[DEBUG] backend/storage/fs/store.go:91 fs.Exists(pass\.gpg-id) - C:\Users\Meow\Desktop\Work\Passwords\pass\pass\.gpg-id
[DEBUG] backend/storage/fs/store.go:91 fs.Exists(.gpg-id) - C:\Users\Meow\Desktop\Work\Passwords\pass\.gpg-id
[DEBUG] backend/storage/fs/store.go:37 fs.Get(.gpg-id) - C:\Users\Meow\Desktop\Work\Passwords\pass\.gpg-id
[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys 007B8FCE310A5A369C5FA1E023D166DB074B6BC6]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-public-keys 007B8FCE310A5A369C5FA1E023D166DB074B6BC6]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys 08B3C0F62B5039919325BC5FDE40A9898D3DC818]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-public-keys 08B3C0F62B5039919325BC5FDE40A9898D3DC818]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys 092A67EBD261FE479D15A858078425A332F77857]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-public-keys 092A67EBD261FE479D15A858078425A332F77857]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys 2A05CC76C821EDAA9D67C52C407172741190894B]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-public-keys 2A05CC76C821EDAA9D67C52C407172741190894B]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys 69CB13B55D75DEF6E4A08297CD3833FA2ACF816C]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys 7FC147A251D1C008B01A9FECBACFA90D099FBC3C]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-public-keys 7FC147A251D1C008B01A9FECBACFA90D099FBC3C]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys CBDA8515A67EFCFDEA8A8909F0CCC407C152420A]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-public-keys CBDA8515A67EFCFDEA8A8909F0CCC407C152420A]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys F1BB9612D02D33FD7C39F6D1A80448BDFEC0BCBE]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-public-keys F1BB9612D02D33FD7C39F6D1A80448BDFEC0BCBE]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys F22854456422B6AA080DDC0F41FE7D6F018E72BD]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-public-keys F22854456422B6AA080DDC0F41FE7D6F018E72BD]

[DEBUG] backend/storage/fs/store.go:37 fs.Get(.gpg-id) - C:\Users\Meow\Desktop\Work\Passwords\pass\.gpg-id
[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys 007B8FCE310A5A369C5FA1E023D166DB074B6BC6]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-public-keys 007B8FCE310A5A369C5FA1E023D166DB074B6BC6]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys 08B3C0F62B5039919325BC5FDE40A9898D3DC818]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-public-keys 08B3C0F62B5039919325BC5FDE40A9898D3DC818]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys 092A67EBD261FE479D15A858078425A332F77857]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-public-keys 092A67EBD261FE479D15A858078425A332F77857]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys 2A05CC76C821EDAA9D67C52C407172741190894B]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-public-keys 2A05CC76C821EDAA9D67C52C407172741190894B]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys 7FC147A251D1C008B01A9FECBACFA90D099FBC3C]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-public-keys 7FC147A251D1C008B01A9FECBACFA90D099FBC3C]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys CBDA8515A67EFCFDEA8A8909F0CCC407C152420A]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-public-keys CBDA8515A67EFCFDEA8A8909F0CCC407C152420A]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys F1BB9612D02D33FD7C39F6D1A80448BDFEC0BCBE]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-public-keys F1BB9612D02D33FD7C39F6D1A80448BDFEC0BCBE]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys F22854456422B6AA080DDC0F41FE7D6F018E72BD]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-public-keys F22854456422B6AA080DDC0F41FE7D6F018E72BD]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys 007B8FCE310A5A369C5FA1E023D166DB074B6BC6]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys 08B3C0F62B5039919325BC5FDE40A9898D3DC818]

(x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys 092A67EBD261FE479D15A858078425A332F77857]

[DEBUG] backend/crypto/gpg/cli/keyring.go:25 gpg.listKeys: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys 2A05CC76C821EDAA9D67C52C407172741190894B]

[DEBUG] backend/crypto/gpg/cli/gpg.go:131 gpg.Encrypt: C:\Program Files (x86)\GnuPG\bin\gpg.exe [C:\Program Files (x86)\GnuPG\bin\gpg.exe --quiet --yes --compress-algo=none --no-encrypt-to --no-auto-check-trustdb --encrypt --trust-model=always --recipient 007B8FCE310A5A369C5FA1E023D166DB074B6BC6 --recipient 08B3C0F62B5039919325BC5FDE40A9898D3DC818 --recipient 092A67EBD261FE479D15A858078425A332F77857 --recipient 2A05CC76C821EDAA9D67C52C407172741190894B --recipient 69CB13B55D75DEF6E4A08297CD3833FA2ACF816C --recipient 7FC147A251D1C008B01A9FECBACFA90D099FBC3C --recipient CBDA8515A67EFCFDEA8A8909F0CCC407C152420A --recipient F1BB9612D02D33FD7C39F6D1A80448BDFEC0BCBE --recipient F22854456422B6AA080DDC0F41FE7D6F018E72BD --recipient 0xCD3833FA2ACF816C]
gpg: F22854456422B6AA080DDC0F41FE7D6F018E72BD: skipped: No public key
gpg: [stdin]: encryption failed: No public key
[DEBUG] store/sub/write.go:49 Failed encrypt secret: exit status 2
[DEBUG] action/errors.go:60 Stacktrace: Failed to encrypt
github.com/gopasspw/gopass/pkg/store.init.ializers
        /home/tex/src/go/src/github.com/gopasspw/gopass/pkg/store/err.go:11
runtime.main
        /usr/local/go/src/runtime/proc.go:188
runtime.goexit
        /usr/local/go/src/runtime/asm_amd64.s:1337

Error: failed to write secret 'pass/dev/pgsql-rm/read_model_migrations': Failed to encrypt
⨯ Meow@VP0003784  ~\Desktop\Work\Passwords\pass   master ≣                                           [16:10]
❯ gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys
sec:u:4096:1:CD3833FA2ACF816C:1576667410:::u:::scESC:::+:::23::0:
fpr:::::::::69CB13B55D75DEF6E4A08297CD3833FA2ACF816C:
grp:::::::::8F49FFDEBA8442D6CD01B8FC20F9346B865626FF:
uid:u::::1576667410::880A25962758AA323EC520E5B4857E9236B84BEF::Kerry Perret (Meow) <kperret@mydomain>::::::::::0:
ssb:u:4096:1:7C8692C8A3446CBA:1576667410::::::e:::+:::23:
fpr:::::::::61884AAE4E84CA04B677C1437C8692C8A3446CBA:
grp:::::::::D2E15DA41C162B457032B13DBD7B1809E6B663CB:

My config.yml file content:

root:
  askformore: false
  autoclip: true
  autoprint: false
  autoimport: true
  autosync: false
  check_recipient_hash: false
  cliptimeout: 45
  concurrency: 1
  editrecipients: false
  nocolor: false
  noconfirm: true
  nopager: false
  notifications: true
  path: gpgcli-gitcli-fs+file:///C:%5CUsers%5CMichelle%5CDesktop%5CWork%5CPasswords%5Cpass
  recipient_hash:
    .gpg-id: 3078434433383333464132414346383136430aa69f73cca23a9ac5c8b567dc185a756e97c982164fe25859e0d1dcc1475c80a615b2123af1f5f94c11e3e9402c3ac558f500199d95b6d3e301758586281dcd26
  safecontent: false
  usesymbols: false
mounts: {}

I'm not too sure whether this is ok but the content of the file in the root repo .gpg-id file (aka from the origin repo) differs from the one config.yml file, does it really matter?

See above

Expected behavior

Should add the password to my pass store.

Environment

• OS: Windows 10 Pro

Relevant bits of the PowerShell Get-ComputerInfo:

OsName                                                  : Microsoft Windows 10 Enterprise
OsType                                                  : WINNT
OsOperatingSystemSKU                                    : EnterpriseEdition
OsVersion                                               : 10.0.18363
OsCSDVersion                                            :
OsBuildNumber                                           : 18363
OsHotFixes                                              : {KB4578974, KB4497165, KB4513661, KB4516115...}
OsBootDevice                                            : \Device\HarddiskVolume3
OsSystemDevice                                          : \Device\HarddiskVolume5
OsSystemDirectory                                       : C:\WINDOWS\system32
OsSystemDrive                                           : C:
OsWindowsDirectory                                      : C:\WINDOWS
OsCountryCode                                           : 33
OsCurrentTimeZone                                       : 60
OsLocaleID                                              : 040c
OsLocale                                                : fr-FR
OsLocalDateTime                                         : 10/30/2020 4:21:57 PM
OsLastBootUpTime                                        : 10/26/2020 3:00:52 AM
OsUptime                                                : 4.13:21:04.6356128
OsBuildType                                             : Multiprocessor Free
OsCodeSet                                               : 1252
OsDataExecutionPreventionAvailable                      : True
OsDataExecutionPrevention32BitApplications              : True
OsDataExecutionPreventionDrivers                        : True
OsDataExecutionPreventionSupportPolicy                  : OptIn
OsDebug                                                 : False
OsDistributed                                           : False
OsEncryptionLevel                                       : 256
OsForegroundApplicationBoost                            : Maximum
OsTotalVisibleMemorySize                                : 16622560
OsFreePhysicalMemory                                    : 3087436
OsTotalVirtualMemorySize                                : 30192852
OsFreeVirtualMemory                                     : 5673484
OsInUseVirtualMemory                                    : 24519368
OsTotalSwapSpaceSize                                    :
OsSizeStoredInPagingFiles                               : 13570292
OsFreeSpaceInPagingFiles                                : 10825424
OsPagingFiles                                           : {C:\pagefile.sys}
OsHardwareAbstractionLayer                              : 10.0.18362.752
OsInstallDate                                           : 2/10/2020 11:00:49 PM
OsManufacturer                                          : Microsoft Corporation
OsMaxNumberOfProcesses                                  : 4294967295
OsMaxProcessMemorySize                                  : 137438953344
OsMuiLanguages                                          : {en-US, fr-FR}
OsNumberOfLicensedUsers                                 :
OsNumberOfProcesses                                     : 367
OsNumberOfUsers                                         : 2
OsArchitecture                                          : 64-bit
OsLanguage                                              : en-US
OsProductSuites                                         : {TerminalServicesSingleSession}
OsOtherTypeDescription                                  :
OsPAEEnabled                                            :
OsPortableOperatingSystem                               : False
OsPrimary                                               : True
OsProductType                                           : WorkStation
OsSerialNumber                                          : 00329-10180-00000-AA421
OsServicePackMajorVersion                               : 0
OsServicePackMinorVersion                               : 0
OsStatus                                                : OK
OsSuites                                                : {TerminalServices, TerminalServicesSingleSession}
OsServerLevel                                           :

• gopass Version: 1.8.6
• Installation method: chocolatey, see https://chocolatey.org/packages/gopass

[AnomalRoil]

The issue seems to come from the key F22854456422B6AA080DDC0F41FE7D6F018E72BD which seems to be missing in your GPG store.

If you run manually:

gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-public-keys

Do you have it?

You ran: gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys, but that's for listing the secret keys and you're actually missing a public key to which you are encrypting.

[natalie-o-perret]

❯ gpg.exe --with-colons --with-fingerprint --fixed-list-mode --list-public-keys
tru::1:1604058062:0:3:1:5
pub:u:4096:1:CD3833FA2ACF816C:1576667410:::u:::scESC::::::23::0:
fpr:::::::::69CB13B55D75DEF6E4A08297CD3833FA2ACF816C:
uid:u::::1576667410::880A25962758AA323EC520E5B4857E9236B84BEF::Kerry Perret (Meow) <kerry@mydomain>::::::::::0:
sub:u:4096:1:7C8692C8A3446CBA:1576667410::::::e::::::23:
fpr:::::::::61884AAE4E84CA04B677C1437C8692C8A3446CBA:

or simply the only available

❯ gpg --list-keys
C:/Users/Michelle/AppData/Roaming/gnupg/pubring.kbx
---------------------------------------------------
pub   rsa4096 2019-12-18 [SC]
      69CB13B55D75DEF6E4A08297CD3833FA2ACF816C
uid           [ultimate] Kerry Perret (Meow) <kperret@mydomain>
sub   rsa4096 2019-12-18 [E]

[AnomalRoil]

What does a :

gopass recipients

display?

[natalie-o-perret]

What does a :

gopass recipients

display?

❯ gopass recipients
Hint: run 'gopass sync' to import any missing public keys
gopass
├── 007B8FCE310A5A369C5FA1E023D166DB074B6BC6 (missing public key)
├── 08B3C0F62B5039919325BC5FDE40A9898D3DC818 (missing public key)
├── 092A67EBD261FE479D15A858078425A332F77857 (missing public key)
├── 0xCD3833FA2ACF816C - Kerry Perret (Meow) <kperret@mydomain>
├── 2A05CC76C821EDAA9D67C52C407172741190894B (missing public key)
├── 7FC147A251D1C008B01A9FECBACFA90D099FBC3C (missing public key)
├── CBDA8515A67EFCFDEA8A8909F0CCC407C152420A (missing public key)
├── F1BB9612D02D33FD7C39F6D1A80448BDFEC0BCBE (missing public key)
└── F22854456422B6AA080DDC0F41FE7D6F018E72BD (missing public key)

[AnomalRoil]

Well, here's the issue: you cloned an existing store that has your PGP key among the recipients, but also other keys as you can see (I guess it's a shared store), so in order to edit or add new secrets that the other recipients will also be able to decrypt, you need to add to your GPG keyring all of their keys.

Did you try to run a gopass sync as the recipients command advised you to? Did it work?

If not, I'm afraid you'll have to ask the other people their keys, or find them in some way. In case only you need to access all these secrets, you could remove the other recipients, but be careful because if it's a shared store you would be removing their access basically.

[natalie-o-perret]

Well, here's the issue: you cloned an existing store that has your PGP key among the recipients, but also other keys as you can see (I guess it's a shared store), so in order to edit or add new secrets that the other recipients will also be able to decrypt, you need to add to your GPG keyring all of their keys.

Did you try to run a gopass sync as the recipients command advised you to?

Did it work? If not, I'm afraid you'll have to ask the other people their keys, or find them in some way. In case only you need to access all these secrets, you could remove the other recipients, but be careful because if it's a shared store you would be removing their access basically.

@AnomalRoil thanks your message, I do have the public keys of the others in the .public-keys folder.

Not sure how I'm supposed to import them.

About gopass sync:

❯ gopass sync
Sync starting ...
[<root>]
   git pull and push ... OK (no changes)
   importing missing keys ... [] Failed to get public key for 007B8FCE310A5A369C5FA1E023D166DB074B6BC6: exit status 2
[] Failed to decode public key 007B8FCE310A5A369C5FA1E023D166DB074B6BC6: Public Key 007B8FCE310A5A369C5FA1E023D166DB074B6BC6 not found
[] Failed to get public key for 08B3C0F62B5039919325BC5FDE40A9898D3DC818: exit status 2
[] Failed to decode public key 08B3C0F62B5039919325BC5FDE40A9898D3DC818: Public Key 08B3C0F62B5039919325BC5FDE40A9898D3DC818 not found
[] Failed to get public key for 092A67EBD261FE479D15A858078425A332F77857: exit status 2
[] Failed to decode public key 092A67EBD261FE479D15A858078425A332F77857: Public Key 092A67EBD261FE479D15A858078425A332F77857 not found
[] Failed to get public key for 2A05CC76C821EDAA9D67C52C407172741190894B: exit status 2
[] Failed to decode public key 2A05CC76C821EDAA9D67C52C407172741190894B: Public Key 2A05CC76C821EDAA9D67C52C407172741190894B not found
[] Failed to get public key for 7FC147A251D1C008B01A9FECBACFA90D099FBC3C: exit status 2
[] Failed to decode public key 7FC147A251D1C008B01A9FECBACFA90D099FBC3C: Public Key 7FC147A251D1C008B01A9FECBACFA90D099FBC3C not found
[] Failed to get public key for CBDA8515A67EFCFDEA8A8909F0CCC407C152420A: exit status 2
[] Failed to decode public key CBDA8515A67EFCFDEA8A8909F0CCC407C152420A: Public Key CBDA8515A67EFCFDEA8A8909F0CCC407C152420A not found
[] Failed to get public key for F1BB9612D02D33FD7C39F6D1A80448BDFEC0BCBE: exit status 2
[] Failed to decode public key F1BB9612D02D33FD7C39F6D1A80448BDFEC0BCBE: Public Key F1BB9612D02D33FD7C39F6D1A80448BDFEC0BCBE not found
[] Failed to get public key for F22854456422B6AA080DDC0F41FE7D6F018E72BD: exit status 2
[] Failed to decode public key F22854456422B6AA080DDC0F41FE7D6F018E72BD: Public Key F22854456422B6AA080DDC0F41FE7D6F018E72BD not found
OK
   exporting missing keys ... failed to export public key for '007B8FCE310A5A369C5FA1E023D166DB074B6BC6': failed to export public key: Key not found
failed to export public key for '08B3C0F62B5039919325BC5FDE40A9898D3DC818': failed to export public key: Key not found
failed to export public key for '092A67EBD261FE479D15A858078425A332F77857': failed to export public key: Key not found
failed to export public key for '2A05CC76C821EDAA9D67C52C407172741190894B': failed to export public key: Key not found
failed to export public key for '7FC147A251D1C008B01A9FECBACFA90D099FBC3C': failed to export public key: Key not found
failed to export public key for 'CBDA8515A67EFCFDEA8A8909F0CCC407C152420A': failed to export public key: Key not found
failed to export public key for 'F1BB9612D02D33FD7C39F6D1A80448BDFEC0BCBE': failed to export public key: Key not found
failed to export public key for 'F22854456422B6AA080DDC0F41FE7D6F018E72BD': failed to export public key: Key not found
Failed to export missing public keys for '<root>': some keys failed
All done

[AnomalRoil]

This is strange.

Could you try to manually import the public key of the others from the .public-keys folder ? You can go there and simply do a gpg import * I guess.

[natalie-o-perret]

@AnomalRoil

Thanks for your answer, I drafter the PowerShell script below:

$regexPattern = "^(Comment:(.*)([\<\(\s](?<Email>(?<UserId>[\w\.]+)@((?<domain>(coporate1|coporate2)\.com)))[\>\)\s]*))$"

foreach($file in Get-ChildItem ".\.public-keys" -Filter *.*) {
    foreach($line in Get-Content $file.FullName) {
        if($line -match $regexPattern){
            $email = Write-Host $Matches["Email"]
            Write-Host "$email => $file"
            gpg --yes --import $file
            gpg --yes --lsign $file
            gopass recipients add $email --force
        }
    }
}

My only issue now is that gopass recipients add $email --force is still asking for confirmation while my configuration clearly states otherwise:

❯ gopass config
root store config:
  askformore: false
  autoclip: true
  autoimport: true
  autoprint: false
  autosync: false
  check_recipient_hash: false
  cliptimeout: 45
  concurrency: 1
  editrecipients: false
  nocolor: false
  noconfirm: true
  nopager: false
  notifications: true

[AnomalRoil]

I don't think you need to add the recipients to the gopass store again, since your previous "gopass recipients" command showed them already. Just importing their public key into your PGP keyring should have sufficed.

It's strange that the --force is not working... Another way to get gopass to autovalidate to yes is the global --yes flag. gopass --yes recipients add $email should work (although I'm not sure we have a unit test for the recipient command, I should check and add it if not.)

[AnomalRoil]

@kerry-perret So, in the end, what was the problem and the solution?

The two things I can see as issues on our side are:

• Gopass didn't sync the public keys that were in the .public-keys folder when using sync, whereas it should have
• The gopass recipients add --force setting didn't work as you expected.

But the latter might actually be a issue on documenting the actual behavior. The help for recipients add says: --force Force adding non-existing keys (default: false) But it doesn't says anything about avoiding confirmation. Out of curiosity, did you retry using the global gopass --yes recipients add flag?

[torfmaster]

We also experience probably the same issue. Our observations are the following:

• it works fine with gopass 1.8.6
• there seems to be an issue with gopass sync in later versions (e.g. 1.10.1) not importing keys added remotely into the keychain

At first glance this could be regression in gopass sync somewhere between 1.8.6 and 1.10.1.

[mrmarbury]

quick and dirty fix for me is at the moment:

cd ~/.password-store-<your_store>/.public-keys
for i in `ls` ; do `gpg --import $i` ; done 

[AnomalRoil]

I guess we need to:

• [ ] add a regression test for this
• [ ] do a git bissect to find the issue
• [ ] or solve it directly if we can figure out the problem

[natalie-o-perret]

@AnomalRoil ooc is there a solution btw for a https version of gopass clone?

[AnomalRoil]

@kerry-perret It should just work as is, afaik. gopass clone https://github.com/test/test.git should work and prompt you for your username and password.

I just tested it on both Linux and Windows.

[natalie-o-perret]

should work and prompt you for your username and password.

Will try this out, I think I experienced some issues last time I tried (was with our corporate GitLab, tho).

[AnomalRoil]

Corporate gitlab can be relying on some SSO or AD bindings that clashes with the https auth. In the worst case you should be able to :

git clone https://yourrepo
gopass config path c:\local\path\to\your\repo

and it should work.

Or to add it as a substore:

git clone https...
gopass mounts add substorename c:\local\path\to\your\repo

[natalie-o-perret]

@AnomalRoil didn't pan out:

⨯ Michelle@Meow ~\Desktop\Stuff\Repos                                                                 [15:14]
❯ git clone https://[secret-url]/pass.git
Cloning into 'pass'...
remote: Enumerating objects: 774, done.
remote: Counting objects: 100% (774/774), done.
remote: Compressing objects: 100% (669/669), done.
remote: Total 1469 (delta 56), reused 733 (delta 32), pack-reused 695
Receiving objects: 100% (1469/1469), 2.98 MiB | 22.43 MiB/s, done.
Resolving deltas: 100% (229/229), done.

Michelle@Meow ~\Desktop\Stuff\Repos                                                                   [15:14]
❯ gopass config path .\pass\

Error: Error setting config value
⨯ Michelle@Meow ~\Desktop\Stuff\Repos                                                                 [15:15]
❯ gopass config path C:\Users\Michelle\Desktop\Stuff\Repos\pass

Error: Error setting config value

[AnomalRoil]

Can you run:

> gopass -v
> set GOPASS_DEBUG_LOG=gopass.log
> gopass config

And share the output of your terminal and the content of the file "gopass.log" it created? (Please check the content to sanitize it first if you want to redact some things)

[natalie-o-perret]

❯ gopass -v
gopass 1.8.6 (d5b0d3b906cdd9f16ad3f21e366845af7f2c22f3) go1.12.7 windows amd64

❯ gopass config
root store config:
  askformore: false
  autoclip: true
  autoimport: true
  autoprint: false
  autosync: false
  check_recipient_hash: false
  cliptimeout: 45
  concurrency: 1
  editrecipients: false
  nocolor: false
  noconfirm: true
  nopager: false
  notifications: true
  path: gpgcli-gitcli-fs+file:///C:%5CUsers%5CMichelle%5CDesktop%5CStuff%5CPasswords%5Cpass
  safecontent: false
  usesymbols: false

@AnomalRoil what strikes me as odd: path: gpgcli-gitcli-fs+file:///C:%5CUsers%5CMichelle%5CDesktop%5CStuff%5CPasswords%5Cpass Which doesn't map to any actual existing folder / path.

[AnomalRoil]

Ah, 1.8.6 has somewhat support for Windows...

Could you try updating to master tip by running GO111MODULE=on go get -u github.com/gopasspw/gopass?

Or just wait for the 1.11.0 release that is coming next week or so?

Also, Go 1.12.7 is outdated, you should update to Go 1.15 ideally.

[natalie-o-perret]

Ah, 1.8.6 has somewhat support for Windows...

Fair enough, I updated the gopass version to 1.9.2:

⚡ Michelle@Meow ~                                                                                   [16:48]
❯ cd ~\Desktop\Stuff\Repos
⚡ Michelle@Meow ~\Desktop\Stuff\Repos                                                                [16:48]
❯ choco install gopass --force -y
Chocolatey v0.10.15
Installing the following packages:
gopass
By installing you accept licenses for the packages.
 Please use upgrade if you meant to upgrade to a new version.
Progress: Downloading gopass 1.9.2... 100%
gopass v1.9.2 (forced) [Approved]
gopass package files install completed. Performing other installation steps.
Downloading gopass 64 bit
Progress: 100% - Completed download of C:\Users\Michelle\AppData\Local\Temp\chocolatey\gopass\1.9.2\gopass.exe-1.9.2-windows-amd64.zip (5.41 MB).
Download of gopass.exe-1.9.2-windows-amd64.zip (5.41 MB) completed.
Extracting C:\Users\Michelle\AppData\Local\Temp\chocolatey\gopass\1.9.2\gopass.exe-1.9.2-windows-amd64.zip to C:\ProgramData\chocolatey\lib\gopass\tools...
C:\ProgramData\chocolatey\lib\gopass\tools
Environment Vars (like PATH) have changed. Close/reopen your shell to
 see the changes (or in powershell/cmd.exe just type `refreshenv`).
 ShimGen has successfully created a shim for gopass.exe
 The install of gopass was successful.
  Software installed to 'C:\ProgramData\chocolatey\lib\gopass\tools'

Chocolatey installed 1/1 packages.
 See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).

Enjoy using Chocolatey? Explore more amazing features to take your
experience to the next level at
 https://chocolatey.org/compare
❯ refreshenv
Refreshing environment variables from registry for cmd.exe. Please wait...Finished..
⚡ Michelle@Meow ~\Desktop\Stuff\Repos                                                                [16:48]
gopass 1.9.2+e2d1549f452a0df1fc52e42e7d0f654334d7144e (e2d1549f452a0df1fc52e42e7d0f654334d7144e) go1.14.2 windows amd6⚡ Michelle@Meow ~\Desktop\Stuff\Repos                                                                [16:49]
❯ gopass config path .\pass\

Error: Error setting config value
⨯ ⚡ Michelle@Meow ~\Desktop\Stuff\Repos                                                              [16:50]
❯ ls

    Directory: C:\Users\Michelle\Desktop\Stuff\Repos

Mode                LastWriteTime         Length Name
----                -------------         ------ ----
d-----         1/8/2021   3:14 PM                pass

⚡ Michelle@Meow ~\Desktop\Stuff\Repos                                                                [16:50]
❯ gopass config path C:\Users\Michelle\Desktop\Stuff\Repos\pass

Error: Error setting config value
⨯ ⚡ Michelle@Meow ~\Desktop\Stuff\Repos                                                              [16:50]
❯ set GOPASS_DEBUG_LOG=gopass.log
⚡ Michelle@Meow ~\Desktop\Stuff\Repos                                                                [16:51]
❯ gopass config
root store config:
  askformore: false
  autoclip: true
  autoimport: true
  autoprint: false
  autosync: false
  check_recipient_hash: false
  cliptimeout: 45
  concurrency: 1
  editrecipients: false
  exportkeys: true
  nocolor: false
  noconfirm: true
  nopager: false
  notifications: true
  path: gpgcli-gitcli-fs+file:///C:\Users\Michelle\Desktop\Stuff\Passwords\pass
  safecontent: false
  usesymbols: false

But I'm still getting...

Error: Error setting config value

About my go version:

❯ go version
go version go1.15.5 windows/amd64

[natalie-o-perret]

My current workaround:

• Windows 10
• Ubuntu wsl
• Optional update to 20.04
• Install latest version gopass thru dpkg + deb package

With reboots between each line:

sudo apt update && sudo apt upgrade
sudo reboot command
sudo apt install update-manager-core
sudo do-release-upgrade
sudo reboot

Speaking of which,

sudo reboot command

doesn't work for windows10 Ubuntu wsl, so you just kill wsl:

wsl.exe --shutdown

Then install gopass latest version, as described in: https://github.com/gopasspw/gopass/blob/master/docs/setup.md#manual-download

wget https://github.com/gopasspw/gopass/releases/download/v1.11.0/gopass_1.11.0_linux_amd64.deb
sudo dpkg -i gopass_1.11.0_linux_amd64.deb

/mnt/c/Users/Michelle/Desktop/Stuff/Repos$ gopass config path ./pass/
path: ./pass/

Works like a charm.

[wsw0108]

I have the same issue under Windows.

Git Bash:

wsw@DESKTOP-B4R3B83 MINGW64 ~
$ git --version
git version 2.28.0.windows.1

wsw@DESKTOP-B4R3B83 MINGW64 ~
$ gpg --version
gpg (GnuPG) 2.2.21-unknown
libgcrypt 1.8.6
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /c/Users/wsw/.gnupg

I also install gpg4win through scoop install gpg4win, and use it as default gpg program. PowerShell:

PS C:\Users\wsw> gpg --version
gpg (GnuPG) 2.2.19
libgcrypt 1.8.5
Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: C:/Users/wsw/AppData/Roaming/gnupg

Please note the different Home directory for different gpg program.

And also I let git use gpg come from gpg4win like below:

PS C:\Users\wsw> git config --get gpg.program
C:\Users\wsw\scoop\apps\gpg4win\current\GnuPG\bin\gpg.exe

But it seems that git does not use this gpg, at least when do git pull for my private-repo.

After do git pull, there are two gpg-agent processes.

Solution:

Delete gpg.exe and gpg-agent.exe shipped with git-windows. Because when git-credential-gopass and gopass runs, the PATH environment variable was modified, so gopassgit-credential-gopass will using gpg.exe shipped with git-windows.

[wsw0108]

https://github.com/git-for-windows/git/issues/2888

[wsw0108]

Update:

• gopass insert test, gopass will use gpg from gpg4win(if installed)
• git pull -C private-repo, git-credential-gopass will use gpg shipped with git-windows

2021/01/23 16:53:54.925294 cli/gpg.go:64    cli.New initializing LRU cache
2021/01/23 16:53:54.925294 cli/gpg.go:70    cli.New LRU cache initialized
2021/01/23 16:53:54.925294 cli/gpg.go:72    cli.New detecting binary
2021/01/23 16:53:54.960293 cli/binary_windows.go:25 cli.detectBinary    Looking for 'C:\Users\wsw\scoop\apps\gpg4win\3.1.11\GnuPG\bin\gpg.exe' ...
2021/01/23 16:53:54.984294 cli/binary_windows.go:31 cli.detectBinary    Found 'C:\Users\wsw\scoop\apps\gpg4win\3.1.11\GnuPG\bin\gpg.exe' at 'C:\Users\wsw\scoop\apps\gpg4win\3.1.11\GnuPG\bin\gpg.exe' (2.2.19)
2021/01/23 16:53:54.984294 cli/binary_windows.go:25 cli.detectBinary    Looking for 'C:\ProgramData\scoop\apps\git\2.30.0.windows.2\usr\bin\gpg.exe' ...
2021/01/23 16:53:55.008295 cli/binary_windows.go:31 cli.detectBinary    Found 'C:\ProgramData\scoop\apps\git\2.30.0.windows.2\usr\bin\gpg.exe' at 'C:\ProgramData\scoop\apps\git\2.30.0.windows.2\usr\bin\gpg.exe' (2.2.25-unknown)
2021/01/23 16:53:55.008295 cli/binary_windows.go:40 cli.detectBinary    using 'C:\ProgramData\scoop\apps\git\2.30.0.windows.2\usr\bin\gpg.exe'
2021/01/23 16:53:55.008295 cli/gpg.go:78    cli.New binary detected

https://github.com/gopasspw/gopass/blob/6e0aef8aadb379e72703e7f76e16217b5c606c71/internal/backend/crypto/gpg/cli/binary_windows.go#L38

No need to sort found gpg programs.

[wsw0108]

This pr fix my problem, https://github.com/gopasspw/gopass/pull/1751

@AnomalRoil