archlinux / Firefox: a mounted store fails to decrypt

[xschlef]

If I browse to a webpage where I need credentials from a substore then gopass bridge fails to unlock the store. I am not even asked for a password.

Firefox 76.0.1, gopass bridge 0.7.0

I can unlock it with chrome or manually via cli as a workaround, then everything works as expected.

[Pharb]

Thanks for the report @xschlef.

I just tried with Firefox 76.0.1, gopass bridge 0.7.0, gopass 1.9.2 on MacOS 10.15.5 and it worked for me.

Could you please provide your gopass version and the operating system you are using? How are you managing your GPG keys? Are you using a hardware token (e.g. YubiKey)?

[xschlef]

OS: archlinux, updated every 3-4 days.

gopass:

gopass 1.9.2 (2020-05-13 21:14:02) go1.14.2 linux amd64
<root>     - gpg 2.2.20 - git 2.26.2 -   fs 0.1.0
Available Crypto Backends: age, gpgcli, plain, xc
Available RCS Backends: gitcli, noop
Available Storage Backends: fs, inmem

The errormessage: failed to get secret: Failed to decrypt

I have a store where I have access with a hardware token, but that is not related to this one.

[Pharb]

ok, thanks.

I'm not an expert on Arch, but can you please check that the gopass json api setup was correctly configured for your systems. With gopass jsonapi configure --help you can see some more advanced options. If you want, you can also share the generated gopass_wrapper.sh here.

Usually the failed to get secret: Failed to decrypt error indicates an issue with your GPG or pinentry setup, it is also mentioned here, but this error is very system dependant: https://github.com/gopasspw/gopass/blob/master/docs/faq.md

[walkermalling]

This just happened to me as well. I hadn't touched my config in over a year, and suddenly it stopped working after I used the gopassbridge feature that generates and saves a new password. When I query gopass on the commandline, the whole store is inaccessible, with the message: gpg: decryption failed: No secret key.

However, restarting the gpgagent fixed this: gpgconf --kill gpg-agent. I tested whether using gopassbridge to generate another password would interfere with the gpg agent in some way, but it did not reproduce the bug.