MacOS Sierra Deprecation warning

[UltraSimplified]

I've just upgraded to MacOS Sierra and it caused me some hassles with github and private keys - I think they've replaced the crypt library they're using, so nothing works.

In the case of Vault, I get this when trying to generate a password

(node:27685) DeprecationWarning: crypto.pbkdf2 without specifying a digest is deprecated. Please specify a digest
Your .vault file is unreadable; check your VAULT_KEY and VAULT_PATH settings

[jimmywilk]

Microsoft

[jcoglan]

@UltraSimplified Can you record here which version of Node you're running, and which version of Vault and its dependencies?

I'm also not sure what you mean by "github and private keys" -- are you using the -k option to generate passwords rather than using a passphrase?

[jcoglan]

An update from my side, trying to reproduce the issue you might be seeing. As far as I can tell, this issue actually refers to three distinct problems:

1. The -k option to generate passwords from private keys not working
2. A deprecation warning about the arguments to crypto.pbkdf2
3. Your stored password settings not being readable

These problems are strictly independent.

I've investigated the issues using these installed modules:

vault@0.3.0 /Users/jcoglan/projects/vault/0.3.0
├─┬ posix-argv-parser@0.4.2
│ └── when@1.3.0
├── pw@0.0.4
├─┬ ssh-agent@0.2.4
│ ├── ctype@0.5.4
│ └── posix-getopt@1.1.0
└── vault-cipher@0.3.3

Issue 1: I generated a new SSH key using Ubuntu 16.04 and then copied it to a machine running OS X El Captitan 10.11.5 and one running macOS Sierra 10.12.1. I ran ssh-add to ad it to my agent on all machines, and I then ran this command using Node versions 4.6.1, 5.12.0, 6.9.1 and 7.0.0:

VAULT_PATH=~+/.keys ./bin/vault -k google

This command produced the same output when I selected my shared private key on all machines, using all Node versions.

Issue 2 is that Node 6 deprecated calling crypto.pbkdf2 without specifying which hashing function to use. However, these calls still work even though a warning is printed. vault-cipher 0.3.3 includes a change to silence the deprecation warning; if you're running a version earlier than this then try upgrading.

Issue 3: I'm not sure what could be causing this; issue 1 is not related to your stored settings (it's related to interaction with your SSH agent) and issue 2 does not prevent vault-cipher (which decrypts your settings file) from working.

If you respond to the analysis I've given above and give me more details for anything that remains broken, I may be able to help further.

[jcoglan]

I'd like to know what you mean by "I think they've replaced the crypt library they're using" -- the -k option interacts with your system's SSH agent, but my understanding is that all the crypto for reading your settings file uses OpenSSL which is vendored in Node, rather than any library installed as part of the OS.

[UltraSimplified]

Hi James, I've just checked and it's node v7.0.0, vault version is 3.10.8

Re: the crypt library, MacOS Sierra messed up my github ssh key briefly and I think it was down to some fundamental changes to their SSH implementation. I put 2+2 together and figured this might have a knock-on effect on Vault (which I think is a great package, by the way).

[UltraSimplified]

I've updated Vault and all is working well again. Apologies, I should have version-checked it first.

Thank you for helping me to get it working again.