Ubuntu 14.04 paper key failure does not indicate reason and resets input.

[noahlz]

[noahlz: keybase]$ keybase --version
keybase version 1.0.16-20160728160033+4e1c5b4
[noahlz: keybase]$ uname -a
Linux xps13-9343 3.13.0-37-generic #64bdw1-Ubuntu SMP Thu Sep 25 14:01:25 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

When I try to provision using my paper key, nothing happens. In the desktop client, it does not proceed when I click continue (despite displaying the spinner for a few seconds). In CLI, the gtk dialog appears, when I enter the key correctly, it redisplays. When I enter the key wrong, it tells me which word was wrong.

No error messages immediately visible. It just keeps re-prompting for the paper key.

[maxtaco]

Sorry about this. Can you do 'keybase log send'? Thank you. We will investigate.

Cc @patrickxb

On Saturday, July 30, 2016, Noah Zucker notifications@github.com wrote:

[noahlz: keybase]$ keybase --version keybase version 1.0.16-20160728160033+4e1c5b4 [noahlz: keybase]$ uname -a Linux xps13-9343 3.13.0-37-generic #64bdw1-Ubuntu SMP Thu Sep 25 14:01:25 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

When I try to provision using my paper key, nothing happens. In the desktop client, it does not proceed when I click continue (despite displaying the spinner for a few seconds). In CLI, the gtk dialog appears, when I enter the key correctly, it redisplays. When I enter the key wrong, it tells me which word was wrong.

No error messages immediately visible. It just keeps re-prompting for passwords.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/keybase/keybase-issues/issues/2442, or mute the thread https://github.com/notifications/unsubscribe-auth/AA05_7-kRWYrFj5JbixOw1_g1c1_UXOTks5qa99egaJpZM4JY6uk .

[noahlz]

Done

[maxtaco]

Thanks. What was the log id?

On Saturday, July 30, 2016, Noah Zucker notifications@github.com wrote:

Done

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/keybase/keybase-issues/issues/2442#issuecomment-236402517, or mute the thread https://github.com/notifications/unsubscribe-auth/AA05_zxq94iwi50gUNeZHgsrMf_V9JDXks5qa_9ZgaJpZM4JY6uk .

[noahlz]

4161b4e19cb2171c8f65a21c

[maxtaco]

This kind of thing is pretty for hard for us to debug, but it looks like you entered a paper key that's valid, in that it has the right number of words, pulls all words from our known dictionary, and ends in one of the ~100 words that specifies "version 1" of the format... BUT... it's still a key that we've never seen before. I'd say most likely it's some sort of transcription or transposition error. We've recently tested paper key provisioning and it works for us.

@patrickxb any other thoughts?

[maxtaco]

@noahlz what are the first two words of the paper key you were typing? Are they inmate improve? The first two words are public and are listed on your public profile.

[noahlz]

Yes, those are the first two words.

What's interesting is that when I get a word wrong, it tells me (something like invalid word is "inprove" were I to miss "improve"), but when I get them all correct, it resets the input and does not display any error message.

I was able to verify the device where this is happening (Ubuntu Laptop Dell XPS-13 developer edition with Dell repackaged Ubuntu 14.04) - by using another verified device. So this isn't blocking me at this point.

You can close "cannot reproduce" if you want.

[maxtaco]

I agree with your debugging, but if you transposed two words when you wrote down your paper key (i.e., inmate improve cat dog versus inmate improve dog cat), we wouldn't be able to error check that. You'd just enter a private key that doesn't correspond to a known public key, which what your log was saying.

I'd suggest you revoke your old paper key and generate a new one btw!

[noahlz]

Could you at least give some kind of user feedback - "invalid key!" inconsistent to do it in one case, but not the other.

You should probably just say "The key as is not valid." in call cases to avoid giving hints to the hackerz

If I get a new paper key, do I have to reset all my verification keys on keybase? If so - seems like I'd rather just figure out what I did wrong with my paper key.

[maxtaco]

Oh yeah, definitely. Sorry, I skipped over that part of the bug report, but @malgorithms told me to pay better attention. We have a ticket to investigate and fix.

No, revoking the old paper key and making a new one won't have any effect on your account aside from the keys in question. Your old keys and proofs would still be valid. Your data on KBFS will be largely unchanged, though just keyed for your new set of keys.

For now, also, you can also just add a new paper key and keep the old.

[garyemiller]

I also can not get paper keys to wok on my Gentoo. Similar to above. But I'm doing cut paste of paper keys so I know I got it right. I assume I'm to copy all the words? All at once? One per dialog window? I assume extra spaces do not matter? I can't find examples or doc on how this is supposed to work.

The few error messages make no sense. How can a paper key have a version number? I'm not typing in a version number and some times it says I typed in a bad version number!

[maxtaco]

@garyemiller it might be the paper key was copied down incorrectly in the first place. We've tested this feature extensively recently and it works in our testing.

We should fix that error message though. Internally, paper keys are "versioned" by looking at the last word in the sequence. Though every other word can be one of 2048, that last one can be one of the 128 words that mean "version 1" of the protocol. We're reserving the other 1920 words to mean "any version but version 1".

[maxtaco]

cc: @patrickxb on the above

[garyemiller]

@garyemiller it might be the paper key was copied down incorrectly in the first place.

Copy down? Byte your tongue! I always cut/paste these things into a gpg protected file. No way there is a copy error.

We've tested this feature extensively recently and it works in our testing.

If so, then your documentation fails in telling me how to duplicate your test case.

I'm still unclear on how much of the string to cut/paste. All of it? Skip the first two words? Or??

We should fix that error message though. Internally, paper keys are "versioned" by looking at the last word in the sequence

Is that actually documented anywhere a normal user might see it? It is certainly an oddball usage you can't expect Joe Six-pack to grok. It is cool you are trying new concepts, but that comes with the need to educate the users to these new concepts.

[maxtaco]

I'm still unclear on how much of the string to cut/paste. All of it? Skip the first two words? Or??

All of it.

[garyemiller]

All of it.

The first thing I tried. And the last. I just get prompted again and again.

Clearly the Gentoo version 1.0.16 is too old. I'll keep asking them to bump it.

[maxtaco]

How many words are in your paper key?

[garyemiller]

How many words are in your paper key?

I have 2 paper keys, they both have 13 words. I do see how it would be easy to miss the 'version' as it wraps to the next line on an 80 col terminal.

If I had the wrong count, and the count is fixed by version, then the error message should tell me.

[noahlz]

Hello all, I modified the subject to highlight my principal concern: the KeyBase cli and desktop client did not provide feedback with the problem with the paper key, and simply prompted for new input (on the desktop UI, it resets the input field without any error text).

This is a problem because as a user I don't have feedback to indicate if the input was invalid - it gives the impression that it (the client) simply isn't working.

I'm less concerned if the paper key was valid or not.