Cryptomator stays hidden in tray

[droidmonkey]

Please agree to the following

• [X] I have searched existing issues for duplicates

Summary

Cryptomator application stays hidden in tray when plugin is installed

What software is involved?

• Operating System: Windows 11
• Cryptomator: 1.6.8
• …

Steps to Reproduce

1. Download and install Cryptomator 1.6.8
2. Download and install this plugin
3. Start Cryptomator, notice the main window never shows
4. …

Expected Behavior

Main window shows

Actual Behavior

Cryptomator stays in tray

Reproducibility

Always

Relevant Log Output

08:31:26.691 [main] INFO  org.cryptomator.launcher.Cryptomator - Starting Cryptomator 1.6.8 on Windows 11 10.0 (amd64)
08:31:26.745 [main] INFO  org.cryptomator.ipc.Server - Spawning IPC server listening on socket C:\Users\jwhit\AppData\Roaming\Cryptomator\ipc.socket
08:31:27.320 [JavaFX Application Thread] INFO  o.c.ui.launcher.FxApplicationStarter - JavaFX Runtime started.

Anything else?

This is the log when the plugin is not in the AppData/Roaming/Cryptomator/Plugins folder:

08:24:52.280 [main] INFO org.cryptomator.launcher.Cryptomator - Starting Cryptomator 1.6.8 on Windows 11 10.0 (amd64) 08:24:52.377 [main] INFO org.cryptomator.ipc.Server - Spawning IPC server listening on socket C:\Users\jwhit\AppData\Roaming\Cryptomator\ipc.socket 08:24:53.084 [JavaFX Application Thread] INFO o.c.ui.launcher.FxApplicationStarter - JavaFX Runtime started. 08:24:59.980 [JavaFX Application Thread] INFO o.cryptomator.ui.fxapp.UpdateChecker - Current version: 1.6.8, lastest version: 1.6.7 08:31:10.513 [App Scheduled Executor 01] INFO o.c.common.settings.SettingsProvider - Settings saved to C:\Users\jwhit\AppData\Roaming\Cryptomator\settings.json 08:31:12.588 [App Scheduled Executor 02] INFO o.c.common.settings.SettingsProvider - Settings saved to C:\Users\jwhit\AppData\Roaming\Cryptomator\settings.json 08:31:19.580 [main] INFO org.cryptomator.launcher.Cryptomator - UI shut down 08:31:19.581 [main] INFO org.cryptomator.launcher.Cryptomator - Exit 0

[purejava]

The plugin does have problems with two or more Cryptomator vaults, in case at least one vault is configured for automount.

The requests for the vaults are sent at Cryptomator startup simultaneously and block each other. That's why the Cryptomator UI doesn't show up.

Can you confirm, that you have more than one Cryptomator vaults and automount enabled?

[droidmonkey]

I only have one vault loaded and it doesn't automount. I've confirmed the gui shows if I shutdown keepassxc completely then launch cryptomator. I might need to send this through a debugger.

I'm using the latest develop branch of keepassxc built in release mode.

[purejava]

I cannot reproduce the issue with KeePassXC 2.7.0 on Windows 11 and set up the KeePassXC build environment on Windows 11 to test the KeePassXC develop branch. Unfortunately I wasn't able to compile the code. After installing everything, make failed with

$ make -j8 package
make: *** No rule to make target 'package'.  Stop.

I've started to improve the plugin to fix https://github.com/purejava/keepassxc-proxy-access/issues/6. There is a compiled version of the plugin from the develop branch available for download here.

Could you test your latest develop branch of KeePassXC with that to see if it makes a difference for you?

[purejava]

Please note, that the SNAPSHOT version mentioned above is WIP needs an established connection to the KeePassXC database to work.

[droidmonkey]

To build just do the package part in the make command. You can use cpack afterwards to make a zip.

Where does the private key get stored. I made a connection using a very old version of the plugin before updating it. I think I polluted the settings enough to cause this failure.

[purejava]

Where does the private key get stored. I made a connection using a very old version of the plugin before updating it. I think I polluted the settings enough to cause this failure.

if (SystemUtils.IS_OS_WINDOWS) {
  connection = new WindowsConnection();
  fileLocation = System.getenv("AppData") + "keepass-proxy-access/" + FILE_NAME;
}

[droidmonkey]

Unfortunately deleting that did not solve the problem, I will await the updated version.

Aside... dunno if this is fixed but the above code seems to place the config file in AppData/Roamingkeepass-proxy-access it was missing the intermediate '/'

[purejava]

Aside... dunno if this is fixed but the above code seems to place the config file in AppData/Roamingkeepass-proxy-access it was missing the intermediate '/'

Thanks for the hint, fixed.

[purejava]

Could you please re-test with keepassxc-cryptomator 1.1.1 if it makes a difference for you?

Please note: in order to use the plugin with vaults intended to be opened with automount, KeePassXC must be associated with Cryptomator before enabling automount for a vault.

[droidmonkey]

The same behavior occurs. If I close KeePassXC and force shutdown the proxy I can get cryptomator to launch, but I cannot choose the proxy from the password providers and it still throws a log error even though it is not the chosen provider:

06:59:04.560 [main] INFO org.cryptomator.launcher.Cryptomator - Starting Cryptomator 1.6.8 on Windows 11 10.0 (amd64) 06:59:04.651 [main] INFO org.cryptomator.ipc.Server - Spawning IPC server listening on socket C:\Users\jwhit\AppData\Roaming\Cryptomator\ipc.socket 06:59:05.441 [JavaFX Application Thread] INFO o.c.ui.launcher.FxApplicationStarter - JavaFX Runtime started. 06:59:06.476 [JavaFX Application Thread] ERROR org.keepassxc.WindowsConnection - Cannot connect to proxy. Is KeepassXC started? 06:59:11.220 [App Scheduled Executor 01] INFO o.c.common.settings.SettingsProvider - Settings saved to C:\Users\jwhit\AppData\Roaming\Cryptomator\settings.json 06:59:12.215 [JavaFX Application Thread] INFO o.cryptomator.ui.fxapp.UpdateChecker - Current version: 1.6.8, lastest version: 1.6.8

If I have KeePassXC running the app gets stuck at the JavaFX Runtime started log entry and cryptomator is just churning away on something:

[purejava]

Ok, first some notes on how Cryptomator enables password backends (the keepasxc-cryptomator plugin is one of them) on statup: Cryptomator checks on startup, what backends are available. Every available backend gets configured and will show up in the prefs dialog. If it's not there, Cryptomator hadn't configured it and won't be able to use it.

Therefore KeePassXC needs to be running when Cryptomator starts, otherwise using the plugin will not work. If the plugin jar is found by Cryptomator on startup, but KeePassXC is not running, the error message you mentioned ERROR org.keepassxc.WindowsConnection - Cannot connect to proxy. Is KeepassXC started? is written to the logs, but the plugin is not configured in this case and Cryptomator won't be able to use it.

[purejava]

The behavior you describe indicates problems in sending and receiving messages to KeePassXC, probably a dead lock in reading and writing to the named pipe. This should work for Windows and KeePassXC 2.7.0. As I am not able to set up KeePassXC based on the latest develop branch of KeePassXC, do yo have a chance to repeat the test with 2.7.0?

In case this still causes trouble a further step would be to enable trace logging for Cryptomator and the plugin.

EDIT: typo

[droidmonkey]

Yah I need to send this to the debugger.

[droidmonkey]

OK so running KPXC in debugger I see that cryptomator requests for a public key change (good), we send back the reply, then nothing else happens.

[purejava]

Thanks for debugging the KeePassXC side.

With none ore one vault configured without automount this plugin should send and receive 2 requests to KeePassXC on Cryptomator startup:

• change-public-keys (after connecting to the pipe)
• get-databasehash, which is the way of the plugin to test whether the KeePassXC backend is locked

The second one is missing obviously, the question is: why. Unfortuntely enabling debug logging in Cryptomator does not show the debug or trace logs of the plugin right now. This might change in the future, right now, the only way to get the logs is to change this line of code and compile Crytpmator with this change.

[droidmonkey]

Figured it out, on Windows you are creating TWO socket connections to KeePassXC, one is a read-only the other is read-write. When you write to the latter, we send the response back to that socket. However, you listen for a response on the read-only socket. You need to single up on a single read-write socket connection. The problem is here: https://github.com/purejava/keepassxc-proxy-access/blob/45985657b1f557bcb1749034d85714f9f5f65d6a/src/main/java/org/keepassxc/WindowsConnection.java#L29-L32

[purejava]

Oh, thanks! I invented two pipe connections to KeePassXC due to another problem in the past, but that should be solved with the latest release 1.1.1 of the plugin. I'll turn that back and provide a new release with only one pipe connection. Hopefully, that will solve this issue.

Meanwhile I gave the Windows build environment another try to get a repro of this issue. Last time I set up MINGW, this time Visual studio.

With the steps you provide it's not possible to configure for -DWITH_XC_ALL=ON, it fails with:

PS C:\Users\ralph\git\keepassxc\build> cmake -DWITH_XC_ALL=ON -DCMAKE_BUILD_TYPE=Release -DCMAKE_TOOLCHAIN_FILE=C:C:\Users\ralph\git\vcpkg-export\vcpkg-export-20220320-183838\scripts\buildsystems\vcpkg.cmake ..
-- Building for: Visual Studio 17 2022
CMake Error at C:/Program Files/CMake/share/cmake-3.23/Modules/CMakeDetermineSystem.cmake:130 (message):
  Could not find toolchain file:
  C:C:\Users\ralph\git\vcpkg-export\vcpkg-export-20220320-183838\scripts\buildsystems\vcpkg.cmake
Call Stack (most recent call first):
  CMakeLists.txt:19 (project)

-- Configuring incomplete, errors occurred!
PS C:\Users\ralph\git\keepassxc\build> cmake -DWITH_XC_ALL=ON -DCMAKE_BUILD_TYPE=Release -DCMAKE_TOOLCHAIN_FILE=C:\Users\ralph\git\vcpkg-export\vcpkg-export-20220320-183838\scripts\buildsystems\vcpkg.cmake ..
-- The C compiler identification is MSVC 19.31.31107.0
-- The CXX compiler identification is MSVC 19.31.31107.0
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Check for working C compiler: C:/Program Files/Microsoft Visual Studio/2022/Community/VC/Tools/MSVC/14.31.31103/bin/Hostx64/x64/cl.exe - skipped
-- Detecting C compile features
-- Detecting C compile features - done
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Check for working CXX compiler: C:/Program Files/Microsoft Visual Studio/2022/Community/VC/Tools/MSVC/14.31.31103/bin/Hostx64/x64/cl.exe - skipped
-- Detecting CXX compile features
-- Detecting CXX compile features - done
-- Found Git HEAD Revision: f15ee90

-- Setting up build for KeePassXC v2.7.1-snapshot

-- Found OpenMP_C: -openmp (found version "2.0")
-- Found OpenMP_CXX: -openmp (found version "2.0")
-- Found OpenMP: TRUE (found version "2.0")
-- Performing Test CC_HAS_Werror_format_security
-- Performing Test CC_HAS_Werror_format_security - Failed
-- Performing Test CXX_HAS_Werror_format_security
-- Performing Test CXX_HAS_Werror_format_security - Failed
-- Performing Test CC_HAS_Werror_implicit_function_declaration
-- Performing Test CC_HAS_Werror_implicit_function_declaration - Failed
-- Performing Test CC_HAS_Wcast_align
-- Performing Test CC_HAS_Wcast_align - Failed
-- Performing Test CXX_HAS_Wcast_align
-- Performing Test CXX_HAS_Wcast_align - Failed
-- Performing Test CXX_HAS_fsized_deallocation
-- Performing Test CXX_HAS_fsized_deallocation - Failed
-- Using windeployqt: C:/Users/ralph/git/vcpkg-export/vcpkg-export-20220320-183838/installed/x64-windows/tools/qt5-tools/bin/windeployqt.exe
-- Found Botan2: C:/Users/ralph/git/vcpkg-export/vcpkg-export-20220320-183838/installed/x64-windows/lib/botan.lib (found version "2.18.1")
-- Found ZLIB: optimized;C:/Users/ralph/git/vcpkg-export/vcpkg-export-20220320-183838/installed/x64-windows/lib/zlib.lib;debug;C:/Users/ralph/git/vcpkg-export/vcpkg-export-20220320-183838/installed/x64-windows/debug/lib/zlibd.lib (found version "1.2.11")
CMake Error at C:/Program Files/CMake/share/cmake-3.23/Modules/FindPackageHandleStandardArgs.cmake:230 (message):
  Could NOT find PCSC (missing: PCSC_LIBRARIES PCSC_INCLUDE_DIRS)
Call Stack (most recent call first):
  C:/Program Files/CMake/share/cmake-3.23/Modules/FindPackageHandleStandardArgs.cmake:594 (_FPHSA_FAILURE_MESSAGE)
  cmake/FindPCSC.cmake:37 (find_package_handle_standard_args)
  C:/Users/ralph/git/vcpkg-export/vcpkg-export-20220320-183838/scripts/buildsystems/vcpkg.cmake:805 (_find_package)
  CMakeLists.txt:518 (find_package)

-- Configuring incomplete, errors occurred!
See also "C:/Users/ralph/git/keepassxc/build/CMakeFiles/CMakeOutput.log".
See also "C:/Users/ralph/git/keepassxc/build/CMakeFiles/CMakeError.log".
PS C:\Users\ralph\git\keepassxc\build>

I used -DWITH_XC_BROWSER=ON instead of ALL and that configured fine. But like with MINGW before, I can't compile it:

-- Generating done
-- Build files have been written to: C:/Users/ralph/git/keepassxc/build
PS C:\Users\ralph\git\keepassxc\build> make
make: *** No targets specified and no makefile found.  Stop.
PS C:\Users\ralph\git\keepassxc\build>

I can compile the code on Mac and Linux, but can't get Windows make to work. On Mac and Linux I just issue a make -j8. It seems, I am still missing something, that is not described in your steps.

[droidmonkey]

For msvc you don't use make, if anything you use nmake. PCSC is built into windows libraries, it should be not possible for it to be missing if you have the windows sdk installed. Plus you have an extra C: in front of your build chain definition.

[purejava]

For msvc you don't use make, if anything you use nmake. PCSC is built into windows libraries, it should be not possible for it to be missing if you have the windows sdk installed. Plus you have an extra C: in front of your build chain definition.

nmake is not found. I installed VS like shown on the screenshot of your description. I'll search on the web if there is a download for that SDK. Windows sucks.

Yeah, I invoked the cmake a second time without the extra C: as shown above.

[purejava]

Good news! I managed to get a repro of this issue on Windows. On starting Cryptomator it hang with these log messages:

[main] DEBUG org.keepassxc.Connection - MessagePublisher started
[main] TRACE org.keepassxc.WindowsConnection - Sending message: {"action":"change-public-keys","clientID":"Ll6MV+Rn1RLdOoqJ47kuTXnEn0mQsHEJ","publicKey":"+G4i9KM9/sUv3SS/UOS+f+oNyGDKoERoUH97ED/WdEk=","nonce":"+Cb9ME2mZKYBN6hNO3E6igr7LsNBMwbW"}

This wasn't a problem with two socket connections to KeePassXC, but with the low level Java class being the interface to the named pipe on Windows. It was not thread safe. This is fixed with https://github.com/purejava/keepassxc-proxy-access/commit/6a6523d065fc8ae97b9319db77ae321f2bbf6e58.

But I've still changed the number of connections to KeePassXC back to one.

There is one remaining issue with keepassxc-cryptomator on Windows, that can't be fixed though. When multiple connections to KeePassXC are made at the same time and the association with KeePassXC hasn't been made yet, all of these connections pop up the association dialog.

Due to a Qt bug on Windows this either brings up multiple association dialogs (if you are lucky) or keeps Cryptomator from binging up the UI and staying in the tray. Cryptomator and KeePassXC both crash in this case.

A common scenario where this happens is when you have more than one vault and they are configured for automount. Cryptomator tries to get all passwords for these vaults on startup at once.

There are workarounds to avoid this issue. It's necessary to stop KeePassXC and disable automount for all vaults. Then KeePassXC can be started again and Cryptomator restarted (to enable keepassxc-cryptomator). After association with KeePassXC has been done e.g. by unlocking one vault and associating with KeePassXC doing this, automount can be switched on again for all vaults. From then on, everything works as expected.

The problem described above does not occur, when you've only one vault in Cryptomator. The Qt bug mentioned above was already avoided with keepassxc-cryptomator release 1.0.1 but there is nothing that can be done about it when multiple connections to KeePassXC are made at the same time.

[purejava]

There is one remaining issue with keepassxc-cryptomator on Windows, that can't be fixed though. When multiple connections to KeePassXC are made at the same time and the association with KeePassXC hasn't been made yet, all of these connections pop up the association dialog.

Due to a Qt bug on Windows this either brings up multiple association dialogs (if you are lucky) or keeps Cryptomator from binging up the UI and staying in the tray. Cryptomator and KeePassXC both crash in this case.

A common scenario where this happens is when you have more than one vault and they are configured for automount. Cryptomator tries to get all passwords for these vaults on startup at once.

There is very good news! Version 1.6.11 of Cryptomator does not show the issue any more. According to the changelog, a race condition on auto-unlock several vaults has been fixed.

I retested keepassxc-cryptomator 1.1.2 with Cryptomator 1.6.11 and KeePassXC 2.7.1 with all vaults configured for automount on startup. The association dialogs pop up properly. Take a look by yourself:

https://user-images.githubusercontent.com/1822238/181748854-ae635215-d558-498e-b49f-c8075ca55ea9.mov

It seems, that there has been a problem with Cryptomator that is fixed now.

[droidmonkey]

Excellent!

Confirmed everything works as expected now.