[BUG] SSH key stored in Android KeyStore cannot be used if user hasn't authenticated in a while

[renyuneyun]

Describe the bug
After removing the device lock (and re-enabling it later), the app asks for password to perform git operations, but nothing works -- I tried my device PIN, GPG key password and even a few other potential passwords.
The error message says problem getting private key from com.zeapo.pwdstore.git.sshj.SshKey$.
IIRC, the ssh key was protected by fingerprint.

To Reproduce
Steps to reproduce the behavior:

1. Set up the repo, using ssh to authenticate (generate a new ssh key pair, and set it up on the git server, github)
2. Go to Android's device security settings, remove device protection (PIN and fingerprint)
3. Re-enable the device lock (Maybe optional, not tested)
4. Go to PasswordStore
5. Perform any git operation (e.g. "synchronize repository")

Expected behavior
Ask for fingerprint, and pass when fingerprint matches.

Screenshots

Device information (please complete the following information):

• Device: OnePlus 6
• OS: BlissROM 12.12, Android 10
• App version: 1.13.4

Additional context
It started to happen before this version. Maybe this existed long ago.

[fmeum]

While the error message we show is terrible, fingerprint protected credentials are irrecoverably lost after turning off the device lock.

Can you create a new key via the UI?

[renyuneyun]

Thanks for the quick response. I managed to do that with two attempts.

That's a confusing procedure too. In the first time I tried it, it says failed to delete the old ssh entry (after confirming my fingerprint for the new key).
However, in my second attempt, it succeeds without complaining anything.

[fmeum]

Okay, we definitely need to handle this better. Unfortunately Keystore failures are not reported uniformly across devices, but we can at least do a bit better here.

[hashworks]

I got the same error, so I tried to regenerate an SSH key pair. However, when I select "Protect with screen lock credential" I get this error:

Error while trying to generate the ssh-key
Message :
the master key android-keystore://sshkey exists but is unusable

Should I create an additional issue for that?

[msfjarvis]

I got the same error, so I tried to regenerate an SSH key pair. However, when I select "Protect with screen lock credential" I get this error:

Error while trying to generate the ssh-key
Message :
the master key android-keystore://sshkey exists but is unusable

Should I create an additional issue for that?

No that's similarly related, it can be rolled into this issue.

Note for myself: The exception is thrown here.

[msfjarvis]

I can repro the bug on my device now so I'll work on it today