Does not fill in password

[wjdp]

Can't seem to get the extension to fill passwords.

1. Visit site login page
2. List of passwords shows in extension
3. Select login
4. Username / email field is filled with the filename of the password. Password field is left blank

I have gpg-agent and a pinentry program. I assume they are set up correctly (i.e. it works from the terminal). Dotfiles are here: https://github.com/wjdp/dotfiles

[hsanson]

Does this happen on all login forms or just one particular web page form?
Do you see any error being displayed in the extension popup?
Can you check the output of the Chrome javascript console as see if there are any errors there too?

At this stage it is very unlikely that I can help you with this issue unless I can replicate it. Note that I have only tested this on Ubuntu 16:04 and works perfectly for me.

[wjdp]

• All web forms
• No messages in the extension popup
• No messages in Chrome dev console

Under no illusion this is a tricky one 😄

Running Ubuntu 16.04 with the i3 window manager, this may be changing the environment slightly.

[mrtndwrd]

Same here:

chromium-browser --version
Chromium 58.0.3029.110 Built on Ubuntu , running on Ubuntu 16.04

and

google-chrome --version
Google Chrome 58.0.3029.110 

pass:

$ pass --version
============================================
= pass: the standard unix password manager =
=                                          =
=                  v1.6.5                  =
=                                          =
=             Jason A. Donenfeld           =
=               Jason@zx2c4.com            =
=                                          =
=      http://www.passwordstore.org/       =
============================================

gpg-agent:

$ gpg-agent --version
gpg-agent (GnuPG) 2.1.11
libgcrypt 1.6.5

nativePass location:

$ which nativePass
/home/users/maarten/.local/bin/nativePass

nativePass version:

$ pip3 freeze | grep pass
chrome-pass==0.2.1

chrome-pass plugin: also 0.2.1

Window manager: cinnamon (although I can't really imagine that makes a difference)

[hsanson]

@wjdp @mrtndwrd I would need your help to debug this issue as I cannot replicate it on my system. Since you mention that the list of passwords do appears in the extension popup I assume that the extension and native pass are installed correctly. If only the password is not being filled it can only mean that the GPG decryption in the nativeApp is not working.

I just published a new version of the nativePass application that contains an additional command to test password decryption. Please install the new version:

pip3 install --user chrome-pass==0.2.2
nativePass install

With this command in place you can now run the following to get a list of credentials with decrypted passwords:

nativePass pass gmail.com

The above command will print all credentials/passwords that match gmail.com. You can test with any credentials you have. Warning: this will output all your passwords to stdout if successful.

You may also try to test if your python3 installation is able to decrypt the passwords using the following python code:

import gnupg
import os

gpg = gnupg.GPG()
txt   = open("~/.password-store/path/to/a/password.gpg", "rb")
data = gpg.decrypt_file(txt)
if data.status == "decryption ok":
  password = data.data.decode('utf-8').split("\n")[0]
  print("Password: %s"%password)
else:
  print("Decryption failed : %s"%data.status)

The code above is the exact same code used by the nativePass application to decrypt the passwords. If that does not work then we need to find out why.

Some notes:

1. The path in the open() method must be the full path to the .gpg file that contains the password.
2. Note that if decription fails (e.g. data.status is not ok) then nothing gets returned that matches the behavior you are seeing. I will change this so if there is a decode error I return an error instead.
3. Not sure but if your locale is not English maybe data.status returns a different message? In that case I would like to know what it is returning.
4. The decoded data actually includes all the data inside the .gpg file. I simply take the first line of the file (e.g. data.decode('utf-8').split("\n")[0]). Make sure your passwords are at the first line of the gpg files.

[mrtndwrd]

Right. Which version of gnupg are you using? I tried with two different versions, yielding different results:

Ubuntu default:

In [4]: gnupg.__version__
Out[4]: '0.4.1'

In [6]: import gnupg
   ...: import os
   ...: 
   ...: gpg = gnupg.GPG()
   ...: txt   = open("<my-key>.gpg", "rb")
   ...: data = gpg.decrypt_file(txt)
   ...: if data.status == "decryption ok":
   ...:   password = data.data.decode('utf-8').split("\n")[0]
   ...:   print("Password: %s"%password)
   ...: else:
   ...:   print("Decryption failed : %s"%data.status)
   ...:   

Decryption failed : decryption failed

Newest version on pip: gnupg-2.3.0:

In [2]: gnupg.__version__
Out[2]: '2.3.0'

In [3]: import gnupg
   ...: import os
   ...: 
   ...: gpg = gnupg.GPG()
   ...: txt   = open("<my-key>.gpg", "rb")
   ...: data = gpg.decrypt_file(txt)
   ...: if data.status == "decryption ok":
   ...:   password = data.data.decode('utf-8').split("\n")[0]
   ...:   print("Password: %s"%password)
   ...: else:
   ...:   print("Decryption failed : %s"%data.status)
   ...:   
Decryption failed : None

Middle ground, newest 1.* version:

In [2]: import gnupg
   ...: 
   ...: print(gnupg.__version__)
   ...: 
   ...: import os
   ...: 
   ...: gpg = gnupg.GPG()
   ...: txt   = open("<my-key>.gpg", "rb")
   ...: data = gpg.decrypt_file(txt)
   ...: if data.status == "decryption ok":
   ...:   password = data.data.decode('utf-8').split("\n")[0]
   ...:   print("Password: %s"%password)
   ...: else:
   ...:   print("Decryption failed : %s"%data.status)
   ...:   
1.4.0
Decryption failed : decryption failed

Last thing i tried (with python gnupg 2.3.0):

In [14]: gpg = gnupg.GPG(binary="/usr/bin/gpg2", verbose="vv")

In [15]: txt   = open("<my-key>.gpg", "rb")
    ...: data = gpg.decrypt_file(txt)
    ...: if data.status == "decryption ok":
    ...:   password = data.data.decode('utf-8').split("\n")[0]
    ...:   print("Password: %s"%password)
    ...: else:
    ...:   print("Decryption failed : %s"%data.status)
    ...:   
Decryption failed : decrypt 4294967295

I don't know what's happening here anymore.

Full disclosure: I am using a GPG smart card instead of keys that are saved on the hard drive, but as long as python-gnupg is just a wrapper around gpg2, I think that should not be a problem...

[hsanson]

@mrtndwrd thanks for the feedback. As suspected the decryption is giving troubles for some reason. For reference I use gnupg version 0.3.9 with gpg2 binary.

If you change the nativePass code so it works with your last example does the extension work for you?

[mrtndwrd]

Just to be clear: the last example doesn't work either. So what would be the point?

…

On 25 Jul 2017 12:08 pm, "Horacio Sanson" ***@***.***> wrote: @mrtndwrd <https://github.com/mrtndwrd> thanks for the feedback. As suspected the decryption is giving troubles for some reason. For reference I use gnupg version 0.3.9 with gpg2 binary. If you change the nativePass code so it works with your last example does the extension work for you? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#8 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAy00yTokHKbKe5mdxbPwr67gw43dZEtks5sRb6qgaJpZM4OezSQ> .

[wjdp]

import gnupg
import os

print(gnupg.__version__)

gpg = gnupg.GPG()
txt   = open(".password-store/key.gpg", "rb")
data = gpg.decrypt_file(txt)
if data.status == "decryption ok":
  password = data.data.decode('utf-8').split("\n")[0]
  print("Password: %s"%password)
else:
  print("Decryption failed : %s"%data.status)

yields

0.4.1
Decryption failed : decryption failed

Seems same issue as @mrtndwrd. I suspect while gpg-agent is working within our shell environments when running elsewhere on the system it is not setup correctly. Beyond this I know very little about the workings of gpg.

(I mention window manager previously as using something other than Ubuntu's default forces you to do some of the setup work for tools like gpg-agent, whereas unity does this for you.)

[mrtndwrd]

Well, thunderbird is communicating with my gpg agent without troubles...

…

On 25 Jul 2017 5:13 pm, "Will Pimblett" ***@***.***> wrote: import gnupgimport os print(gnupg.__version__) gpg = gnupg.GPG() txt = open(".password-store/key.gpg", "rb") data = gpg.decrypt_file(txt)if data.status == "decryption ok": password = data.data.decode('utf-8').split("\n")[0] print("Password: %s"%password)else: print("Decryption failed : %s"%data.status) yields 0.4.1 Decryption failed : decryption failed Seems same issue as @mrtndwrd <https://github.com/mrtndwrd>. I suspect while gpg-agent is working within our shell environments when running elsewhere on the system it is not setup correctly. Beyond this I know very little about the workings of gpg. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#8 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAy008p18Ld1TWt9-gKb8IuNdjK3YgYiks5sRgYugaJpZM4OezSQ> .

[wjdp]

With the nativePass tool I get ~600 lines of top level items in my pass directory like:

$ nativePass pass live.com
…
compare gov and pass score 0.0000
compare twitter.com and pass score 0.0000
compare twitter.com and pass score 0.0000
compare live.com and pass score 0.0000
compare licence and pass score 0.0000

[hsanson]

@mrtndwrd @wjdp thanks for the debugging. Reading the documentation of gnupg python module it looks like by default it does not use gpg-agent. Also found some other details that can help improve the decoding code: https://pythonhosted.org/python-gnupg

Would you mind trying again using the following modified code?

import gnupg
import os

print(gnupg.__version__)

PASSFILE="/full/path/to/password.gpg"

gpg = gnupg.GPG(use_agent=True)
txt   = open(PASSFILE, "rb")
data = gpg.decrypt_file(txt)
if data.ok:
  password = data.data.decode('utf-8').split("\n")[0]
  print("Password: %s"%password)
else:
  print("Decryption failed : %s"%data.stderr)

When creating the gpg object try different options like gpgbinary, gnupghome, etc. And let me know the results you get.

@wjdp the output you show above is from nativePass 0.2.1 and below. On version 0.2.2 you should actually get a list of the password paths and the decrypted passwords:

pass /Services/godaddy.com/account1    [secret password]
pass /gmail.com/account002                    [secret password]
....

[hsanson]

After some more investigation it seems the python-gnupg module found in pip is a modified version of the original module. After installing that version on my machine the plugin and the test script above stopped working on my machine too.

If possible please uninstall any gnupg package you have installed on your machines and leave the default one that comes with python. Just uninstalling anything gnupg related via "pip3 uninstall" would do. Then test to see if the test script works for you.

And also I just released version 0.2.3 of the extension with some usability improvements. Now errors are shown in the popup window as they should.

[mrtndwrd]

I just found out yesterday I was testing with the wrong gnupg: there's python-gnupg and gnupg. I uninstalled everything, but then I'm unable to import gnupg from python, so I don't have the "default" you are talking about.

I installed python3-gnupg from the Ubuntu repo (apt install python3-gnupg), which is version 0.3.8:

0.3.8
Decryption failed : [GNUPG:] ENC_TO 11DA7FF654ACA739 1 0
gpg: pcsc_list_readers failed: unknown PC/SC error code (0x8010002e)
[GNUPG:] CARDCTRL 5
gpg: card reader not available
gpg: encrypted with 2048-bit RSA key, ...
gpg: public key decryption failed: general error
[GNUPG:] ERROR pkdecrypt_failed 1
[GNUPG:] BEGIN_DECRYPTION
[GNUPG:] DECRYPTION_FAILED
gpg: decryption failed: secret key not available
[GNUPG:] END_DECRYPTION

Now I found out that this is the same problem as when I try to decrypt using gpg instead of gpg2:

$ gpg --decrypt <pass.gpg>
gpg: pcsc_list_readers failed: unknown PC/SC error code (0x8010002e)
gpg: card reader not available
gpg: encrypted with 2048-bit RSA key, ID 0x11DA7FF654ACA739, created 2016-02-29
      "Maarten de Waard <maarten@greenhost.nl>"
gpg: public key decryption failed: general error
gpg: decryption failed: secret key not available

Tried again to set the binary to gpg2, but this time with python-gnupg instead of gnupg:

In [10]: import gnupg
    ...: import os
    ...: 
    ...: print(gnupg.__version__)
    ...: 
    ...: PASSFILE="/home/users/maarten/.password-store/greenhost/cosmos-accept.greenhost.nl/maarten.gpg"
    ...: 
    ...: gpg = gnupg.GPG(gpgbinary="/usr/bin/gpg2", use_agent=True)
    ...: txt   = open(PASSFILE, "rb")
    ...: data = gpg.decrypt_file(txt)
    ...: if data.ok:
    ...:   password = data.data.decode('utf-8').split("\n")[0]
    ...:   print("Password: %s"%password)
    ...: else:
    ...:   print("Decryption failed : %s"%data.stderr)
    ...:   
0.3.8
Password: <my password>

SUCCESSS!!!

[mrtndwrd]

Check #9 for my changes

[hsanson]

@mrtndwrd thanks for the debugging and the MR.

In resume:

The python-gnupg package installed via pip breaks python GPG decryption. There is a recent issue about this.

Instead make sure to use the python3-gnupg package that comes by default with Ubuntu.

pip3 uninstall python-gnupg
sudo apt-get instrall python3-gnupg

Now regarding the gpg vs gpg2 binary is more complicated. I will close this issue and open a new one to track this.