Fail to add resources to Quick Access due to decryption error

[v-xuanzh]

Storage Explorer Version: 1.4.0
Platform/OS Version: Linux Ubuntu 16.04
Architecture: x64
Build Number: 20180802.6
Commit: e9fc436c
Regression From: Previous release 1.3.1(20180711.1)

Steps to Reproduce:

1. Choose one account and add it to Quick Access.

Expected Experience:

The selected account can be added to Quick Access successfully.

Actual Experience:

Fail to add the account to Quick Access.

[craxal]

Looked into it, and it looks like we're getting a bad decryption error when trying to read saved Quick Access data (we encrypt the data when in production mode). It's not clear why this is happening, though.

[kfasick]

Hi, I'm seeing Add to Quick Access not adding anything on Windows 1.4.0 20180803.3. The GUI/tree blinks and an expand icon to the left of Quick Access appears briefly than disappears.

[craxal]

Does refreshing the tree help at all?

[kfasick]

Thanks, @craxal, refreshing didn't make a difference.
I just quit, relaunched and have same 'blink' behavior. SAS attached, local emulator also do the same thing.

[craxal]

@kfasick I'm not sure if the error you're encountering is the same error as on Linux. I want to make sure your connections are decrypting properly.

First, do you get any error messages in the F12 dev console? If you launch Storage Explorer from the command line, do you get any error messages there as well?

Next, please follow these steps:

1. Hit F12 to open the developer tools. Hit Ctrl+P and enter QuickAccessManager.js.
2. Drop a breakpoint on the line that looks like this (about line 146):

   Debug.error(error_2);

3. Refresh the entire explorer tree. If the breakpoint is hit, please share the contents of the error_2 variable.

[kfasick]

name: "Error"
message: "error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt"
stack: "Error: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt↵    at Decipheriv.final (crypto.js:183:26)↵    at StringCrypto.decrypt (C:\Program Files (x86)\Microsoft Azure Storage Explorer\resources\app\node_modules\se-string-crypto\dist\StringCrypto.js:34:31)↵    at Object.<anonymous> (C:\Program Files (x86)\Microsoft Azure Storage Explorer\resources\app\out\app\renderer\common\TextEncrypter.js:35:56)↵    at step (C:\Program Files (x86)\Microsoft Azure Storage Explorer\resources\app\node_modules\tslib\tslib.js:133:27)↵    at Object.next (C:\Program Files (x86)\Microsoft Azure Storage Explorer\resources\app\node_modules\tslib\tslib.js:114:57)↵    at fulfilled (C:\Program Files (x86)\Microsoft Azure Storage Explorer\resources\app\node_modules\tslib\tslib.js:104:62)↵    at ZoneDelegate.invoke (C:\Program Files (x86)\Microsoft Azure Storage Explorer\resources\app\node_modules\zone.js\dist\zone-node.js:242:26)↵    at Zone.run (C:\Program Files (x86)\Microsoft Azure Storage Explorer\resources\app\node_modules\zone.js\dist\zone-node.js:113:43)↵    at C:\Program Files (x86)\Microsoft Azure Storage Explorer\resources\app\node_modules\zone.js\dist\zone-node.js:535:57↵    at ZoneDelegate.invokeTask (C:\Program Files (x86)\Microsoft Azure Storage Explorer\resources\app\node_modules\zone.js\dist\zone-node.js:275:35)↵    at Zone.runTask (C:\Program Files (x86)\Microsoft Azure Storage Explorer\resources\app\node_modules\zone.js\dist\zone-node.js:151:47)↵    at drainMicroTaskQueue (C:\Program Files (x86)\Microsoft Azure Storage Explorer\resources\app\node_modules\zone.js\dist\zone-node.js:433:35)↵    at ZoneTask.invoke (C:\Program Files (x86)\Microsoft Azure Storage Explorer\resources\app\node_modules\zone.js\dist\zone-node.js:349:25)↵    at args.(anonymous function) (C:\Program Files (x86)\Microsoft Azure Storage Explorer\resources\app\node_modules\zone.js\dist\zone-node.js:1497:25)↵    at _combinedTickCallback (internal/process/next_tick.js:131:7)"
__proto__: Object

[craxal]

That's what I was afraid of... Definitely an issue with decrypting connection info. OK, looks like we need to get to the bottom of this. Thank you for bringing this issue to us!

[craxal]

@v-xuanzh, @kfasick, I think I may have found the problem, but I'd like you to check something for me to be sure:

On Windows

1. Launch Credential Manager (click Start and search for Credential Manager).
2. Select the Windows Credentials tab.
3. Look for a key named "Micrososft_StorageExplorer/app" under Generic Credentials.

On Linux

1. Launch Passwords and Keys.
2. Select Passwords > Login. If the lock icon is locked, you'll have to enter your password to view.
3. Look for a key named "Micrososft_StorageExplorer/app" under Generic Credentials.

---

Did you find the key? If not, my fix should solve the problem, and we'll have it out in the next release.

If the key is in there...well, can you drop a breakpoint in the TextEncrypter.js file somewhere in the setItem function? We need to verify whether the encryption key stored in your system is correctly getting retrieved.

[kfasick]

@craxal I do not find a key in Windows Credentials with anything starting with "Microsoft_StorageExplorer*" - I think it should be after Microsoft.SqlTools* and before Microsoft_VS_LiveShare/* which are right next to each other. btw, further down I do have StorageExplorer_AddExternalCosmos* and StorageExplorer_CustomConnections* items.

[v-xuanzh]

I also didn't find the the key named 'Micrososft_StorageExplorer/app' on Windows and Linux.

[craxal]

Cool, thanks! So, there was an issue in the function that generates a new encryption key if an existing one isn't found. It should be fixed and out soon.

[JoranDox]

I'm here from #583, but I do find the key (though it might be a leftover from the 0.9 version, is there a way to check?)

TextEncrypter.js is resources/app/out/app/renderer/common/TextEncrypter.js, right?
I don't see a setItem function defined there, only called, is that what you mean, @craxal?

[craxal]

@JoranDox, yes that's what I meant. We found the issue in TextEncrypter.js and should have the fix out in the next version very soon. The problem was the function used to generate the encryption key returns a Promise<string> but we were trying to use it as a string.

[JoranDox]

Should 1.4.1 have fixed this? It's still the same for me: I get the login popup, I log in, get the authenticator popup on my phone, accept it, the extra popup goes away, and the
waiting for authentication box just keeps on spinning.

[craxal]

@JoranDox, we've also encountered this on Linux, but I'm not sure if we were able to determine the cause and address it. I, in particular, struggled with it several times until, for some unknown reason, it magically worked. I also know that the authentication folks we've been in touch with are working on a lot of issues.

Since this doesn't have anything to do with the posted issue here, if this continues to be a problem, please search for a matching issue or open a new one.

[JoranDox]

I opened an issue where they referred me to this one and then they closed mine, so idk what to do now.

…

On Mon, 10 Sep 2018, 6:00 pm Craig, ***@***.***> wrote: @JoranDox <https://github.com/JoranDox>, we've also encountered this on Linux, but I'm not sure if we were able to determine the cause and address it. I, in particular, struggled with it several times until, for some unknown reason, it magically worked. I also know that the authentication folks we've been in touch with are working on a lot of issues. Since this doesn't have anything to do with the posted issue here, if this continues to be a problem, please search for a matching issue or open a new one. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#535 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AG0kXbUnwvta-hlNsN8ab2tllHJVO6gyks5uZoyjgaJpZM4Vr-p7> .

[craxal]

#583? Let's continue the discussion from there.