Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Ask user to confirm generated passphrase before invocing pinentry #3035

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix: Ask user to confirm generated passphrase before invocing pinentry #3035

wants to merge 1 commit into from

Conversation

dominikschulz
Copy link
Member

This is to avoid users not seeing their generated password if using e.g. pinentry curses UI.

Fixes #3030

@dominikschulz
fix: Ask user to confirm generated passphrase before invocing pinentry
528aeef 
This is to avoid users not seeing their generated password if using e.g.
pinentry curses UI.

Fixes gopasspw#3030

Signed-off-by: Dominik Schulz <[email protected]>
@dominikschulz dominikschulz added the ux User experience / User Interface related label Jan 12, 2025
@dominikschulz dominikschulz added this to the 1.15.16 milestone Jan 12, 2025
AnomalRoil
AnomalRoil reviewed Jan 13, 2025
View reviewed changes
internal/action/setup.go

// Prompt to confirm that the user noted their passphrase
if want, err := termio.AskForBool(ctx, "Did you save your passphrase?", true); err != nil || !want {
return fmt.Errorf("user did not confirm saving the passphrase: %w", err)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note that not confirming here would still cause the identity file to have been written in step on Line 184, but not in a useable way: gopass will still consider itself not properly initialized, and next time you run the setup, you will be prompted for that old passphrase that was generated during the failed setup between the steps

$ gopass setup --crypto age
🌟 Welcome to gopass!
🌟 Initializing a new password store ...
<PROMPT FOR THAT PASSPHRASE>
🔐 No useable cryptographic keys. Generating new key pair
<...>

which is a somewhat weird edge case. I don't have a good solution, but maybe we should delete the identity file in case it failed to setup? That shouldn't cause issues for a fully initialized store since these won't even let user go through setup again.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds like a good idea. Let me add that to this PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AnomalRoil AnomalRoil AnomalRoil left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
ux User experience / User Interface related
Projects
None yet
Milestone
1.15.16
Development

Successfully merging this pull request may close these issues.

gopass setup --crypto age conceals generated passphrase, making setup impossible
2 participants
@dominikschulz @AnomalRoil