Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vault gets wiped on startup when using pass #470

Open
beauby opened this issue Mar 28, 2024 · 3 comments · May be fixed by #486
Open

Vault gets wiped on startup when using pass #470

beauby opened this issue Mar 28, 2024 · 3 comments · May be fixed by #486

Comments

@beauby
Copy link

beauby commented Mar 28, 2024

Using pass on Linux, the vault gets wiped when starting proton-bridge (bridge -c) if the gpg key is not unlocked (the key has a passphrase):

WARN[Mar 28 17:05:26.856] Failed to get test credentials from keychain  error="exit status 2: gpg: public key decryption failed: No such file or directory\ngpg: decryption failed: No such file or directory\n" helper="*pass.Pass"
WARN[Mar 28 17:05:26.948] Failed to load existing vault, vault has been reset  error="failed to decrypt vault: cipher: message authentication failed"
WARN[Mar 28 17:05:26.953] The vault is corrupt and has been wiped

Expected Behavior

Gracefully fail, or prompt to unlock.

Current Behavior

Wipe out the vault.

Possible Solution

Steps to Reproduce

  1. Set up pass with passphrase-protected gpg key
  2. Run bridge -c

Version Information

3.10.0

Context (Environment)

Detailed Description

Possible Implementation
@zwets
Copy link

zwets commented Mar 29, 2024
edited

A big +1 on this issue. It has happened a few times that I either dismissed the GPG password dialog box or waited too long to fill it in (apparently there is a timeout).

What happens then is that I lose everything and need to set up bridge all over again: settings, accounts, client-side passwords, followed by the long and costly re-download of my whole mailbox.

I would be very happy if this were fixed!

@deiKruve
Copy link

deiKruve commented Apr 9, 2024

I use thefollowing sequence on Debian:

pass xxx

This will ask for the passphrase and give the key. It opens the database. The database seems to stay open for a limited time.
Thereafter I can start bridge without a problem.

protonmail-bridge --cli

j.

@JonathanReeve
Copy link

This is a big problem, since whenever the vault gets wiped, I have to do this:

  1. Check the CLI for a new password
  2. Edit the password in pass with the new password, for IMAP
  3. Do the same for SMTP
  4. Export the new cert.pem key
  5. Move the key to the location where my mail agent (isync/mbsync) is configured to find it
  6. Wait for a large sync operation to sync all my mail over again
  7. Trash my whole maildir folder, since the UID validity has now changed, and mbsync won't sync any more
  8. Recreate the maildir

@kira-bruneau kira-bruneau linked a pull request Jul 23, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Dont wipe vault on decryption errors kira-bruneau/proton-bridge
4 participants
@zwets @JonathanReeve @beauby @deiKruve