-
-
Notifications
You must be signed in to change notification settings - Fork 491
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Check all the keys in .gpg-id are valid before adding a new key #1918
Comments
This is similar to #1917 (comment) , here the field 7 should do the trick |
We should at least support using an expired key to add a new recipients. Todo:
Somewhat related to #2015 too. |
dominikschulz
added a commit
to dominikschulz/gopass
that referenced
this issue
Dec 23, 2022
Fixes gopasspw#1918 RELEASE_NOTES=[ENHANCEMENT] Check recipients before adding a new one. Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
6 tasks
dominikschulz
added a commit
that referenced
this issue
Dec 24, 2022
* Check existing recipients before trying to add a new one Fixes #1918 RELEASE_NOTES=[ENHANCEMENT] Check recipients before adding a new one. Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org> * Add test for CheckRecipients with an invalid key. Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org> * Add custom error type and a better error message. Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org> * Initialize InvalidRecipientsError Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org> * Skip CheckRecipients tests on Windows Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary
There are two things here:
gopass recipients add --store <store> <user_id>
the secrets will be re-encrypted for every key in.gpg-id
. If one of this keys is expired the encryption will fail..gpg-id
even though it can't decrypt anything, runninggopass fsck
won't fix the issue.Steps To Reproduce
I had this issue with a key that actually expired, I suppose these steps can reproduce the issue:
Expected behavior
A nice error message saying that one of the keys is expired, and user intervention is necessary. Either the key has to be removed from the password store, or the owner of the key has to update the expiration.
Environment
Additional context
The text was updated successfully, but these errors were encountered: