[pass] bug: Pass does not handle GPG errors

Víctor Cuadrado Juan me at viccuad.me
Thu Sep 17 23:53:20 CEST 2015


As said in Debian's bug #739780[1]:

When inserting or generating a new password, pass does not check whether the
call to gpg to store the encrypted password actually succeeds. If GPG fails,
the exit code of pass is 0, and in case you generate a new password, the
generated password is still printed on the screen or copied to the
clipboard.
The problem is of course that you think you have stored the password, but in
reality it is lost.

[guus at haplo]~>pass generate -c test 10
gpg: please do a --check-trustdb
gpg: 1234ABCD: There is no assurance this key belongs to the named user
gpg: [stdin]: encryption failed: Onbruikbare publieke sleutel
Copied test to clipboard. Will clear in 45 seconds.
[guus at haplo]~>echo $?
0

In case GPG fails, pass should NOT return a password and the exit code
should
be non-zero. Also, in case the --clip option is used, pass should clear the
clipboard before doing anything else, to ensure that in case of an
error, the
clipboard does not contain any other contents from before pass was called.


[1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739780


-- 
Víctor

--
E-Mail: <me at viccuad.me>, OpenPGP-Key-ID: 0xA2591E231E251F36
Key fingerprint: E3C5 114C 0C5B 4C49 BA03  0991 A259 1E23 1E25 1F36
My signed E-Mails are trustworthy.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20150917/af0851ab/attachment.asc>


More information about the Password-Store mailing list