bug: blocking the whole computer in some cases

J Rt jean.rblt at gmail.com
Sun Jun 28 18:49:20 CEST 2020


> well, pass knows the decrypt failed, so it could ask the user whether it
> should go on to the next file after N failures.

I was bitten again by this today. I wrongly typed a pass grep (I
wanted to write a pass | grep), and then I had to click maaaany times
cancel when pass asked me to insert my gpg smartcard (which I did not
want to do) before I got my computer back. Would be great that when
the user decides to cancel insertion of a smartcard / decryption of a
key, the user is not asked again in the course of the same command to
perform the same insertion / decryption.

On Wed, Apr 1, 2020 at 12:55 PM Kjetil Torgrim Homme
<kjetil.homme at redpill-linpro.com> wrote:
>
> On 01/04/2020 12.20, Lenz Weber wrote:
> > The "asking" is done by gpg, pass has no way to check (or prevent) if
> > any asking is done.
>
>
> > On 4/1/20 12:17 PM, J Rt wrote:
> >> Ok, makes sense.
> >>
> >> A 'more sophisticated' way would be to ask only once per key /
> >> smartcard. But I guess this may be too much hazzle to implement
> >> compared with the gain.
> >>
> >> On Wed, Apr 1, 2020 at 12:10 PM Björn Fries <passlist at oern.de> wrote:
> >>> Am 01.04.20 um 11:41 schrieb J Rt:
> >>>> - I am using a smartcard for holding my private GPG key
> >>> same here
> >>>
> >>>> - when calling pass grep without the card, my system is blocked, I can
> >>>> do nothing to exit.
> >>>> - both clicking ok and cancel in the question box asking if I can
> >>>> insert smartard do not help.
> >>> 'pass grep' opens every encrypted file to look for the searched pattern.
> >>> pass doesn't know you use a smartcard for your private key. Every time
> >>> you cancel the question box, pass invokes gpg for the next file and gpg
> >>> asks again for your card.
> >>>
> >>>> - by contrast when doing a pass show for example without the card,
> >>>> choosing cancel on the box asking to insert the card aborts and I get
> >>>> my system back.
> >>> Because pass then only invokes gpg once.
> >>>
> >>> Perhaps pass grep should stop after the first failure to decrypt a file,
> >>> but I think this would be wrong, as it could be intented that in a
> >>> shared passwordstore some files are not encrypted for a part of the
> >>> different users.
> >>>
> >>> I would say [WONTFIX].
>
>
> --
> Kjetil T. Homme
> Redpill Linpro - Changing the Game


More information about the Password-Store mailing list