Android-Password-Store
Android-Password-Store copied to clipboard
android-password-store
[BUG] Keeps asking for password when doing git operations after device lock status changed
Describe the bug
After removing the device lock (and re-enabling it later), the app asks for password to perform git operations, but nothing works -- I tried my device PIN, GPG key password and even a few other potential passwords.
The error message says problem getting private key from com.zeapo.pwdstore.git.sshj.SshKey$.
IIRC, the ssh key was protected by fingerprint.
To Reproduce Steps to reproduce the behavior:
- Set up the repo, using ssh to authenticate (generate a new ssh key pair, and set it up on the git server, github)
- Go to Android's device security settings, remove device protection (PIN and fingerprint)
- Re-enable the device lock (Maybe optional, not tested)
- Go to PasswordStore
- Perform any git operation (e.g. "synchronize repository")
Expected behavior Ask for fingerprint, and pass when fingerprint matches.
Screenshots
Device information (please complete the following information):
- Device: OnePlus 6
- OS: BlissROM 12.12, Android 10
- App version: 1.13.4
Additional context It started to happen before this version. Maybe this existed long ago.
While the error message we show is terrible, fingerprint protected credentials are irrecoverably lost after turning off the device lock.
Can you create a new key via the UI?
Thanks for the quick response. I managed to do that with two attempts.
That's a confusing procedure too. In the first time I tried it, it says failed to delete the old ssh entry (after confirming my fingerprint for the new key). However, in my second attempt, it succeeds without complaining anything.
Okay, we definitely need to handle this better. Unfortunately Keystore failures are not reported uniformly across devices, but we can at least do a bit better here.
I got the same error, so I tried to regenerate an SSH key pair. However, when I select "Protect with screen lock credential" I get this error:
Error while trying to generate the ssh-key Message : the master key android-keystore://sshkey exists but is unusable
Should I create an additional issue for that?
I got the same error, so I tried to regenerate an SSH key pair. However, when I select "Protect with screen lock credential" I get this error:
Error while trying to generate the ssh-key Message : the master key android-keystore://sshkey exists but is unusable
Should I create an additional issue for that?
No that's similarly related, it can be rolled into this issue.
Note for myself: The exception is thrown here.
The issue appears to be that KeyStore#deleteEntry being called here doesn't appear to actually be deleting the entry, resulting in the persistent "Master key exists but cannot be used" errors. Generating a new key should trash the existing one, but that assumption fails because the framework does not perform the deletion as expected. I haven't found any workaround so far, but have reached out to friends in the developer community for their inputs.
I've just encountered the same problem. Couldn't unlock my SSH key (same error message as above), tried to delete and recreate my SSH key, and am stuck with the same "master key android-keystore://sshkey exists but is unusable" error message. :/
Is there any news on this? Or at least some kind of workaround?
I've just encountered the same problem. Couldn't unlock my SSH key (same error message as above), tried to delete and recreate my SSH key, and am stuck with the same "master key android-keystore://sshkey exists but is unusable" error message. :/
Is there any news on this? Or at least some kind of workaround?
There is no news on this. The only way to fix this appears to be reinstalling the app from scratch.
In case you have passwords that only exist in the app and want to sync them, you can export the entire repository as-is to a directory on your device storage. Then, pull that to your PC, and run pass git pull /path/to/exported/folder <repository branch> to import any commits that were made in the app and not pushed to the remote Git repo.
I'll try to investigate again tonight and see if anything has changed that would allow us to fix this.
Hi, I had similar authentication issues on iOS and in fact Github already informed a year ago all developers that they'll be changing the way clients credential validate.. It turns out to be using the Personal Access Token MethodGithub.com API. It must be all repo Access allowed in autorization plan. Then replace the login password credential with generated token and its fine to synchronize with the repo This is safe to use it on all device, just save Your Token in a safe place
Hi, I had similar authentication issues on iOS and in fact Github already informed a year ago all developers that they'll be changing the way clients credential validate.. It turns out to be using the Personal Access Token MethodGithub.com API. It must be all repo Access allowed in autorisation plan. Then replace the login password credential with generated tkn and its fine to synchronise with the repo
Thanks for letting us know @b23prodtm, unfortunately that doesn't apply to this specific issue.
Thanks for your advice I'm using Android yet and it's definitely that issue I'm pointing out 😊
There's been no upstream updates on this and there's no way I know of to fix this in the app, so I'm going to go ahead and close this. If someone finds a fix, please let me know.
I hit this issue again today and managed to nail it down to this exception from the platform. If a user has not used their biometric authentication in some time the key retrieval is deemed unsafe and fails. In this situation we should be inspecting the returned error and triggering a biometric prompt in-app.
Nevermind, that was actually a regression in @Skrilltrax's SSH refactor branch and not something broken in our main development tree.