Commander icon indicating copy to clipboard operation
Commander copied to clipboard
verified publisher icon Keeper-Security

Incorrect decryption of team key

Open EFMH opened this issue 1 year ago • 8 comments

When starting Keeper Commander, the application shows a error message:

"Could not decrypt team @@@ key:"

Where @@@ is the ID of a team defined in Keeper. The error occurs in function sync_down in file sync_down.py (e6b04e3c, commit ID 850fe99856d02ae5da832a6f680d0d34aa84cea6), lines 691-693, with the exception occurring in line 694.

EFMH avatar Feb 25 '25 11:02 EFMH

I'm experiencing the same issue.

nikolay avatar Apr 04 '25 11:04 nikolay

The Commander is a bearer of bad news here. This team can be recreated if it is easy to do. (the team does not have too many users and/or not used on many shared folders) The team reporting this issue is totally fine at the moment. The broken area is a part of the future functionality.

sk-keeper avatar Apr 04 '25 21:04 sk-keeper

@sk-keeper No, it is the bad news. Everything works except Commander, i.e. it is the problem, not the account's state.

nikolay avatar Apr 04 '25 21:04 nikolay

Other clients do not warn you about this issue. Commander works just fine with teams like this

Syncing...
Could not decrypt team TJU9UU06iWOp1QrNfJGfNQ key: 

My Vault> ei -t
Team Uid                Name       Restricts    Node                   User Count
----------------------  ---------  -----------  -------------------  ------------
TJU9UU06iWOp1QrNfJGfNQ  Test Team               Keeper Security                 3

My Vault> lt
  #  Company          Team UID                Name
---  ---------------  ----------------------  ---------
  1  Keeper Security  TJU9UU06iWOp1QrNfJGfNQ  Test Team

My Vault> eu --add-team=TJU9UU06iWOp1QrNfJGfNQ 435393719697487
[email protected] added to team 'Test Team'  

My Vault> share-folder --email=TJU9UU06iWOp1QrNfJGfNQ --manage-users=on --manage-records=on 4bZyhAkOjpooklcFEQMOcA
My Vault> get 4bZyhAkOjpooklcFEQMOcA

        Shared Folder UID: 4bZyhAkOjpooklcFEQMOcA
                     Name: Shared Folder
   Default Manage Records: False
     Default Manage Users: False
         Default Can Edit: False
        Default Can Share: False

         Team Permissions:
                Test Team: Can Manage Users & Records

sk-keeper avatar Apr 04 '25 22:04 sk-keeper

Well, the team could be fine, but this warning is breaking the output. For example a keeper get format=json whatever would output an invalid json because of this error in the first line, also if the json itself is well formed. We have an internal tool executing a command like this one and I had to clean the cli output before parsing it, because it corrupted everything. If this is an issue coming from a future functionality, please use features flag, or whatever you want, but do not corrupt existing tools

lucabartoli avatar Apr 14 '25 13:04 lucabartoli

@lucabartoli That is a valid point. This warning should be logged as INFO not WARNING. It will be fixed in the next Commander release. Thank you

sk-keeper avatar Apr 14 '25 17:04 sk-keeper

Seeing the same issue here and the erroneous output is breaking our tool that uses the Keeper Commander via CLI.

Fix would be greatly appreciated. Thank you!

ronindesign avatar Apr 19 '25 01:04 ronindesign

Commander 17.0.15 has been released. It suppresses this warning in a non-interactive mode.

sk-keeper avatar Apr 19 '25 19:04 sk-keeper