Firefox + Ubuntu "Failed to get secret: unable to decrypt"

[torfmaster]

When I try to do decrypt a secret in Firefox I get the error message: "Failed to get secret: unable to decrypt".

My setup is:

• ubuntu 18.04
• gopass 1.8.6 (d5b0d3b906cdd9f16ad3f21e366845af7f2c22f3) go1.12.7 linux amd64
• gopassbridge 0.7.0
• Firefox 78.0

However, I am unable to get detailed error messages of gopass related of this error.

[Pharb]

Hi @torfmaster,

thanks for raising this issue.

Is it correct to assume, that gopass on your terminal works without issue?

Did you follow the steps to setup the gopass jsonapi without errors? https://github.com/gopasspw/gopass/blob/master/docs/setup.md#filling-in-passwords-from-browser

Are you asked for pinentry/passphrase when activating gopassbridge in Firefox?

[Pharb]

Also maybe try to restart your gpg-agent, it seems to help sometimes: https://github.com/gopasspw/gopassbridge/issues/152#issuecomment-658337911

[torfmaster]

Is it correct to assume, that gopass on your terminal works without issue?

Yes.

Did you follow the steps to setup the gopass jsonapi without errors? https://github.com/gopasspw/gopass/blob/master/docs/setup.md#filling-in-passwords-from-browser

Yes.

Are you asked for pinentry/passphrase when activating gopassbridge in Firefox?

No, it fails rightaway.

Also maybe try to restart your gpg-agent, it seems to help sometimes: #152 (comment)

This doesn't help, unfortunately.

[doronbehar]

Hey, I'm experience a perhaps similar issue with Gnome + Wayland and firefox with MOZ_ENABLE_WAYLAND=1 set.

Here are steps to reproduce:

1. Start a Gnome Wayland session (it could be that other wayland based WM will work).
2. Start a terminal that works natively with Wayland - such as gnome-terminal.
3. Run from that terminal the command env MOZ_ENABLE_WAYLAND=1 firefox.
4. Go to about:support
5. Use Ctrl-F and search for "Window Protocol" to make sure native Wayland support is used - it should say wayland/drm See Arch Wiki article.
6. Now try to use gopass' Web extension.

A note on step 1: I just switched to using Wayland for my Gnome session and it occurred to me that I had to clear all dconf settings in order for it to launch - see this thread.

On the other hand, what's very peculiar, is that if you'll run a gopass command from a terminal with native wayland support such as gnome-terminal, Pinentry launches just fine.

A further note on my attempts to debug this:

I don't know if it's strictly a gopass issue. It might be due to how pinentry is launched by gpg, when gpg is being run from a wayland application? IDK, it's so complicated!

In the meantime, I ran into this which might be worth trying, not necessarily directly - perhaps not everything there is needed.

I'm still investigating and I'll update if I'll find anything else.

[doronbehar]

Oh and I forgot to say I tested it against the latest and greatest gopass version 1.10.0, both the gopass and the new gopass-jsonapi binaries were used together.

[doronbehar]

I opened an issue upstream since I was able to reproduce this without gopass at all - only Gnome + Wayland and gpg:

https://dev.gnupg.org/T5036

[doronbehar]

I take some of my words back - using or not using MOZ_ENABLE_WAYLAND=1 doesn't make a difference if Firefox is launched by Gnome and not gnome-terminal.

[doronbehar]

@torfmaster according to my successful investigaton with upstream at https://dev.gnupg.org/T5036, indeed this is a bug that should be fixed in the upcoming gnupg 2.2.20 version. Could you please report what GnuPG version are you using? I'd be happy to help you fix it on your machine.

[nexx512]

Is this the same issue as #182? In my case the error message mentioned here is the same I had with the issue described in #182. Updateing gpg to 2.2.19 however didn't work for me. Despite that installing gpg pinentry without gnome3 support solved the issue. It now works with the gtk2 pinentry dialog.