-
-
Notifications
You must be signed in to change notification settings - Fork 125
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PINs that contain '%' will not work / setup.go and main.go use different methods to get the PIN #61
Comments
Now that gopasspw/gopass#1621 was solved, this will be easily solved once we'll release v1.11.1 of Gopass by simply doing: pinentry.Unescape = true
if _, err := exec.LookPath(pinentry.GetBinary()); err != nil {
log.Fatalf("PIN entry program %q not found!", pinentry.GetBinary())
} |
Nice, thanks! 👍 |
wbonis
pushed a commit
to styliteag/yubikey-agent
that referenced
this issue
Jul 26, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
thanks a lot for this great project. I just got new yubikeys and moved my new SSH keys to them using Yubikey-agent! While doing this I stumbled across a subtle issue though:
Right now setup.go uses
terminal.ReadPassword
while main.go usesgithub.com/gopasspw/gopass/pkg/pinentry
.The gopass pinentry communication code unfortunately has a subtle bug that replaces all
%
signs with%25
(see gopasspw/gopass#1621).Due to this bug and the different implementations it's possible to create a PIN with a
%
sign during setup which will then be incorrectly read as%25
from pinentry when the agent is running in the background. This will then result in strange "agent refused operation" errors when using ssh.The unescaping should probably be fixed in
gopass/pkg/pinentry
but I believe both setup.go and main.go should use the same method to request the PIN for consistency. If they had used the same method the failure would've already occurred during setup (because my PIN would've been > 8 chars) and it would've been a little bit easier to track this down.If you agree I can create a PR to unify the get pin logic in main.go and setup.go on the weekend.
The text was updated successfully, but these errors were encountered: