gopass: Failed to decrypt on Firefox addon

➜  gopass list --flat | grep github.com
websites/github.com/
➜  gopass mounts
No mounts
➜  echo '{"type":"query", "query": "github"}' | ./test-client | gopass jsonapi listen
["websites/github.com/test"]
➜  echo '{"type":"getLogin","query":"websites/github.com/test"}' | ./test-client | gopass jsonapi listen
D{"error":"failed to get secret: Entry is not in the password store"}
➜  gopass websites/github.com/test # Pinentry is opened, error when pinentry cancelled. Works when pinentry completed successfully.
gpg: decryption failed: No secret key

Error: failed to retrieve secret 'websites/github.com/test': Failed to decrypt

My first suspicion was that something related to pinentry is not handled correctly by gopass jsonapi.

➜  export GOPASS_DEBUG=true
➜  gopass websites/github.com/test
[DEBUG] Root Store initialized with URL gpgcli-gitcli-fs+file:///Users/tng/.password-store
[DEBUG] fs.Exists(.gpg-id) - /Users/tng/.password-store/.gpg-id
[DEBUG] Store is already initialized
[DEBUG] fs.Isdir(websites/github.com/test) - /Users/tng/.password-store/websites/github.com/test -> false
[DEBUG] fs.Isdir(websites/github.com/test) - /Users/tng/.password-store/websites/github.com/test -> false
[DEBUG] fs.Exists(websites/github.com/test.gpg) - /Users/tng/.password-store/websites/github.com/test.gpg
[DEBUG] fs.Get(websites/github.com/test.gpg) - /Users/tng/.password-store/websites/github.com/test.gpg
[DEBUG] gpg.Decrypt: /usr/local/bin/gpg [/usr/local/bin/gpg --quiet --yes --compress-algo=none --no-encrypt-to --no-auto-check-trustdb --decrypt]
# Pinentry is opened and successfully completed
[DEBUG] decodeKV() - simple KV
# Secret is correctly decoded and printed

➜  echo '{"type":"getLogin","query":"websites/github.com/test"}' | ./test-client | gopass jsonapi liste
[DEBUG] Root Store initialized with URL gpgcli-gitcli-fs+file:///Users/tng/.password-store
[DEBUG] fs.Exists(.gpg-id) - /Users/tng/.password-store/.gpg-id
[DEBUG] Store is already initialized
[DEBUG] fs.Get(.gpg) - /Users/tng/.password-store/.gpg
[DEBUG] File .gpg not found: open /Users/tng/.password-store/.gpg: no such file or directory
D{"error":"failed to get secret: Entry is not in the password store"}

➜  echo '{"type":"getLogin","entry":"websites/github.com/test"}' | ./test-client | gopass jsonapi listen
[DEBUG] Root Store initialized with URL gpgcli-gitcli-fs+file:///Users/tng/.password-store
[DEBUG] fs.Exists(.gpg-id) - /Users/tng/.password-store/.gpg-id
[DEBUG] Store is already initialized
[DEBUG] fs.Get(websites/github.com/test.gpg) - /Users/tng/.password-store/websites/github.com/test.gpg
[DEBUG] gpg.Decrypt: /usr/local/bin/gpg [/usr/local/bin/gpg --quiet --yes --compress-algo=none --no-encrypt-to --no-auto-check-trustdb --decrypt]
# Pinentry is opened and successfully completed
[DEBUG] decodeKV() - simple KV
# Secret is correctly decoded and returned as JSON

So one problem here actually is that gopass jsonapi listen will use an empty string when the "entry" or "host" key is missing from the message, which made debugging this issue a bit confusing.

@kleewho Could you please try the debugging command again with '{"type":"getLogin","entry":"github.com"}' instead of '{"type":"getLogin","query":"github.com"}'? And if you still see the same error, could you please run it with export GOPASS_DEBUG=true and take a look at the log output? You can also post some of the debug logs here, but please check that there is not any sensitive information in them, that you might want to keep private. It might also be helpful to try these commands with GOPASS_DEBUG=true:

• gopass list --flat
• echo '{"type":"queryHost","host":"github.com"}' | ./test-client | gopass jsonapi listen
• echo '{"type":"query","query":"github.com"}' | ./test-client | gopass jsonapi listen
• echo '{"type":"getLogin","entry":"github.com"}' | ./test-client | gopass jsonapi listen

There is also some documentation here for the commands: https://github.com/gopasspw/gopass/blob/master/docs/jsonapi.md