[cleanup] Add better logging in case no owner key is found (#2748)

* [cleanup] Add better logging in case no owner key is found See gopass-jsonapi#118 Signed-off-by: Dominik Schulz <[email protected]> * Add warning if owner key is not trusted Signed-off-by: Dominik Schulz <[email protected]> * Reword comment Signed-off-by: Dominik Schulz <[email protected]> --------- Signed-off-by: Dominik Schulz <[email protected]>
gopasspw · Dec 28, 2023 · b2b61b2 · b2b61b2
1 parent 6788038
commit b2b61b2
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/internal/store/leaf/recipients.go b/internal/store/leaf/recipients.go
@@ -270,7 +270,8 @@ func (s *Store) ensureOurKeyID(ctx context.Context, rs []string) []string {
 // OurKeyID returns the key fingprint this user can use to access the store
 // (if any).
 func (s *Store) OurKeyID(ctx context.Context) string {
-	for _, r := range s.Recipients(ctx) {
+	recp := s.Recipients(ctx)
+	for _, r := range recp {
 		kl, err := s.crypto.FindIdentities(ctx, r)
 		if err != nil || len(kl) < 1 {
 			continue
@@ -279,6 +280,9 @@ func (s *Store) OurKeyID(ctx context.Context) string {
 		return kl[0]
 	}
 
+	debug.Log("WARNING: no owner key found in %v", recp)
+	out.Warning(ctx, "No owner key found. Make sure your key is fully trusted.")
+
 	return ""
 }
 

diff --git a/internal/store/leaf/write.go b/internal/store/leaf/write.go
@@ -33,6 +33,11 @@ func (s *Store) Set(ctx context.Context, name string, sec gopass.Byter) error {
 	// make sure the encryptor can decrypt later
 	recipients = s.ensureOurKeyID(ctx, recipients)
 
+	// we can not encrypt without recipients
+	if len(recipients) < 1 {
+		return fmt.Errorf("no useable recipients for %q. can not encrypt without recipients.", name)
+	}
+
 	ciphertext, err := s.crypto.Encrypt(ctx, sec.Bytes(), recipients)
 	if err != nil {
 		debug.Log("Failed encrypt secret: %s", err)