Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Request passwords from locked database with secret service #5287

Closed
mufeedali opened this issue Aug 18, 2020 · 3 comments
Closed

Request passwords from locked database with secret service #5287

mufeedali opened this issue Aug 18, 2020 · 3 comments
Labels
feature: Secret Service

Comments

@mufeedali
Copy link

Overview

When an application requests passwords from a locked database, there is currently no prompt for unlocking the database. It will simply fail. (eg: VSCode's Github login)

Steps to Reproduce

  1. Lock the KeePassXC database.
  2. Open an application that will request a secret from KeePassXC's secret service.

Expected Behavior

KeePassXC asks me to unlock the database and the application works normally. (as with GNOME Keyring for example)

Actual Behavior

There is no prompt for unlocking the database and the login fails in the application.

Context

KeePassXC - Version 2.6.0
Revision: 0765954

Qt 5.15.0
Debugging mode is disabled.

Operating system: Arch Linux
CPU architecture: x86_64
Kernel: linux 5.8.1-arch1-1

Enabled extensions:

  • Auto-Type
  • Browser Integration
  • SSH Agent
  • KeeShare (signed and unsigned sharing)
  • YubiKey
  • Secret Service Integration

Cryptographic libraries:
libgcrypt 1.8.6

Desktop Env: Plasma 5.19
Windowing System: X11
@mufeedali mufeedali added the bug label Aug 18, 2020
@mufeedali
Copy link
Author

mufeedali commented Aug 19, 2020
edited
Loading

Quoting @jkloetzke in #4733:

BTW, the other related feature to unlock the database when a client searches for secretes seems to be not implementable at all. The DBus API assumes that the attributes are stored unencrypted and the items can always be found. The API is missing the possibility to show a prompt on search.

So, this might be impossible.

@stop5
Copy link

stop5 commented Oct 5, 2020

I searched the internet and its possible.
The SearchItems method allows the listing of unlocked AND locked keyrings.
Currently Keepassxc removes the so called collection when locking the database, but to allow the requests keepassxc needs to add the database to the locked collection.

@mufeedali
Copy link
Author

Currently Keepassxc removes the so called collection when locking the database, but to allow the requests keepassxc needs to add the database to the locked collection.

From what I understand, the issue is that the KeePass database is locked in its entirety, including the item attributes that the SecretService client searches for. Furthermore, the API has no way to wait for authentication when searching for items. So, it's technically impossible.

I'm closing this because it's a duplicate of #4443. There's better discussion there.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature: Secret Service
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@droidmonkey @stop5 @mufeedali