Comments (12)
gabriel
commented on June 6, 2024
3
OK I figured out the issue... in homebrew the fido2.so that I was loading is causing an issue with gatekeeper.
I released a new (pre-)release v0.0.41, which should resolve this error.
If you run brew upgrade keys it should fix the issue.
from keys.
gabriel
commented on June 6, 2024
It's ok if you delete any files in Application Support/Keys... keys, secrets and auth are stored in the keyring and aren't affected by that. (ca.pem will actually be re-created automatically if not present.)
Are you sure you are entering the same password you used when you created your password?
(If you want to fully remove you can do keys uninstall which will tell you how to reset your keyring. If you reset fully that way you lose any keys but you are in a "fresh" uninstalled state.)
from keys.
gabriel
commented on June 6, 2024
Oh interesting, you had a keyring error:
The user name or passphrase you entered is not correct. (-25293)
Yeah that doesn't seem right. Let me research that error code.
from keys.
gabriel
commented on June 6, 2024
There might be a quirk with the keychain, found this to try:
"It might be worth opening up Keychain Access, clicking on the lock icon at top left to lock the keychain, and then clicking again to unlock. This has sometimes jogged the keychain out of a stuck state..."
If that doesn't work, let me know?
from keys.
gabriel
commented on June 6, 2024
BTW, what version macOS are you?
from keys.
karan
commented on June 6, 2024
Ok so I locked and unlocked the keychain and tried the following:
$ keys uninstall
Uninstalled "Keys".
Run `keysd -reset-keyring` to remove keyring items.
$ keysd -reset-keyring
Are you sure you want to reset the app and remove keys?
If so enter this phrase: behind mobile remind marine knock area
behind mobile remind marine knock area
Keyring reset.
$ keys auth
OK, let's create a password.
Create a password:
Re-enter the password:
$ keys generate
<$KID>
$ keys list
The user name or passphrase you entered is not correct. (-25293)
Some keysd logs:
time="2020-05-07T18:55:17.235626-07:00" level=info msg="Version: 0.0.39 fa25a4ec201c3ceaafbc7add19751e72df2ce505 2020-05-05T22:22:26Z"
time="2020-05-07T18:55:17.235702-07:00" level=info msg="Log level: info"
time="2020-05-07T18:55:17.236141-07:00" level=info msg="Keyring (default)"
time="2020-05-07T18:55:17.236182-07:00" level=info msg="Keyring, using keychain"
time="2020-05-07T18:55:17.27528-07:00" level=info msg="Found certificate in keyring"
time="2020-05-07T18:55:17.275463-07:00" level=info msg="Saving certificate PEM /Users/karan/Library/Application Support/Keys/ca.pem"
time="2020-05-07T18:55:17.292434-07:00" level=info msg="Registering Keys service..."
time="2020-05-07T18:55:17.385549-07:00" level=info msg="Registering FIDO2 plugin..."
time="2020-05-07T18:55:17.385624-07:00" level=info msg="Listening for connections on port 22405"
time="2020-05-07T18:55:17.700916-07:00" level=info msg="Authorization is not required for /service.Keys/RuntimeStatus"
time="2020-05-07T18:55:17.709836-07:00" level=info msg="Runtime status, version:\"0.0.39\" appName:\"Keys\" exe:\"/usr/local/Cellar/keys/0.0.39/bin/keysd\" authSetupNeeded:true fido2:true "
time="2020-05-07T18:55:17.709965-07:00" level=info msg="finished unary call with code OK" grpc.code=OK grpc.method=RuntimeStatus grpc.service=service.Keys grpc.start_time="2020-05-07T18:55:17-07:00" grpc.time_ms=9.117 peer.address="127.0.0.1:55316" span.kind=server system=grpc
time="2020-05-07T18:55:17.711611-07:00" level=info msg="Authorization is not required for /service.Keys/RuntimeStatus"
time="2020-05-07T18:55:17.712801-07:00" level=info msg="Runtime status, version:\"0.0.39\" appName:\"Keys\" exe:\"/usr/local/Cellar/keys/0.0.39/bin/keysd\" authSetupNeeded:true fido2:true "
time="2020-05-07T18:55:17.712867-07:00" level=info msg="finished unary call with code OK" grpc.code=OK grpc.method=RuntimeStatus grpc.service=service.Keys grpc.start_time="2020-05-07T18:55:17-07:00" grpc.time_ms=1.297 peer.address="127.0.0.1:55316" span.kind=server system=grpc
time="2020-05-07T18:55:19.338135-07:00" level=info msg="Authorization is not required for /service.Keys/AuthSetup"
time="2020-05-07T18:55:19.338209-07:00" level=info msg="Auth setup..."
time="2020-05-07T18:55:19.339393-07:00" level=info msg=Unlock
time="2020-05-07T18:55:19.50275-07:00" level=info msg=Unlocked
time="2020-05-07T18:55:19.502932-07:00" level=info msg="Opening db..."
time="2020-05-07T18:55:19.503005-07:00" level=info msg="LevelDB at /Users/karan/Library/Application Support/Keys/keys.leveldb"
time="2020-05-07T18:55:19.55264-07:00" level=info msg="Updating keys..."
time="2020-05-07T18:55:19.554105-07:00" level=info msg="finished unary call with code OK" grpc.code=OK grpc.method=AuthSetup grpc.service=service.Keys grpc.start_time="2020-05-07T18:55:19-07:00" grpc.time_ms=216.037 peer.address="127.0.0.1:55316" span.kind=server system=grpc
time="2020-05-07T18:55:19.554526-07:00" level=info msg="Checking keys..."
time="2020-05-07T18:55:52.75006-07:00" level=info msg="Authorization is not required for /service.Keys/RuntimeStatus"
time="2020-05-07T18:55:52.762069-07:00" level=info msg="Runtime status, version:\"0.0.39\" appName:\"Keys\" exe:\"/usr/local/Cellar/keys/0.0.39/bin/keysd\" fido2:true "
time="2020-05-07T18:55:52.762147-07:00" level=info msg="finished unary call with code OK" grpc.code=OK grpc.method=RuntimeStatus grpc.service=service.Keys grpc.start_time="2020-05-07T18:55:52-07:00" grpc.time_ms=12.134 peer.address="127.0.0.1:55325" span.kind=server system=grpc
time="2020-05-07T18:55:52.763436-07:00" level=info msg="Authorize /service.Keys/KeyGenerate"
time="2020-05-07T18:55:52.763552-07:00" level=info msg="Generating EdX25519 key..."
time="2020-05-07T18:55:52.801878-07:00" level=info msg="finished unary call with code OK" grpc.code=OK grpc.method=KeyGenerate grpc.service=service.Keys grpc.start_time="2020-05-07T18:55:52-07:00" grpc.time_ms=38.466 peer.address="127.0.0.1:55325" span.kind=server system=grpc
time="2020-05-07T18:55:55.524122-07:00" level=info msg="Authorization is not required for /service.Keys/RuntimeStatus"
time="2020-05-07T18:55:55.525628-07:00" level=info msg="Runtime status, version:\"0.0.39\" appName:\"Keys\" exe:\"/usr/local/Cellar/keys/0.0.39/bin/keysd\" fido2:true "
time="2020-05-07T18:55:55.525715-07:00" level=info msg="finished unary call with code OK" grpc.code=OK grpc.method=RuntimeStatus grpc.service=service.Keys grpc.start_time="2020-05-07T18:55:55-07:00" grpc.time_ms=1.621 peer.address="127.0.0.1:55328" span.kind=server system=grpc
time="2020-05-07T18:55:55.527314-07:00" level=info msg="Authorize /service.Keys/Keys"
time="2020-05-07T18:55:55.532807-07:00" level=error msg="finished unary call with code Unknown" error="The user name or passphrase you entered is not correct. (-25293)" grpc.code=Unknown grpc.method=Keys grpc.service=service.Keys grpc.start_time="2020-05-07T18:55:55-07:00" grpc.time_ms=5.574 peer.address="127.0.0.1:55328" span.kind=server system=grpc
Still getting used to the CLI and the daemon code so apologies if it's not the correct amount of info in these reports.
I'm on Catalina 10.15.4.
from keys.
mrickard
commented on June 6, 2024
I'm getting a similar error with command-line install via home-brew, on macOS Mojave (10.14.6).
I've run keys auth for the first time, entered and re-entered a fresh password. Running keys auth fails at the password verification step.
$ keys --log-level debug auth
INFO[2020-05-07T22:42:12.300892-04:00] Version: 0.0.39 fa25a4ec201c3ceaafbc7add19751e72df2ce505 2020-05-05T22:22:19Z
DEBU[2020-05-07T22:42:12.301204-04:00] PID: 68207
DEBU[2020-05-07T22:42:12.301235-04:00] UID: 501
DEBU[2020-05-07T22:42:12.301281-04:00] OS: darwin
DEBU[2020-05-07T22:42:12.301563-04:00] Command: auth
INFO[2020-05-07T22:42:12.301572-04:00] Autostart
DEBU[2020-05-07T22:42:12.301589-04:00] Start process
DEBU[2020-05-07T22:42:12.303098-04:00] Found process: &{pid:64536 ppid:1 binary:keysd}
DEBU[2020-05-07T22:42:12.303112-04:00] Already running
DEBU[2020-05-07T22:42:12.303118-04:00] Client connect...
DEBU[2020-05-07T22:42:12.303182-04:00] Loading certificate /Users/{USER_NAME}/Library/Application Support/Keys/ca.pem
INFO[2020-05-07T22:42:12.304582-04:00] Opening connection: 127.0.0.1:22405
DEBU[2020-05-07T22:42:12.305125-04:00] Service status...
INFO[2020-05-07T22:42:12.40584-04:00] Auth setup needed? false
Enter your password:
INFO[2020-05-07T22:42:28.184209-04:00] Auth unlock...
INFO[2020-05-07T22:42:28.20243-04:00] Received error 2 failed to unlock: failed to load salt: The user name or passphrase you entered is not correct. (-25293)
failed to unlock: failed to load salt: The user name or passphrase you entered is not correct. (-25293)
I haven't yet generated a key, and I haven't been prompted for a username or salt, though running keys auth the first time did output a token.
from keys.
HolgerPeters
commented on June 6, 2024
Similar issue here on MacOS catalina, installed via homebrew. It seems keys could write to the login keychain, but I cannot authenticate
% keys auth :(
Enter your password:
failed to unlock: failed to load salt: The user name or passphrase you entered is not correct. (-25293)
locking and unlocking the MacOS login keychain does not seem to work.
% which keys
/usr/local/bin/keys
% keys --log-level debug auth
INFO[2020-05-08T07:49:29.153514+02:00] Version: 0.0.39 fa25a4ec201c3ceaafbc7add19751e72df2ce505 2020-05-05T22:22:19Z
DEBU[2020-05-08T07:49:29.153755+02:00] PID: 28305
DEBU[2020-05-08T07:49:29.153768+02:00] UID: 501
DEBU[2020-05-08T07:49:29.153775+02:00] OS: darwin
DEBU[2020-05-08T07:49:29.153895+02:00] Command: auth
INFO[2020-05-08T07:49:29.153912+02:00] Autostart
DEBU[2020-05-08T07:49:29.153923+02:00] Start process
DEBU[2020-05-08T07:49:29.155145+02:00] Found process: &{pid:26933 ppid:1 binary:keysd}
DEBU[2020-05-08T07:49:29.155158+02:00] Already running
DEBU[2020-05-08T07:49:29.155163+02:00] Client connect...
DEBU[2020-05-08T07:49:29.155207+02:00] Loading certificate /Users/holger/Library/Application Support/Keys/ca.pem
INFO[2020-05-08T07:49:29.155565+02:00] Opening connection: 127.0.0.1:22405
DEBU[2020-05-08T07:49:29.155721+02:00] Service status...
INFO[2020-05-08T07:49:29.177004+02:00] Auth setup needed? false
Enter your password:
INFO[2020-05-08T07:49:40.485687+02:00] Auth unlock...
INFO[2020-05-08T07:49:40.507272+02:00] Received error 2 failed to unlock: failed to load salt: The user name or passphrase you entered is not correct. (-25293)
failed to unlock: failed to load salt: The user name or passphrase you entered is not correct. (-25293)
from keys.
chrisswanda
commented on June 6, 2024
I can confirm the same behavior on two different MacOS clients running Catalina.
keys auth
OK, let's create a password.
Create a password:
Re-enter the password:
export KEYS_AUTH="3WhExg2RnEg6...Q3WiKLS0XLQzvVBBq6"
# To include in a shell environment:
# export KEYS_AUTH=`keys auth -token`
#
# or using eval:
# eval $(keys auth)
#
# For Powershell:
# $env:KEYS_AUTH = (keys auth -token)
keys generate
Authorization required, run `keys auth`.
keys auth
Enter your password:
failed to unlock: failed to load salt: The user name or passphrase you entered is not correct. (-25293)
from keys.
gabriel
commented on June 6, 2024
Am able to reproduce, am investigating...
from keys.
chrisswanda
commented on June 6, 2024
Works for me now.
Thanks. Will continue to play around with the project since I just learned about it this morning.
from keys.
mrickard
commented on June 6, 2024
This resolves the error for me as well. Thank you, @gabriel !
from keys.
Related Issues (20)
- How to remove key from keys.pub server after loosing private key? HOT 2
- Feature : GUI Sign out button (slashed circle) needs tooltip for accessibility and discoverability
- Missing paren in help text HOT 1
- Inconsistency with output of GUI decrypt HOT 1
- Detached signatures created with the CLI cannot be verified in the GUI HOT 2
- Support macOS TouchID for FIDO2
- GitHub "You have a previous key published with this user" HOT 3
- Guide on setting up git-remote helper? HOT 1
- Request: gnupg wrapper HOT 2
- what is it? HOT 6
- [question] Is there a public chat for keys.pub? HOT 2
- Reddit broken HOT 5
- Encrypting for teams
- `keys.DecodeSaltpackKey` not available anymore HOT 4
- Import priv keys from keybase
- Support CORS on API calls HOT 1
- What's the future for keys.pub? HOT 8
- feature request: Add date/time and user name to signature generated
- gosec returned 5 issues
- Security Issue with too many created signatures HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from keys.