pijul/pijul - Discussion #736 - [ID] corrupted keyring

#736 [ID] corrupted keyring

Closed on February 23, 2023

tankf33der on November 26, 2022

I repeated this issue many times and still do not have 100% reproducible steps. Incredible hard to repeat.

$ pijul id li
No identities found. Use `pijul identity new` to create one.
If you have created a key in the past, you may need to migrate via `pijul identity repair`
$ pi id new
✔ Unique identity name · default
✔ Display name · Mike
✔ Email (leave blank for none) · mpech@tuta.io
✔ Do you want to change the encryption? (Current status: not encrypted) · no
✔ Do you want this key to expire? (Current expiry: never) · no
✔ Do you want to link this identity to a remote? · no
$ pijul id new
✔ Unique identity name · dd
✔ Display name · Mike
✔ Email (leave blank for none) · mpech@tuta.io
✔ Do you want to change the encryption? (Current status: not encrypted) · no
✔ Do you want this key to expire? (Current expiry: never) · no
✔ Do you want to link this identity to a remote? · no
$ pijul id li
Identities
├─ default
│  ├─ Display name: Mike
│  ├─ Email: mpech@tuta.io
│  ├─ Login: <NO USERNAME>@<NO ORIGIN>
│  ├─ Public key
│  │  ├─ Key: AGB33NJ2W3m9ZnGsE9AkFSHwKf9aSEUwd5qLVERq8hdS
│  │  ├─ Version: 0
│  │  ├─ Algorithm: Ed25519
│  │  └─ Expiry: Never
│  ├─ Secret key
│  │  ├─ Version: 0
│  │  ├─ Algorithm: Ed25519
│  │  └─ Encryption: None
│  └─ Last updated: 2022-11-26 07:15:51 (UTC)
└─ dd
   ├─ Display name: Mike
   ├─ Email: mpech@tuta.io
   ├─ Login: <NO USERNAME>@<NO ORIGIN>
   ├─ Public key
   │  ├─ Key: Gy76LzhsbQCRQkBTX7Cnpsb13KwD65smz4JtPp8JHpYv
   │  ├─ Version: 0
   │  ├─ Algorithm: Ed25519
   │  └─ Expiry: Never
   ├─ Secret key
   │  ├─ Version: 0
   │  ├─ Algorithm: Ed25519
   │  └─ Encryption: None
   └─ Last updated: 2022-11-26 07:15:51 (UTC)
$

Choose dd replace by default.

$ pijul id ed
✔ Select identity · dd
Editing identity: dd
✔ Unique identity name · default
✔ Display name · Mike
✔ Email (leave blank for none) · mpech@tuta.io
✔ Do you want to change the encryption? (Current status: not encrypted) · no
✔ Do you want this key to expire? (Current expiry: never) · no
✔ Do you want to link this identity to a remote? · no
$

Corruption, double }} in json file.

$ pijul id li
No identities found. Use `pijul identity new` to create one.
If you have created a key in the past, you may need to migrate via `pijul identity repair`
$ cat default/secret_key.json 
{
  "version": 0,
  "algorithm": "Ed25519",
  "key": "EJKxBfRBZjK4mTsD8YJ3fqfQKhgraKL8AXB4eXuCHSPTBNgaDrjGQsXgHXLCB8JaSeko5pGQe7Xm723RnB5Wthn"
}}
$

finchie added a change on November 26, 2022

Disallow overwriting existing identities via `pijul id edit`

YJXRCXOSO2J5BFFR6QKFDVV3RJ5J3QXB4UZ3DVQZLYTF5RJ4TNJAC

main

pmeunier added a change on February 23, 2023

Correct loading/truncation of secret key files

OTEE57H2YMEBB2JRHYYAIW4GNXQPV4XEWC4TCI3RXXVU7QTU7TXQC

main

pmeunier on February 23, 2023

I know what happened. @finchie, your patch just made the issue even less reproducible, but didn’t solve it.

We were opening a file with OpenOptions on Unix without truncation, and then directly writing into that file. If the new content was one byte shorter than the previous one, this explains the }} at the end.

I removed that function since its behaviour on Windows was significantly different from Linux. If truncating is correct on Windows, it should also be correct on Linux.

pmeunier closed this discussion on February 23, 2023

finchie on June 3, 2023

Ah, good catch! Thanks for the explanation.