gpg: decryption failed: No secret key

[zeorin]

General information

• Operating system + version: NixOS 21.11.335109.00acdb2aa81 (Porcupine)
• Browser + version:
  • Firefox 95.0.2 (64-bit) (not the -bin version)
  • Chromium 97.0.4692.71 (Official Build, ungoogled-chromium) (64-bit)
  • Google Chrome 97.0.4692.71 (Official Build) (64-bit)
• Information about the host app:
  • How did you install it?
    Using home-manager's module for browserpass, which installs it for the browsers that I whitelist.
  • If installed an official release, put a version ($ browserpass --version):
    Nix doesn't put browserpass on the path, but it seems to be 3.0.6:

    ❯ l /nix/store/ | grep browserpass
    .r--r--r-- root root  3.2 KB Thu Jan  1 02:00:01 1970 49v1j1kn2992yy84vsij9grlcszi4g7b-browserpass-3.0.6.drv
    .r--r--r-- root root  2.7 KB Thu Jan  1 02:00:01 1970 73a93w12zvhx6c445c98pvrx6nwgypil-browserpass-3.0.6-go-modules.drv
    .r--r--r-- root root 1017 KB Thu Jan  1 02:00:01 1970 7czss4m8mq2fx4bh96rd5znzfrg9mfph-browserpass-3.7.2-fx.xpi
    .r--r--r-- root root  1.5 KB Thu Jan  1 02:00:01 1970 c7265a6b4m39s410ihb0f6j5pyays173-browserpass-3.7.2.drv
    dr-xr-xr-x root root  4.0 KB Thu Jan  1 02:00:01 1970 mn9k0qha669dp4g98aam95i9r5l0xyb8-browserpass-3.7.2/
    dr-xr-xr-x root root  4.0 KB Thu Jan  1 02:00:01 1970 x47bzphq7h25z6s99lrp3zl69bzs0qi6-browserpass-3.0.6/
    .r--r--r-- root root  2.8 KB Thu Jan  1 02:00:01 1970 zmmcgbnqrdlmwh6bwwzfw42gcihqfnb3-browserpass-3.7.2-fx.xpi.drv
    
    ❯ /nix/store/x47bzphq7h25z6s99lrp3zl69bzs0qi6-browserpass-3.0.6/bin/browserpass --version
    Browserpass host app version: 3.0.6
    

    The nix source also indicates that version (this code will fetch the repo at that tag).
• Information about the browser extension:
  • How did you install it?
    The browser extension is installed using nix's user repositories for FF, and the Chrome Web Store for the others.
  • Browserpass extension version as reported by your browser:
    3.7.2 for all three browsers

I should note that I have read the previous issues regarding this problem and I have tried this with 3 different pinentry programs: Gnome 3, GTK2, and QT (I was sure to restart the GPG agent in between, and I tested using pass directly that the new pinentry was being used). When using browserpass the pinentry program is not triggered.

I am able to successfully use pass on the cli.

When my GPG key is unlocked/cached by gpg-agent, the error still persists.

---

If you are getting an error immediately after opening popup, have you followed the Configure browsers documentation section? Although the error I'm reporting now does not occur immediately after opening the popup, I did have some issues of that nature initially. Since I installed from distro packages, nothing to be done according to that section. However, I have set the GPG binary path (was necessary for FF) and the password store path manually to the correct locations (in all 3 browsers, the password store location wasn't automatically picked up correctly even though the env var PASSWORD_STORE_DIR is set).

---

Exact steps to reproduce the problem

1. Go to https://github.com/login

2. Ctrl+Shift+L

3. Select the github.com entry

What should happen?

Fill in the login details for GitHub, showing the pinentry dialog first if necessary.

What happened instead?

Error: Unable to fetch and parse login fields: Error: {"status":"error","code":24,"version":3000006,"params":{"action":"fetch","error":"Error: exit status 2, Stderr: gpg: decryption failed: No secret key\n","file":"gitpro.ttaallkk.top.gpg","message":"Unable to decrypt the password file","storeId":"i4s1z76xp","storeName":"default","storePath":"/home/zeorin/.local/share/pass"}}

Same in all 3 browsers (except that the storeId is different).

[maximbaz]

Hello, your note about PASSWORD_STORE_DIR not being respected in particular hints to the fact that your browsers don't inherit your environment, could you try to verify this? Open a new terminal, re-export the variable (just to make sure), and then launch a browser directly, not via .desktop file or launcher, but directly in terminal, and see if your issues still remain?

[zeorin]

Hmm, that works! Indeed, when I start the browser from the terminal it works. But, it's not PASSWORD_STORE_DIR that's the issue, having it set or not set doesn't cause my problem. If I unset GNUPGHOME first and then launch the browser from the terminal I observe the same issue as in my OP. My GNUPGHOME is indeed in a non-standard location (~/.local/share/gnupg). I'm off to figure out how I can propagate this to the browsers.

[maximbaz]

Correct, PASSWORD_STORE_DIR was just an easy experiment to verify :) So now all you need to figure out is how to propagate your environment variables to GUI apps, it would depend on your setup and how you do this today. Browsers need to be able to see your environment variables in order to discover gpg and password store location 🙂

[zeorin]

Right, so it seems that home-manager's home.sessionVariables (which is manipulated by the browserpass module) aren't propagated to the graphical environment by default, and I need to enable xsession.enable to make that happen. Setting this to true fixed this issue for me.