Fix SSH Agent broken decrypt button #10638
Conversation
|
The way the key is handled makes this rather confusing. Comment, encrypted, publickey, etc. We shouldn't have to check so many conditions to display simple data. How can we improve this overall? @hifi |
AlexpFr
force-pushed
the
fix/sshAgent-decrypt-button
branch
2 times, most recently
from
c1701e9 to
cd9077e
Compare
|
The presentation of data in Keepassxc is identical to that of openSSH tools and is closely related to the SSH private key file format. Naturally, if the private key is password-free, all information is directly visible. Currently, the only way to simplify the display of SSH key information in Keepassxc would be to decrypt the keys when opening the entry. However, this presents a major drawback:
This means that an entry containing an SSH key encoded with a high number of KDF rounds would take several seconds to open. Simplifying the display of SSH keys in Keepassxc would therefore negatively impact the overall responsiveness of the application. @hifi had already noted this issue here: Changing the behavior and display of information is not just a bug fix. This PR is simply aimed at fixing the decrypt button. :) |
|
That is not what I was saying. The underlying data structure that contains the keys has a confusing API. |
|
Do you want me to look into refactoring this part with a "case switch" , for example ? |
|
No. For example, all these checks for comment existing and decrypted and such... those should be done within the key.comment() function which would return the appropriate response given the conditions of the key. Doing all those checks at the UI layer is confusing and non-repeatable in case we want to implement the same behavior elsewhere. You should simply have to do the Could also be done in a new function that makes it obvious we are preparing data for display: key.resolveComment() or key.displayComment() |
|
Ok, I'll see if I can do that within a reasonable amount of time. |
|
I removed the key checks from the UI layer without creating new functions. Your idea of putting this in the If we do that, we might as well go all the way and move this part of if (!key.parsePKCS1PEM(privateKeyData)) {
m_error = key.errorString();
return false;
}
if (key.encrypted() && (decrypt || key.publicKey().isEmpty())) {
if (!key.openKey(password)) {
m_error = key.errorString();
return false;
}
}
if (key.comment().isEmpty()) {
key.setComment(username);
}
if (key.comment().isEmpty()) {
key.setComment(fileName);
}But that's no longer a fix..." |
|
Yah I like these changes now, no need to go further at this point. Thank you! |
|
Thank you for your help. |
|
Doesn't need to hold up this PR, translations are independent of pull requests. However you do need to |
AlexpFr
force-pushed
the
fix/sshAgent-decrypt-button
branch
from
8b171cc to
82b479b
Compare
|
Format done ! |
AlexpFr
force-pushed
the
fix/sshAgent-decrypt-button
branch
4 times, most recently
from
db7c6da to
0bbce15
Compare
|
Hello, is this PR ready for a merge? Do I need to review certain points? |
droidmonkey
force-pushed
the
fix/sshAgent-decrypt-button
branch
from
0bbce15 to
a4ede5e
Compare
droidmonkey
force-pushed
the
fix/sshAgent-decrypt-button
branch
from
a4ede5e to
9299bf9
Compare
* SSH Agent: Fix broken decrypt button (Fixes keepassxreboot#10637) --------- Co-authored-by: Jonathan White <support@dmapps.us>
* SSH Agent: Fix broken decrypt button (Fixes #10637) --------- Co-authored-by: Jonathan White <support@dmapps.us>
Release 2.7.9 * Passkeys: Ability to easily remove a passkey from an entry [keepassxreboot#10777] * Snap: Use new desktop portal for native messaging integration [keepassxreboot#10906] * Improve entry placeholder/reference feature [keepassxreboot#10846] * Improve CSV importing when title field isn't specified [keepassxreboot#10843] * Improve encrypted Bitwarden importing [keepassxreboot#10800] * Improve database settings UX [keepassxreboot#10821] * Improve handling of clipboard actions from entry preview [keepassxreboot#10810] * Improve group/entry view resize behavior and set sensible defaults [keepassxreboot#10641] * Passkeys: Fix incorrect username fill [keepassxreboot#10874] * Passkeys: Return additional data to the extension [keepassxreboot#10857] * Fix password clear timer inconsistency on unlock view [keepassxreboot#10708] * Fix portability check [keepassxreboot#10760] * Fix page overflow on HTML exports [keepassxreboot#10735] * Fix broken builds when using system provided zxcvbn [keepassxreboot#10717] * Fix copy password button when text is selected [keepassxreboot#10853] * Fix tab ordering on application settings pages [keepassxreboot#10907] * SSH Agent: Fix broken decrypt button [keepassxreboot#10638] * Windows: Fix ALT Auto-Type modifier [keepassxreboot#10795] * Windows: Fix wrong DACL memory size allocation [keepassxreboot#10712] * macOS: Fix monospace font sizing [keepassxreboot#10739] * Flatpak: Fix configuration settings off-by-one error [keepassxreboot#10688] * BSD: Fix compiling with libusb implementation [keepassxreboot#10736] # -----BEGIN PGP SIGNATURE----- # # iQEzBAABCAAdFiEENIkEDB8MPuq41ValRA/GXy4MbgEFAmZzTogACgkQRA/GXy4M # bgHahggAg+hzMTiM0uDaw5yfxhv6GEfQQBPHMhX3JDyHEC+i7Pq6OjlxQkdUrRdu # f4w74od5jSul0Al/ehu9L2eZwNPMnU87FWDn16o1btYHsG9n24v5S0DuQoLXUjde # Y9nJNKeRNoWAlVKWbUG2YGvy9hF9YbtrFaiBksaQ+g3w8Xz82PzLY0VaUu4Xa/LO # RXAhryJC+8T3T479dXpHxJcUmEWkoY4bqj1i6R8tEK5Kz9y1c0kqzqwWysKMj+rD # WxTb2V4y9s57pO35zt9yxMLg66xx9bdcQHbSULa2vZNMFd9qdqk8WJmWFle112yG # UCBXv2ZIjd3lghPt0IrD+WKcuL85Aw== # =rbfs # -----END PGP SIGNATURE----- # gpg: directory '/home/runner/.gnupg' created # gpg: keybox '/home/runner/.gnupg/pubring.kbx' created # gpg: Signature made Wed Jun 19 21:32:56 2024 UTC # gpg: using RSA key 3489040C1F0C3EEAB8D556A5440FC65F2E0C6E01 # gpg: Can't check signature: No public key
Release 2.7.9 * Passkeys: Ability to easily remove a passkey from an entry [keepassxreboot#10777] * Snap: Use new desktop portal for native messaging integration [keepassxreboot#10906] * Improve entry placeholder/reference feature [keepassxreboot#10846] * Improve CSV importing when title field isn't specified [keepassxreboot#10843] * Improve encrypted Bitwarden importing [keepassxreboot#10800] * Improve database settings UX [keepassxreboot#10821] * Improve handling of clipboard actions from entry preview [keepassxreboot#10810] * Improve group/entry view resize behavior and set sensible defaults [keepassxreboot#10641] * Passkeys: Fix incorrect username fill [keepassxreboot#10874] * Passkeys: Return additional data to the extension [keepassxreboot#10857] * Fix password clear timer inconsistency on unlock view [keepassxreboot#10708] * Fix portability check [keepassxreboot#10760] * Fix page overflow on HTML exports [keepassxreboot#10735] * Fix broken builds when using system provided zxcvbn [keepassxreboot#10717] * Fix copy password button when text is selected [keepassxreboot#10853] * Fix tab ordering on application settings pages [keepassxreboot#10907] * SSH Agent: Fix broken decrypt button [keepassxreboot#10638] * Windows: Fix ALT Auto-Type modifier [keepassxreboot#10795] * Windows: Fix wrong DACL memory size allocation [keepassxreboot#10712] * macOS: Fix monospace font sizing [keepassxreboot#10739] * Flatpak: Fix configuration settings off-by-one error [keepassxreboot#10688] * BSD: Fix compiling with libusb implementation [keepassxreboot#10736]
The reason is that the activation condition is:
if (!key.comment().isEmpty() || !key.encrypted()).But the comment is never empty because when opening the key we have:
I also took the opportunity to modify the text to be copied to the clipboard when the key is not decrypted.
Indeed, the undecrypted private key exposes the public key in clear text, but not its comment.
setPlainText(tr("(encrypted)"));to
setPlainText(key.publicKey() + tr("(comment is encrypted)"));Testing strategy
Tested manually with ed25519 crypted key.
Type of change