Error: Wrong password for that key for empty passwords on Windows
#26
Comments
|
This issue is stale because it has been open for 30 days with no activity. |
|
This issue was closed because it has been inactive for 14 days since being marked as stale. |
|
I forgot to ever get around sharing a minimal repro, sorry about that. This is still an issue in 0.7.9 for us. The following is the minimized version of the test in https://github.com/tauri-apps/tauri/blob/b0d752725067093f3c8901afd7cfcd1cb8d28f05/crates/tauri-cli/src/helpers/updater_signature.rs const PRIVATE_KEY: &str = r#"untrusted comment: rsign encrypted secret key
RWRTY0IyvJC7OQfnFyP3sdnbSsYUIzRQBsHWbTpeWeJeYvWazjQAABAAAAAAAAAAAAIAAAAA6k7dgXhyuDqK6b/VPH7MrKbhtqs401wPzTGn4MpeecPK10qGgikr7t15Q5CD181txZT0kPPiwq+/TSbvBeR5xNAaCxmFIYemCiLbPFHaNtNGr9FgTf/t8kohhIKVSr7YSCrc8PZT9pc=
"#;
fn main() {
let sk_box = minisign::SecretKeyBox::from_string(PRIVATE_KEY)
.expect("failed to load updater private key");
let sk = sk_box
.into_secret_key(Some(String::new()))
.expect("incorrect updater private key password");
dbg!(sk);
}This works with 0.7.3 but doesn't work on any version after that. It also crashes with the same error if you provide p.s. no idea why i wasn't able to repro it back when i opened this issue, this was super easy to do now 🤔 |
|
[TIMEWELL] Time spend on this issue: 57 minutes. Can you see if 13ec7fd works and is enough to address your issue? |
|
As far as i can tell this does indeed seem to fix it, nice! Thanks so much ❤️ |
Hello 👋
When upgrading from 0.7.3 to 0.7.5 we've started getting an
Wrong password for that keyerror when using no/empty passwords on Windows (100% reliably) when callingsign(). We also saw this happening on Linux after a while but i think it wasn't reliably reproducible.Speaking of reproduction, i couldn't reproduce it in a standalone rust project yet, only in Tauri's CLI but i wanted to reach out already anyway. -> I will update this issue once i am able to repro it but i have to focus on some other stuff for a while.
In case you wanna look into it without me providing a minimal repro, the relevant function is here: https://github.com/tauri-apps/tauri/blob/4dd4893d7d166ac3a3b6dc2e3bd2540326352a78/tooling/cli/src/helpers/updater_signature.rs#L103 with the password being either None (so that minisgn asks for the pw) or an empty String (if CI env var is set) - both variants show the same behavior.
Thank you
P.S. For reference the PR where we locked minisign to 0.7.3: tauri-apps/tauri#7197
The text was updated successfully, but these errors were encountered: