bndw/pick

Safe defaults to openpgp

bndw opened this issue · 2 comments

bndw commented

Running pick init after a fresh install creates a safe with openpgp encryption, however the assumed default type is chachapoly.

https://github.com/bndw/pick/blob/master/crypto/client.go#L18-L29

pick init
Please set a master password. This is the only password you need to remember
>
Please confirm your master password
>
pick initialized

cat ~/.pick/pick.safe | jq .
{
  "config": {
    "type": "openpgp",
    "openpgp": {
      "cipher": "aes256",
      "s2kcount": 65011712
    }
  },
  "ciphertext": "LS0tLS1CRUdJTiBQR1AgTUVTU0FHRS0tLS0tCgp3eTRFQ1FNSUw3ekdmMExWV2JUL0pTOXJlVU5qZGwvVTl6SXZaVEE5SlU4a2dnUTh6bHhCT2daRmF0WlRha1pVCjB1QUI1RWRzYStsTDBldExwUEQ5TGN0L1ZjVGhPNW5nSU9DWTRjMHU0RjNpZGdvSTNlRFM2RnhMK08zNjFyUE8KemZZNFJQaElwZTBlMDV4cDdheDR4cmpEQ3dicWJNUWZrb09OTlJzV28yRzRKeXpKY0ljaXFyd083RkV5eFUwZwpwZzRsNE56NFVRMkNnNEZwVjJRM25OTW83Snd4V2MwblI3ZWZONFRDK1Z5V3NxanVoZmw0dEZCSUY5UmpibkN4ClV2dFd1bjJKWlBtS2VoWnNOK0NRZWhLZ3dhRmVoRnpBQzB1bWtzY0FjZThrQmFSaUF5R0tGMEJnNUQwR3hxVTgKYld0eG1GcW1QdVo1L1RRQ1E5L0YrcitoeFV5RE55ZEtManlLMFluelArN2RodFNQK1E0RWs3TGNZU2dod2VVZgo3SC94eXRvSEtuSVJ6MG45cmRXa2hGMXVBNGZtNzFWaGduZkM4ZjA3dGJzTGlOZ21Dc2VVZ1BUNzFDQjVCRlpKCm1SWXR0d2Ftc0hIZ2RPZUkzWElGbUpveEtaMVpQQVgvWmo5d2w0UEl2WW9CbzR0c2lMZk5xUVcvTkx1YUxIN2QKVHhuTHV3WFkrWkhaTG5VYUNyUDJoS0xGZjdyckpwNlNTWitIU0lHaTVKSHRUQy9jMmF6OGYrQ0tZY0N3angrSApPdi9YTmlQNHREZXdYV1lhRzFtRk1HSHloK3dldnR5Q1VacXYrKzRlckhFNllvdUJqaHB1Um1jRXQrQlA0cWV2CnNHRGdvK0diOE9CKzRNZmdDT1NTK2JBaXZ3aXg2anFiK3hHOGhmbkU0bmQ1b3IvaFNNZ0EKPUxpc3gKLS0tLS1FTkQgUEdQIE1FU1NBR0UtLS0tLQ=="
}
leonklingele commented

Default is still at OpenPGP:

pick/crypto/config.go

Line 25 in 6c84ef2

Type: ConfigTypeOpenPGP,

I guess the Type property should not be set for a new default encryption provider, as it is clearly biased otherwise.

Issue was introduced here: https://github.com/bndw/pick/pull/48/files#diff-e59e4bc49ae6085b1bec59c8fc8e56fdR20
And should (must!) have been spotted in #117. Apparently nobody tested the change.

We need more and better tests, and should leave PRs open for at least a couple of days after their last and final modification.

bndw commented

Thanks for looking into this, I'll submit a PR