Unable to specify encryption key

Question

Unable to specify encryption key

Closed this issue 11 years ago · 3 comments

I'm trying cpm for the first time on Debian 7:

$ cat /etc/debian_version 
7.3
$ cpm --version
cpm 0.26 (64 bit)
CDK version 5.0 (20060507).
GpgME version 1.2.0 (rcpt).
ncursesw version 5.9 (20110404).
XML2 version 2.7.8.
zlib version 1.2.3.4.
cracklib is enabled.
Written by Harry Brueckner <harry_b@mm.st> 2005-2009.
Maintained by Kacper Wysocki <kwy@redpill-linpro.com> 2010.

I suppose that the first message tells me about non-encrypted swap:

$ cpm
Running without root privileges:                  yes
Memory protection from core dumps:                yes
Memory protection from swap writings:             no
Max. memory lock ok:                              no (64 kB)
Memory protection from ptrace spying:             yes
Validation of environment variables:              yes
Cracklib dictionary (/var/cache/cracklib/cracklib_dict):yes

Maximum security level not reached. Are you sure you want to continue?
Press CTRL+C to stop now or ENTER to continue.

Then I type ENTER and get a file error:

error 2 (No such file or directory) opening file '/home/vagrant/.cpmdb'.

Then I type OK and C^K to add a key, however the list is empty.

I don't understand because I created a key as described in this procedure and it doesn't appear in the list.

$ gpg --edit-key harry
gpg (GnuPG) 1.4.12; Copyright (C) 2012 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

pub  2048R/1D9BD7D9  created: 2014-02-06  expires: 2015-02-06  usage: SC  
                     trust: ultimate      validity: ultimate
sub  2048R/2295B1F4  created: 2014-02-06  expires: 2015-02-06  usage: E   
[ultimate] (1). Harry Potter <harry.potter@hogwarts.edu>

gpg>

I can't save the database because I'm unable to specify an encryption key. Any idea to fix this issue?

Answer 1 · 2014-02-12T11:53:38.000Z

Hi. The first message tells you that the memlock limit is too low on your system:

https://github.com/comotion/cpm/wiki#wiki-memlock-limits

Raising the memlock limit increases the security of your password database.

The second message means there is no existing password database. A new one will be created.

Your last issue pertains to adding a key. Hit C^K and the list of added keys will appear, and since your database is new, the list is empty. Hit C^A and write 'harry' to add your key, then ESC and ESC again, then save your database. You now have an encrypted cpm database.

Answer 2 · 2014-02-12T12:52:47.000Z

When I read the message "Maximum security level not reached", it was not clear to me that I would not be able to save the database. I thought it would just be working with less security.

I've updated /etc/security/limits.conf as you suggested and now it works, thank you !

Answer 3 · 2014-02-27T10:26:39.000Z

It is possible to save the database by ignoring the security warning - but you were right originally, you could not save when there was no encryption key added.
The messages are not very intuitive, and thanks to your ticket I have improved the documentation and messages for the next release.