-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Minor example modification leads to nonce assertion error #23
Comments
Can you give a full example of your code? What are you trying to achieve?
3 Oct 2020 01:29:27 marquardts <notifications@github.com>:
… Instead of failing hard in L20[https://github.com/hrehfeld/python-keepassxc-browser/blob/master/example.py#L20], I would like to wait for the database to be opened and then proceed. Therefore instead of L20-L25 I introduced
if not c.is_database_open(connection_id): c.wait_for_unlock()
However, one of the subsequent calls c.associate or c.get_login (I omit the set_login part) fails with
assert response_nonce == expected_nonce AssertionErrorindicating that something in the nonce calculation went south. When I execute the script over and over again, sometimes the script even succeeds (but not very often).
Since I am not firm with the protocol I am asking for help to fix this as I have no clue where to start looking.
Best regards
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub[#23], or unsubscribe[https://github.com/notifications/unsubscribe-auth/AAATX522PH5NGRMBHHSDMZ3SIZO4XANCNFSM4SCICDNA]. [https://github.com/notifications/beacon/AAATX53UL4UWOAYLYY7VB7TSIZO4XA5CNFSM4SCICDNKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4KUOBJ7A.gif]
|
Sure. https://gist.github.com/marquardts/d19cef9193f8ac929e4e8f3f5bf634b2
In case of a locked DB (I use an autolock) I want that the scripts holds execution until the database is unlocked. Then it should continue to retrieve the credentials. |
Well, not sure what's going on, but why don't you just catch the exception and loop with a timer until you |
Sure, that's possible. But AFAIU the whole point of |
I probably have exactly you use case, even our scripts look more or less the same ^^. I'm not sure why it fails for you. I remember having issues with the script failing when started before the database was unlocked (or something like that, vaguely remember). But I don't get that error anymore and thus never bothered. Maybe it's a bug in older Keepass? (I'm on 2.6.1-snapshot atm, probably a version from around May or so). P.S.: You might also like this ;-) P.P.S.: If that use case is more common, maybe we'll want to make a proper script with better usability out of it? I'm fine with manually hacking on an example, but a proper CLI would be neat. |
Hi @piegamesde I am using KPXC 2.6.1 from the Ubuntu PPA. Thanks for your link, that's very convenient 🙂 Well, I am currently running the script in a background task. If I unlock, it can retrieve the credentials, if not, I see the pop-up but error messages will be somewhere in the background. P.S.: Do you know if its possible to retrieve keys by credential path? (E.g., accounts/amazon) |
This is not specific enough to make sense of what's going on. Does it work when the database is already unlocked? Does it fail even if you click "Accept" on the pop-up or only if you deny? If you're running a background task, isn't it consequent if the error message is somewhere in the background?
I'm strongly in favour of this. But if you want to reuse the code from the PR, maybe best discuss that there.
Pretty sure it's not. But I designed the feature in an extensible way, it shouldn't be hard to add a |
Yes, it works, when the DB is unlocked. It does not fail, if the DB is unlocked and I accept. Actually, I just wanted to agree with you that it currently does not bother me too much, as it is not a show-stopper for me.
Well, my current version is much simpler. I think about it.
|
When there are multiple clients connecting via the kepassxc-browser protocol, a race condition may result in failure of By the way, there is another bug in |
Instead of failing hard in L20, I would like to wait for the database to be opened and then proceed. Therefore instead of L20-L25 I introduced
However, one of the subsequent calls
c.associate
orc.get_login
(I omit theset_login
part) fails withindicating that something in the nonce calculation went south. When I execute the script over and over again, sometimes the script even succeeds (but not very often).
Since I am not firm with the protocol I am asking for help to fix this as I have no clue where to start looking.
Best regards
The text was updated successfully, but these errors were encountered: