Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

My ed25519 keys can't decrypt my secrets due to a parsing error somewhere. I can still use okc-ssh-agent to SSH into places, but I cannot decrypt my passwords, which is kind of a big deal. It's because of this I'll probably migrate to a self-hosted bitwarden and use FIDO auth with my yubikey. I'll still use the GPG key for SSH authentication, but boy is this a mess I don't have any time for.

And when I say I don't have the time for, I tried to get OpenKeychain to use a newer version of BouncyCastle, which should support my encrypted files just fine, but boy do I not have the knowledge to deal with changes in a project's gradle structure. I think the root of the issue is that newer versions of GPG have changed the format of the ciphertext in a way that the bouncy castle version OpenKeychain is using doesn't parse. Anyway, I do not feel confident in mucking about in crypto code. Maybe there's hope in just porting a front-end of pass that uses a plain ported GPG implementation instead.



> I think the root of the issue is that newer versions of GPG have changed the format of the ciphertext in a way that the bouncy castle version OpenKeychain is using doesn't parse.

It might be worth your effort to test your hypothesis with an older version of GPG. The LTS version would be especially easy to investigate.


check out psono too for self hosting (https://psono.com/) It's on my todo to do this myself but I haven't had time yet. It looks a lot more interesting to me than self hosted bitwarden/vaultwarden though, especially if you have needs to fill like encrypted file storage that are slightly above and beyond bitwarden's design.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: