When I try to decrypt with my Yubikey Neo over NFC (which in the past, worked fine at some point), I get an error. For example, when using the decrypt-from-clipboard feature, or when using another program like https://github.com/zeapo/Android-Password-Store/issues/271.

Expected Behavior

Decryption succeeds.

Current Behavior

I now get Error: Transceive failed in the UI and the following stack trace in adb logcat:

E/Keychain(13043): failed to establish secure messaging
E/Keychain(13043): org.sufficientlysecure.keychain.securitytoken.SecureMessagingException: failed to retrieve secure messaging key attributes
E/Keychain(13043): 	at org.sufficientlysecure.keychain.securitytoken.SCP11bSecureMessaging.establish(SCP11bSecureMessaging.java:298)
E/Keychain(13043): 	at org.sufficientlysecure.keychain.securitytoken.SecurityTokenHelper.connectToDevice(SecurityTokenHelper.java:211)
E/Keychain(13043): 	at org.sufficientlysecure.keychain.ui.base.BaseSecurityTokenActivity.handleSecurityToken(BaseSecurityTokenActivity.java:444)
E/Keychain(13043): 	at org.sufficientlysecure.keychain.ui.base.BaseSecurityTokenActivity$1.doInBackground(BaseSecurityTokenActivity.java:172)
E/Keychain(13043): 	at org.sufficientlysecure.keychain.ui.base.BaseSecurityTokenActivity$1.doInBackground(BaseSecurityTokenActivity.java:162)
E/Keychain(13043): 	at android.os.AsyncTask$2.call(AsyncTask.java:288)
E/Keychain(13043): 	at java.util.concurrent.FutureTask.run(FutureTask.java:237)
E/Keychain(13043): 	at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:231)
E/Keychain(13043): 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
E/Keychain(13043): 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
E/Keychain(13043): 	at java.lang.Thread.run(Thread.java:841)

Possible Solution

Not sure, but this is definitely a regression, it worked in the past.

I wonder if it was this commit that broke it -- simply by the fact that it was the last one touching the code that raises the above exception.

Steps to Reproduce (for bugs)

1. Get a Yubikey Neo (for OpenKeychain devs: I'll buy you one if you don't have one)
2. Encrypt a message to yourself to the clipboard
3. Use decrypt from clipboard
4. Tap the Yubikey via NFC, see it fail

Your Environment

• Android Version: 4.4
• OpenKeychain Version: 4.2.4
• From Google Play or F-Droid?: Google Play

When I scan a QR Code that has the link OPENPGP4FPR:9F0FE587374BBE81 on it, I get this crash every time:

        AndroidRuntime  E  FATAL EXCEPTION: IntentService[KeychainIntentService]
                        E  Process: org.sufficientlysecure.keychain, PID: 15731
                        E  java.lang.StringIndexOutOfBoundsException: length=16; index=24
                        E      at java.lang.String.indexAndLength(String.java:584)
                        E      at java.lang.String.substring(String.java:1449)
                        E      at org.sufficientlysecure.keychain.operations.ImportExportOperation.importKeyRings(ImportExportOperation.java:219)
                        E      at org.sufficientlysecure.keychain.operations.ImportExportOperation.importKeyRings(ImportExportOperation.java:136)
                        E      at org.sufficientlysecure.keychain.service.KeychainIntentService.onHandleIntent(KeychainIntentService.java:525)
                        E      at android.app.IntentService$ServiceHandler.handleMessage(IntentService.java:65)
                        E      at android.os.Handler.dispatchMessage(Handler.java:102)
                        E      at android.os.Looper.loop(Looper.java:136)
                        E      at android.os.HandlerThread.run(HandlerThread.java:61)

I don't know how much work it would be to add this, but I assume now that OpenKeychain supports tokens over USB it shouldn't be too much work. I have a OpenPGP smartcard in an Gemalto K30 reader. It seems to not work with OpenKeychain currently. It would be great, if it could work with OpenKeychain. I assume a lot of people have such cards, the FSFE also gives them out to supporters.

From what I understand, the protocol is exactly the same as with the yubikey, so probably only the detection/support for additional smartcard readers is missing?

Expected Behavior

In the settings, switch "Link keys to contacts" on for syncing contacts

Current Behavior

Since upgrading my Oneplus 6 to Omnirom 9.0 the switch always goes back to off.

Your Environment

• Android Version: 9.0 September patch level
• Device Model: Oneplus 6
• OpenKeychain Version: 5.2
• From Google Play or F-Droid?: F-Droid

Here's a logcat of the in my opinion relevant lines. Seems like some missing permissions. The contacts permission, however, is granted to the app.

2018-09-17-17-14-13.txt

If you need further assistance, please let me know.

Hi,

i'm trying to use openkeychain with the xmpp-client Conversations. and unfortunately, after trying for a couple of hours and reading all issues on the topic i found, i couldnt get it to work.

When i try to open the signing key (not only from Conversations, but also when i try to sign inside the openkeychain app), I get prompted for the password, but after entering it, I only get a message "Private key could not be extracted". As I wrote in the title, I don't want to use the master Key for signing, but a dedicated signing key, because my key is split the debian way, i.e. one only for certifying, one for encrypting and one for signing. The master key is correctly marked as not available, but somehow the app seems to try to use it for signing purposes. The same key is working in APG with k9-mail.

This issue might be related to #570, #624 and #588, which all are marked as fixed. Strangely, the issue persists for me.

If you need further information, i'll be happy to provide what i can to clear things up.

Thanks in advance

• Philipp

I've started working on improving various parts of the UI of the app.

This is a first step regarding ImportKeysListFragment. I've in mind other improvements but i think it's already better than before. Other things will come soon. (for both UI and code)

(I'm sorry for the language of the screenshots)

after updating to version 5.6 the encryption via NFC no longer works. in practice, before I approached yubico Nfc to the cell phone and confirmation of encryption came out, now instead when it asks to approach the yubico via Nfc, it crashes or opens Chrome. the control no longer applies at the time of the nfc

• Add more devices to the whitelist: e.g., Nitrokey
• Other pictures with USB devices for the dialog
• Key generation on security token: a method is already there but not used because key generation over NFC is extremely unreliable and works only 1/3 of the time. I suspect that is because of power issues, which should not happen with USB.
• warning for reset procedure?
• animation when going from the CreateSecurityTokenWaitFragment moves into the wrong direction (just a minor glitch)

I’m running a week-or-so old build and the new certify is an improvement, but it still isn’t very civilian-friendly. I sketched in code (just XML fiddling) to try to make what’s going on a little more useful to non-geeks. Useful direction?

Hello, This is WIP PR for USB OTG Yubikey support (and possibly other devices like Nitrokey).

This is in very early stage, basically a quickly hacked proof of concept, but I decided to open anyway and to show some progress, as @Valodim suggested in #1550

Despite being in early stage, everything should be usable, so you can test it if you want.

Issues:

• [x] User shouldn't need to reinset device on each operation
• [x] Disconnects are not handled properly
• [x] Reinsert required in some ocasions(encrypting after reinserting on prev screen)
• [x] Update Manage my keys -> Security token thing
• [x] Investigate issue with transmitting -1
• [ ] Investigate bricking on card reset
• [ ] Needs refactoring (error handling, ....)
• [ ] Tests?
• [ ] Nitrokey & others

cc @Valodim @dschuermann

failed to import keys Error: "Nothing to import". My file was pubring.asc which was created from desktop using gpg4usb -----BEGIN PGP PUBLIC KEY BLOCK-----

Version: GnuPG v1.4.12 (MingW32)

mQINBFLhDTYBEADYffXSxyWDz9KXULlw7lThVw2Cx6E7HjauCFRS97EeOlgoQXo1

ZtiR2ktl312k/zGK7iaQTwFwCKyy4rJhgiinC3Z727x5BwMdQWv2k72O/59H3X4J

s5F9JfDN0KkMGzPZFp1F36llzq1CzMbzYl9hyCAkfrxtWeSBsp41YXyVUQogEcDj

R9axM2UCsy30G0EBxbt5whv7dtBxJI9I9SjfOOK9WFh/4CbNu6Y4sDH/o7fdP4r/

loQHeuVNB+d1zTyu0H+Jt13Fpni1uhIFj11FiATfdXB19s2QceZmh9jwMm4sEN9X

yMD/IEtpgLh9/f3cSmKVqfoOlLkpQGP8SzoLPEEUkx8s5J4ikVhCgwyuPNDyvAkm

55rfAeiDaL9Urbg2cov7EvnRUTlVW/bbJ6pVP6iEU/9+M572TFPVhkh4XeVgLuZ+

SoQm+bWrsg4+CppGCjmDpGvXrcT9X5R9mxPq8dao5NBiH7dMp2hINaxqZlETeZB8

fWFeTPscYaolR8c190TFuua9EXX6v128/kbt/D7l+eWmGFKiRNNNpm6i88UZdK0+

DWmuC7nJvyCDo+S1h9KQZuSISF41QBHoklHgSSPOp61r3vg/FRt9M5lvhenA7Yx3

82btRYayJEr2PzL5qFYevrGEMd6IEY7HHIGG3N9dkSxlE7s5MiBf3fPM3QARAQAB

tFFWaWN0b3JpYW5vIEEuIEdvbnphbGVzIEpyLiAoU21pbGUsIHlvdXIgbW90aGVy

IGNob3NlIGxpZmUgOi0pKSA8dmFnMTE4QHlhaG9vLmNvbT6JAjgEEwECACIFAlLh

DTYCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEOe57VqVhS2WNtYP/0P5

IH5PF9SnMOe+NsvRMwMpJN7rqKH+0l3ARtHHW2Hq7N0v1XdGX4MoHvA4ulyr7Jul

qxM5dNPpM1JcAKt6wb120iL9yPMfQ64wHqGedEKdKL/wMxGGOaYB2nCPKA8LhL68

vvGH970TrXYT1f4Ja3if/t8GkU4BU1xNosDWtNO9PfEmwMWP5bMT4338y67VonvD

p1g23rSVrDPd5T1Gon3dnQUX4Rq4l1MzvXyjV0/I540xhSRj7rchyoTXfST9tvpK

XmA/KP5RRfgxpdPdv8fAAy5/UhWuAPPqthNzmrBiOKLGHjWIhu7uOGyCrijiUdVR

zoMK2z3iOr226Fjsi7D2m9kjMdBK/8h4IwAbUBWohaxxFYff6EoPSSt80d8m8+0k

uCJEVWGzZ9DYnNhHAUZ4hQhGQnaoabERMFYfxm/cVQ+nadpM/MhnidqLvdhdYTD2

dG/xN4stLVfm8QrTOIEVm0na4YfAyGWOl20pxZjpiclYdmi2KGyHKTLnQDYd4KNZ

qRB5UbNn9x+dnzdyqmjl5kbcUJP5GVRN54QTz53caeROPrayi7/zvswpaR43pwSV

WLw/QgHHvC+79pr8Momsn5MsfKSJRmmQonbO3v30HjxnVjKqCwYuDjE+r6c0jHYF

NtzsPtMCY7nmjvKvxC1lsEiHsumVb77xMXvh9ORtuQINBFLhDTYBEADHZ61k3Gjb

6rDF1fTd8XD81zSXOijsgdOUZoRlugL2qvMc5dhKwEeJ8aakGMoRzF9+5bfv1eYA

3/YEIpniHt5QbEwgSzFReytbBxUsgyZnl+lr9uzfTUR/ubJfW+fujpuCWWsnYzd9

Zjw6o7/YCIKnFfx2FediNwHJVe0OeSmP6sGcAyzheljJdcDpZWLRU2aRhtVJmFup

JjL+gwLhYnZNL5b3nuQrgeK/exf/sqEVE4UbUWkiAQMOIrZuk9Yzg6COKQc8uoLe

iJi96qHBnHzysNfRFVW8kb8pc1haDi+eVTbsgLrAw6KKOddew5//LveBWu6A8Ab5

cl8f5LpES2MDVa8NQirEXAdUb8CLV835GLTu1ZIfI9bDS3nMAdmQKFhi4OFVwm13

PRB5v5JhYevVMvwAKBO/9cndT1zsnS5CdF9ktzUrYpJFHL3DRLJNGE+6qnQTG8SH

Yp5bns2OeLehBNL4psAkoIsft84Ra46YweFEQkAPQdTZQMgYk3M9HDE3OnJzZv+X

IPO4zI6gOVjPpSEqeMSNX8mbDjRbPZ97hpAdkFafK1HFFS6KxU7rJ4B6dLPZY5lq

7rfOmZjCCCtqwZzhqJQrbAkGjWAPNqDNW4ndUox0/JlIk33Nrq+ls4b6BARKAXWC

IbRy7Mqa+3EQ5M6R1mUs2jBNTZugIXswXwARAQABiQIfBBgBAgAJBQJS4Q02AhsM

AAoJEOe57VqVhS2WxNwQANG8m3qZSDd5er4PQrB4C0WOMH/XhFHkSjg+vH6/Q4Ar

lHd0Xp68/UsJx4CnqtkT7F1ajXdePfmjosF2kvhBIgBTJ+04DsQKznyv8QlIr9Jj

uP/k1rhSicZZE/5i/gnfVTbnvBg1591rQiC4ExKkfzJJda9dTMiKEIaZhqXsnHY/

cGy0FV0QTD6YAeloqYgQ20Np5IX2GeKorPXcjPQBuUKD+nyZFnFtjdD3fN3bL+3x

fTrDlE9hrndUbI7bd8lE2dimPhA94Tb/xRiUt+dTFHIdadmFI61RQqaZN1XtjNel

ig7IHEWeQ9yNnGz1jDBuAPiV3ERxYQpIYohB6eIF2Lpm+xW1yKvs9XLlcmm1aFs9

3/7wJsAc0lrtRumBaZb9YreJ7sZcuiZPqrLXa1quCBWLvk2IWFbzoNYgaJ0D29R8

SUviGIKcxgLNNiy1R3rq0jkE1mE5UTcshCfGnGplmoPgEF8PCR4AKILJhd/TBvtN

+rKStbjskREEeMCjS4NHmXH6KT/E6hrMLhUdTpxelqfZ5MzxDS8+2ncm91u9y9oF

24ClRZbkEcDdNelNQyA3cFwwyl2U+JBQ9R/TwqS/8fM95WV0qHA5DZBhccEEnYE/

rr4jB1MWK3j8HvOm5ClfpmQrZBifm77L/zlb9IiJpkV50PyP382RxZ1OlfZ6xZqj

=Nf66

-----END PGP PUBLIC KEY BLOCK-----

Open-Keychain crashes when trying to de-/encrypt PGP emails in K9 (also tried FairMail), with my Yubikey. This has been working for ages but recently stopped on my Pixel6 (Android 13, Build TQ1A.221205.011)

Expected Behavior

1. Clicking on encrypted email, entering the PIN for the Yubikey, placing it on the back of the phone (NFC), removing it and the decrypted mail is shown in the client (K9 or FairMail).

2. Enable encryption for an email, click on send, enter the PIN, place the Yubikey on the back of the phone (NFC), remove it and the encrypted mail is sent.

Current Behavior

1. Clicking on encrypted email, entering the PIN for the Yubikey, placing it on the back of the phone (NFC), removing it -> Full crash of Open-Keychain, as well as the client (K9 or FairMail).

2. When trying to encrypt an email, Open-Keychain also crashes and leaves the drafted email in the Drafts folder.

Possible Solution

None :(

Steps to Reproduce (for bugs)

See above.

Context

I'm trying to de-/encrypt PGP emails, which doesn't work anymore.

Your Environment

• Android Version: 13, Build TQ1A.221205.011, security update from December 5th
• Device Model: Pixel6
• OpenKeychain Version: 5.7.5
• From Google Play or F-Droid?: Google Play
• K9: 6.400

I have a similar issue to #2480 but I'm not sure if it is the same SQLite issue so I'm opening a fresh ticket. This may have broken due to the latest Android 13 security fix because nothing changed between yesterday when Password Store / OpenKeychain worked and today when they do not except for updating Android. I am able to repro this issue on a Pixel 6 and a Pixel 6a.

Expected Behavior

• Attempt to access a password in password store
• Unlock openkeychain with yubikey
• Password is shown

Current Behavior

• Attempt to access a password in password store
• Unlock openkeychain with yubikey
• Password is not shown

Possible Solution

Perhaps @natjms suggestion of a SQLite issue is relevant to my issue as well.

Steps to Reproduce (for bugs)

• See above

Your Environment

• Android 13
• Build number TQ1A.221205.011
• OpenKeychain 5.7 (from Fdroid)
• Android Password Store 1.13.5 (from Fdroid)

It would be nice to enable the function that makes your current keyboard e.g. Google keyboard go into incognito mode and disable automated word recognition.

Current Behavior

The automatic word learning that many people use to improve the correction of text can be a problem that affects privacy, as this collection of words is based on storing repeated phrases or frequently used, to solve this problem would enable the application itself to ask the keyboard to activate the incognito mode of the same, to avoid this collection of content, as normally in this application is usually write texts of a delicate character. Example of Gboard in incognito mode

My Environment

• Android Version: 11
• Device Model: Xiaomi Mi A3
• OpenKeychain Version: 5.7.5
• Source: Google play store

It is not possible to export a txt file encrypted in a .gpg as the original .txt file test.txt.gpg -> test.txt

Expected Behavior

Encrypted .txt file could saved as a decrypted .txt

Current Behavior

Openkeychain consider .txt file a content to be shared with messaging apps like Signal, but not as a .txt file that could be saved with file apps like "Simple File Manager". So it is not possible to have the original txt file straight away.

Possible Solution

Add a "save" button. This way, user can save txt file but are still able to export the content using share button.

Steps to Reproduce (for bugs)

1. download test.txt or create a new txt file containing any text of your choice
2. Encrypt test.txt with your key to have a gpg file = test.txt.pgp
3. Open test.txt.gpg using openkeychain's decryption function and unlock the key. Now the decrypted text is shown in the app
4. Press share button
5. Choose an app that manage files like Simple File Manager or Syncthing to save the original txt file
6. An error notification appears

Context

Some app save a backup of their data as a text file (with txt extension or with no extension at all like Android app "Native Alpha") so in this case the user want to have the original txt immediately available and not the text inside it

Your Environment

• Android Version: 10
• Device Model: Oppo CPH1931
• OpenKeychain Version: 5.7.5
• From Google Play or F-Droid?: fdroid