macOS keychain troubles: stores empty credentials?

I’m trying to init the storage and get duplicacy to use the keychain to store and retrieve credentials.

  1. init:
    % rm -rf .duplicacy/preferences 
    % ~/Downloads/duplicacy_osx_x64_3.2.0 -d init test storj://12EayRS2V1kEsWESU9QMRseFhdxYxKicsiFmxrsLZHeLUtdps3S@us1.storj.io:7777/duplicacy/duplicacy
    Reading the environment variable DUPLICACY_STORJ_KEY
    Enter the API access key: [snip]
    Reading the environment variable DUPLICACY_STORJ_PASSPHRASE
    Enter the passphrase: [snip]
    Chunk read levels: [1], write level: 1
    The storage 'storj://12EayRS2V1kEsWESU9QMRseFhdxYxKicsiFmxrsLZHeLUtdps3S@us1.storj.io:7777/duplicacy/duplicacy' has already been initialized
    Compression level: 100
    Average chunk size: 4194304
    Maximum chunk size: 16777216
    Minimum chunk size: 1048576
    Chunk seed: 6475706c6963616379
    Hash key: 6475706c6963616379
    ID key: 6475706c6963616379
    /Users/[snip]/Downloads/new-storj will be backed up to storj://12EayRS2V1kEsWESU9QMRseFhdxYxKicsiFmxrsLZHeLUtdps3S@us1.storj.io:7777/duplicacy/duplicacy with id test
    

  2. Check right away:
    % ~/Downloads/duplicacy_osx_x64_3.2.0 -d list
    Storage set to storj://12EayRS2V1kEsWESU9QMRseFhdxYxKicsiFmxrsLZHeLUtdps3S@us1.storj.io:7777/duplicacy/duplicacy
    Reading the environment variable DUPLICACY_STORJ_KEY
    Failed to get the value from the keyring: keyring: Password not found
    Enter the API access key:
    

  3. Looking at the keychain, there is a new entry at the right date, but data is missing:
    % security find-generic-password -a storj_key
    keychain: "/Users/[snip]/Library/Keychains/login.keychain-db"
    version: 512
    class: "genp"
    attributes:
        0x00000007 <blob>="duplicacy"
        0x00000008 <blob>=<NULL>
        "acct"<blob>="storj_key"
        "cdat"<timedate>=0x32303233313030313034343830395A00  "20231001044809Z\000"
        "crtr"<uint32>=<NULL>
        "cusi"<sint32>=<NULL>
        "desc"<blob>=<NULL>
        "gena"<blob>=<NULL>
        "icmt"<blob>=<NULL>
        "invi"<sint32>=<NULL>
        "mdat"<timedate>=0x32303233313030313034353131365A00  "20231001045116Z\000"
        "nega"<sint32>=<NULL>
        "prot"<blob>=<NULL>
        "scrp"<sint32>=<NULL>
        "svce"<blob>="duplicacy"
        "type"<uint32>=<NULL>
    

  4. Duplicacy executable is from the GitHub:
    % codesign -vvv ~/Downloads/duplicacy_osx_x64_3.2.0
    /Users/[snip]/Downloads/duplicacy_osx_x64_3.2.0: valid on disk
    /Users/[snip]/Downloads/duplicacy_osx_x64_3.2.0: satisfies its Designated Requirement
    

  5. I’m using released current version of macOS:
    % sw_vers
    ProductName:		macOS
    ProductVersion:		14.0
    BuildVersion:		23A344
    

I already had a bad experience trying to make duplicacy work with keyring on Linux (macOS’s cousin):

At the time I gave up and configured keys with write-only permission in the preferences file and, with the RSA key, no one could restore my backups if they had read access to the storage through the machine that makes the backups.

Following this topic here with interest… :wink:

Check /var/log/system.log. After you enter the correct credentials, there should be error messages there if the CLI fails to store them in keychain.

There is nothing logged in /var/log/system.log during the storage init. The keychain item gets created successfully, it’s just its password field is empty.

The init command does not save the password. Does it ask you for the password the second time you run list?

Why though? Init creates a keychain item, but is not supposed to save password? Why does it create a keychain item then?

But no, list also does not save the credentials:

 % ~/Downloads/duplicacy_osx_x64_3.2.0 -d list
Storage set to storj://12EayRS2V1kEsWESU9QMRseFhdxYxKicsiFmxrsLZHeLUtdps3S@us1.storj.io:7777/duplicacy/duplicacy
Reading the environment variable DUPLICACY_STORJ_KEY
Failed to get the value from the keyring: keyring: Password not found
Enter the API access key: [snip]
Reading the environment variable DUPLICACY_STORJ_PASSPHRASE
Failed to get the value from the keyring: keyring: Password not found
Enter the passphrase:[snip]
Chunk read levels: [1], write level: 1
Compression level: 100
Average chunk size: 4194304
Maximum chunk size: 16777216
Minimum chunk size: 1048576
Chunk seed: 6475706c6963616379
Hash key: 6475706c6963616379
ID key: 6475706c6963616379
id: test, revisions: [], tag: , showFiles: false, showChunks: false
Listing revisions for snapshot test

 % ~/Downloads/duplicacy_osx_x64_3.2.0 -d list
Storage set to storj://12EayRS2V1kEsWESU9QMRseFhdxYxKicsiFmxrsLZHeLUtdps3S@us1.storj.io:7777/duplicacy/duplicacy
Reading the environment variable DUPLICACY_STORJ_KEY
Failed to get the value from the keyring: keyring: Password not found
Enter the API access key:^C%

 % tail /var/log/system.log
Oct  2 18:42:24 obsidian syslogd[138]: ASL Sender Statistics
Oct  2 18:52:30 obsidian syslogd[138]: ASL Sender Statistics
Oct  2 19:00:45 obsidian awdd[523]: Diagnostics Report
Oct  2 19:02:34 obsidian syslogd[138]: ASL Sender Statistics
Oct  2 19:13:04 obsidian syslogd[138]: ASL Sender Statistics
Oct  2 19:23:27 obsidian syslogd[138]: ASL Sender Statistics
Oct  2 19:29:39 obsidian login[43512]: USER_PROCESS: 43512 ttys000
Oct  2 19:33:32 obsidian syslogd[138]: ASL Sender Statistics
Oct  2 19:43:43 obsidian syslogd[138]: ASL Sender Statistics
Oct  2 19:53:45 obsidian syslogd[138]: ASL Sender Statistics

Indeed, looking here: https://github.com/gilbertchen/duplicacy/blob/fd3bceae19c544f689afe36afcc45bda97903fd7/src/duplicacy_storage.go#L743C1-L759C22 duplicacy indeed does not save password for storj to keychain, unlike every single other backend does. Why?

I’ll fix this tomorrow and release a new CLI version.

2 Likes

This has been fixed in Release Duplicacy Command Line Version 3.2.2 · gilbertchen/duplicacy · GitHub. Thanks for find the source of the issue!

2 Likes

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.