Description
Describe the bug
Adding additional users to a subfolder does not work. The .gpg-id file gets created with the proper key thumbprints, the re-encrypt process appears to happen (I have to touch my YubiKey once per entry in the folder), but neither existing nor new entries are ever accessible with the additional key. Everything is still only encrypted to the parent folder.
To Reproduce
Steps to reproduce the behavior:
- Start with an existing pass store, encrypted to one user key. Let's call it Key 1.
- Generate a keypair, Key2, in Kleopatra and make sure it works to encrypt and decrypt data everywhere but QtPass
- Create a subfolder, lets call it TestFolder, within the existing password store
- Create some entries in TestFolder
- Right click TestFolder in QtPass and click Users
- Key1 is already checked. Check Key2 and close.
- If any entries already exist, it will make you unlock Key1 with its passphrase. If Key1 is on a YubiKey with a touch policy you'll have to touch the YubiKey once per each entry that exists in TestFolder. So it seems to be re-encrypting everything
- Check the .gpg-id in TestFolder, Key1 and Key2 are both there
- Try to open one of the entries, it will only allow you to decrypt it with Key1.
- Create a new entry in TestFolder
- Even the new entry is only able to be decrypted with Key1
- Right click TestFolder and go to users - you'll see it doesn't even show Key2 checked
Expected behavior
QtPass should encrypt to the user keys that were selected for that folder, not the root folder of the password store.
Desktop (please complete the following information):
- Windows 11 Pro with gpg4win
Additional context
The issue completely breaks varying user access to different folders. It is present on the new draft 1.4.0 as well as the stable 1.3.2