FFkeystore: application messages

Note:
You can search for application messages:
Enter at the end of this URL # + the messages ID
for example: #KS0004I
complete URL: http://fftools.eu/projects/FFkeystore/doc/application%20messages.html#KS0004I

The message ID consists of

List of all messages
1-10 11-20 21-30 31-40
KS0001E KS0011W KS0031E
KS0002E KS0012E KS0032E
KS0003E KS0013E KS0033E
KS0004I KS0014E KS0034E
KS0005E KS0015E KS0035E
KS0006I
KS0007W
KS0008W
KS0009W
KS0010E

msg id description
KS0001E No Password!

The application can only operate if you provide the key store store password. Enter it and press decrypt.
Note:
Since the app will frequently lock the key store automatically, which basically means, it will forget the key store password, you will have to enter it frequently

KS0002E No Pattern

For unsafe and ftN! Mode you need a pattern. It was automatically generated for you, you can check it in the Preferences window. If you don't like it, put in your own target pattern.

KS0003E INSECURE KEYSTORE !

The key store file is protected by a SHA-512 hash. If your hash does not match your key store file you will get KS0008W during program init procedure.
However, if you have enabled PARANOID:encrypted hash you can not recover from a "not matching" checksum file within the application. The application will refuse to load the key store file.

If you know why the key store file has changed and you think it is okay, you can do the following to recover from that problem:

  1. make a backup of the key store file
  2. open terminal
  3. change to the path where key store file resides:
    cd
    cd Library/Containers
    cd eu.fftools.Weisse-Rose.FFkeystore
    cd Data/Library/Preferences
  4. remove the checksum file:
    rm FFkeystore.checksum
  5. rename the key store file to same file but with the extension .RECOVER (all big letters):
    mv FFkeystore.plist FFkeystore.RECOVER
  6. if you want to do the rename within finder open the path with go to and rename the file
Note:
Make a backup before editing a key store file. ALWAYS. Note:
This is outdated as sandbox bullshit was disabled later on - this needs to be updated. (basically the key store files are now located in the documents folder)

KS0004I New salt was generated

This is just to inform you, that a new salt was generated. Since a new salt heavingly influences the key store password (when its length is below 32 chars), a new salt will make all passwords which were encrypted with the old key unavailable to you. If you need access to these passwords, you must install a previous version (aka restore a backup) of you key store file (which does contain the old salt)

KS0005E Keystore is corrupt!

You will see this message, if the keystore passes the inital hash check (hash is OK) but fields are missing from the keystore. This normally indicates a logic error. You can not continue until the problem is fixed, you should enable the debug mode and then inspect the logging output in console. You will may get hints where the problem is. Generally installing a backup is the preferred way to solve this. If the field which is missing is cleartext you may try to restore from a previous file. Note:
Make a backup before editing a key store file. ALWAYS.

KS0006I Key store setup complete

The setup is complete (mainly: a key store salt was generated and the target pattern was stored with your given key store password).

KS0007W Checksum file is missing

Normally a checksum file is store in same directory, where the key store ist saved. This file contains a SHA512 hash to notify you, when this file is changed outside the application. Note:
This will not protect you from changes a attacker can made if access to the local file system is obtained somehow. However - since your passwords are encrypted you can not change them without the master key (any chance would destroy them).

The hash is only there to protect you from hardware failures (read / write errors from the device) or if the file was changed outside the application (e.g. someone edited it with a text editor).

You have 2 choice to react to this messages:

  1. Readonly
    This will open the key store in readonly mode. You can access your passwords but you cant do any changes (add/delete/change) to your current passwords.
  2. Create
    If you had deleted the checksum file, you can created a new one with this option. If you are not sure why the checksum file is missing, choose readonly to inspect the file first or check your logs.

!!! WARNING !!!
Do not delete/change the checksum file if you have enabled the paranoid function "encrypted checksum". This saves second hash encrypted with you password in the checksum file. Additional steps must be taken, if your encrypted checksum does not match you unencrypted checksum and/or the checksum does not match your key store file. (see KS0003E if you have a problem with encrypted checksum)

KS0008W Checksum does not match

If the calculated checksum does not match your stored one, you can access with key store in read only mode (you can access your passwords but any change to the key store file is denied). There is no reason, why the checksum differs - be careful when this happens. If you know why the checksum is different from the last calculated (e.g. YOU have edited the key store file), you can remove the checksum file to get KS0007W during programm init procedure (which allows you to create a new checksum file).

!!! WARNING !!!
Do not delete/change the checksum file if you have enabled the paranoid function "encrypted checksum". This saves second hash encrypted with you password in the checksum file. Additional steps must be taken, if your encrypted checksum does not match you unencrypted checksum and/or the checksum does not match your key store file.
(see KS0003E if you have a problem with encrypted checksum)

KS0009W No changes allowed (read only mode)

The key store is currently in read only mode, which means, you can not apply any changes. This is normally cause by problem during the programm initialization phase, you must fix these problems to get an updatable key store.

You might want to look at KS0003E or KS0007W or KS0008W

KS0010E No valid key store

If problems occur during programm initialization, which do not allow to use the key store, the application will show this message and terminate afterwards. You need to fix the problem before you can access your keystore.

You might want to look at KS0003E or KS0007W or KS0008W

KS0011W Recover key store

There was an key store file with .RECOVER extension detected. You can recover this key file and a new encrypted checksum will be calculated (both: the current key store and the current checksum file will be overwritten).

If you cancel the recover here, the app will be terminated and nothing will be changed.

!!! WARNING !!!
This action is not recoverable. Please make sure that you have backups to fix and repeat the process in case of any further problems.

KS0012E File system error

This message is show when there is an error during a file system operation (rename, delete etc.) which must be fixed by the user first before the programm can continue. The programm will terminate after you have acknowledged the message.

Note:
You may see more information in the log (console).

KS0013E security integrity problem

There a some check points in the app, where cryptography best practices are checked. If those checks end negative the program will terminate with this message. Very likely a stupid programming error is the source of this - please report it (if you can reproduce it, please provide a debug log).

Another reason can be, that one security API has failed or given an not expected return code. Because cryptography is mostly a sequence of operations which ALL must not fail, there is no recovery from such an failure without the risk of compromising security - therefore the application will kill itself.

Sorry for the inconvenience but I think this is the only way to handle these kind of problems.

Note:
You may see more information in the log (console).

KS0014E Password can not be deleted

You can not remove password be low the minimal number of passwords, which es randomly created when the key store initially was created. The preloaded password are there to protect your real passwords. If you think this is to much, you first must lower the minimal number of passwords int the settings.

Sorry for the inconvenience but I think this is the only way to handle these kind of problems.

Note:
You may see more information in the log (console).

KS0015E Core dumps are enabled

If the application detects, that core dumps allowed, it presents this message. You must accept the risk (that the application is dumped during you password is availabe in cleartext) to continue. I recommend that you allow to disable core dumps (the application will try this before displaying this message)

Note:
This application does make a difference between core dumps (current process) and kernel dumps (whole machine). If the possibility for a kernel dump is detected you wont see a warning for core dumps (however: if you fix it bei either disabling kernel dumps or disabling the kernel dump check, the core dump warning becomes visible)

This also means, that if you get notified because of kernel dumps, there is at the same time a problem with core dumps too (the current app layout will display only one warning. You may check the log to see both at once)

KS0031E no card accessible

There is currently no smart card accessible.

Please check if

  • the card driver is supported by OS (try pcsctest in terminal)
  • a smart card is inserted
  • the smart card is support by the current sc driver
KS0032E not implemented by driver

The current function is not supported by the selected card and the selected driver. Further details will be given in the error message.

KS0033E card not supported

The inserted card is unknown and therefore not supported.

KS0034E malformed entry in sc driver

The current driver contains no valid data for the mentioned field.

KS0035E IO with card failed with rc

Accessing the smart card failed in the accessing api, you are provided with an return code.