1Password command-line tool version 0.6!

cohixcohix

Team Member

Happy August, I'm coming to you live from an unseasonably cold southern Canada where version 0.6 of the 1Password command-line tool has been released!

This release has a metric ton of under-the-hood changes. As some of you who frequent this forum may know, the CLI and the SCIM bridge share a huge chunk of code, and all of the internal improvements to that code that we made to help the SCIM bridge, are now included in the CLI as well. There are however some things that you, the CLI user, will care about, too!

We made searching through items faster. If you look up an item by title, url, etc, the command-line tool will now get you those results faster, which includes listing items. We're continuing to work on the performance of the CLI, so stay tuned.

No more pesky 6-digit codes! We now only make you enter your 2FA code one time, and thereafter the CLI will only need your master password to sign in.

And lastly we have added some safety checks when creating new items which will ensure that the JSON you feed into them will be valid and won't break anything!

Please do give us your feedback in this forum category, and give 0.6 a try!

Comments

  • I'm trying to verify verify the signature using the instructions at https://support.1password.com/command-line-getting-started/, but I get "gpg: key 0xAC2D62742012EA22: new key but contains no user ID - skipped".

  • Harry_AGHarry_AG

    Team Member

    Hi @matijsvanzuijlen, welcome to the forum! I just tried it out and it seemed to work on my end and the code signing key definitely has a user ID, so I wonder if the keyserver that gpg is set to use on your computer is taking out the user ID.

    Could you try using a different keyserver to see if that works for you? The Ubuntu keyserver worked fine for me:

    gpg --keyserver hkp://keyserver.ubuntu.com --receive-keys 3FEF9748469ADBE15DA7CA80AC2D62742012EA22
    

    Let me know how you get on :)

  • Thanks @Harry_AG, that worked!

    (As far as I can tell, my system uses the keys.openpgp.org keyserver by default).

  • ag_anaag_ana

    Team Member

    @matijsvanzuijlen, on behalf of Harry_AG, you are very welcome!

    If you have any other questions, please feel free to reach out anytime.

    Have a wonderful day :)

  • Hello,

    I too am attempting to verify the signature for op. I think I've imported the public key correctly (by running the following):
    gpg --keyserver hkp://keyserver.ubuntu.com --receive-keys 3FEF9748469ADBE15DA7CA80AC2D62742012EA22

    Yet when I verify the signature I get the following response:
    gpg: Signature made Fri Aug 23 06:04:10 2019 PDT gpg: using RSA key 3FEF9748469ADBE15DA7CA80AC2D62742012EA22 gpg: Good signature from "Code signing for 1Password <[email protected]>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 3FEF 9748 469A DBE1 5DA7 CA80 AC2D 6274 2012 EA22

    I'm running gpg (GnuPG/MacGPG2) 2.2.17 on Mac 10.4.6.

    If there's any other information I can give, please let me know.
    Best,
    Josh

  • Harry_AGHarry_AG

    Team Member
    edited September 13

    Hey @jeveleth, I'm sorry for the trouble!

    This is something that's expected. GPG has checked the op binary signature and, using the key you imported in the previous step, has calculated that the signature is good:

    gpg: Signature made Fri Aug 23 06:04:10 2019 PDT gpg: using RSA key 3FEF9748469ADBE15DA7CA80AC2D62742012EA22
    gpg: Good signature from "Code signing for 1Password "
    

    The issue arises because GPG itself doesn't know whether or not to trust the key that signed the binary. But that's not something you should worry about as you are able to trust the key yourself — jpgoldberg went into the reasons why (and a bit of history of PGP) over in this thread.

    If you've got any questions about the explanation in the other thread or anything else, do reach out to us and we'll be here to help :chuffed:

  • Thanks!

  • brentybrenty

    Team Member

    On behalf of Henry, you're very welcome. Cheers! :)

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file