Using 1Password 6 away from home

I need to access my 1Password 6 vault by logging in to my Dropbox sync folder from computers that I don't own and that don't have the 1Password application software. Searches reveal that 1PasswordAnywhere used to allow this, but does not work with OPvault. I have tried reverting my vault to .agilekeychain so that I can use 1PasswordAnywhere, but when the browser page opens I get an error saying that there was a problem loading the EncryptionKeys.js file.

Any suggestions for fixing this issue would by very welcome!

Comments

  • brentybrenty

    Team Member

    @archiemac: It sounds like you're on the right track. Perhaps the biggest hurdle to using 1PasswordAnywhere is that modern browsers restrict local file access, so if you're trying to open it from the Dropbox folder on your computer (or using the Dropbox app), it will not be able to actually load your data. Is that perhaps the issue you're having? Instead, try opening 1Password.html inside your .agilekeychain through the Dropbox website and let me know if that helps! :)

  • @brenty > Thanks for the quick reply. As you describe, I did open the 1Password.html file from the same folder as .agilekeychain through the Dropbox site. It appeared to be working, as the 1Password gui displayed in the browser page; but a message popped up, saying 'there was a problem loading the encryptionKeys.js file', and when I tried to open the gui, an error message said that a critical file was missing.

    I thought I might delete everything and reinstall from scratch with the software configured to use .agilekeychain - but am I missing some other fix I could try first?

  • @brenty > Further research suggests this may be a long-running issue due to changes made by Dropbox breaking 1PasswordAnywhere, followed by Dropbox issuing ad hoc fixes at your request, the last, it seems, being about five months ago:

    https://discussions.agilebits.com/discussion/45447/1passwordanywhere-is-not-working-on-dropbox-dropbox-has-fixed-this-for-us-it-should-work-now

    https://discussions.agilebits.com/discussion/45428/1passwordanywhere-not-working-with-dropbox-2015-08-07-working-again-fix-deployed-by-dropbox

    https://discussions.agilebits.com/discussion/48454/1passwordanywhere-not-working-with-dropbox-resolved-usage-issues-with-chrome-45-firefox-41

    Are you getting reports of a recurrence?

    (I've tried opening 1Password.html in Safari, but there I get a blank page, because the scripts are blocked, with the error <the document's frame is sandboxed and the 'allow-scripts' permission is not set>. )

    I bought a licence for the Mac version of the software, as my own main machine is a Mac; but I understood that I would be able to access my 1Password vault to log in to various web accounts away from base on machines I did not own, using the web interface run from Dropbox. Is it the case that I can currently only access my vault from devices I own on which 1Password software is installed? Does AgileBits offer a way for users to access the contents of their vaults from other devices?

    If this functionality is permanently broken, and AgileBits has no alternative to offer, I'm going to have to put the waste of the licence fee down to experience, and look for an alternative that has greater flexibility. :(

  • brentybrenty

    Team Member

    Further research suggests this may be a long-running issue due to changes made by Dropbox breaking 1PasswordAnywhere, followed by Dropbox issuing ad hoc fixes at your request, the last, it seems, being about five months ago: [...] Are you getting reports of a recurrence?

    @archiemac: I haven't seen reports that 1PasswordAnywhere isn't working through the Dropbox site again...but since you mentioned it I just went and tested it in all the browsers myself, just to be sure. Whew! It appears to be working, so it isn't clear where you're running into trouble. To be clear, I tested this in Safari, Chrome, and Firefox on OS X, and I was able to access my vault through the Dropbox website.

    (I've tried opening 1Password.html in Safari, but there I get a blank page, because the scripts are blocked, with the error <the document's frame is sandboxed and the 'allow-scripts' permission is not set>. )

    Safari is the most permissive. In fact, 1PasswordAnywhere will work from the local filesystem there, so the fact that you're getting an error gives me pause. Do you perhaps have custom settings, other extensions, or 'security' software that might be interfering? Or is your vault incomplete for some reason — literally, missing some files, such as encryptionkeys.js? Are you syncing your complete vault between devices using Dropbox?

    I bought a licence for the Mac version of the software, as my own main machine is a Mac; but I understood that I would be able to access my 1Password vault to log in to various web accounts away from base on machines I did not own, using the web interface run from Dropbox.

    Accessing sensitive data on an untrusted computer isn't something we'd ever recommend. Just something to keep in mind.

    Is it the case that I can currently only access my vault from devices I own on which 1Password software is installed? Does AgileBits offer a way for users to access the contents of their vaults from other devices?

    We've got apps for OS X, Windows (including phones and tablets), Android, and iOS. The mobile apps are free (with an in-app purchase for advanced features), and the desktop apps have a free trial. It is always a much better idea to access your vault from a device you control.

    If this functionality is permanently broken, and AgileBits has no alternative to offer, I'm going to have to put the waste of the licence fee down to experience, and look for an alternative that has greater flexibility. :(

    If all you want is to access your vault in read-only mode (via 1PasswordAnywhere or a free/trial version), you really don't need a license. But we absolutely appreciate your support regardless!

    If you're still having trouble, the best thing to do will be to generate a diagnostic report and send it to [email protected] so we can look at the logs to determine exactly what is happening:

    Sending Diagnostics Reports (Mac)

    Just be sure to include a link to this forum thread and your username in the email so we can 'connect the dots'. We will get to the bottom of this! :)

  • archiemacarchiemac
    edited January 2016

    @brenty Thanks for your detailed reply. I'll try to answer your questions...

    I've been trying to run 1PasswordAnywhere from the Dropbox web site, not from the local file system.

    Q: "Do you perhaps have custom settings, other extensions, or 'security' software that might be interfering?"
    A: I've tried running 1PasswordAnywhere on an Apple Mac in Chrome with all extensions disabled, on a Debian machine in Iceweasel (Firefox), and on a vanilla install of Firefox on another Linux machine, with the same error - can't load encryptionKeys.js

    Q: "Or is your vault incomplete for some reason — literally, missing some files, such as encryptionkeys.js?"
    A: 1Password.agilekeychain/data/default contains 6 files, including encryptionKeys.js

    Q: "Are you syncing your complete vault between devices using Dropbox?"
    A: Yes, as per the installation guide.

    Q: "Accessing sensitive data on an untrusted computer isn't something we'd ever recommend. Just something to keep in mind... We've got apps for OS X, Windows... It is always a much better idea to access your vault from a device you control."
    A: When I'm off site, or doing talks or demos, I have to use the computers provided, and I have to log in to web sites, for example, to download software or data files or to show techniques or examples. I can't install your software on these machines, but having access to my login credentials is essential. Hence my concern about this functionality - its absence is a deal-breaker.

    I've sent the diagnostic report from my Apple Mac - which, of course, has the app installed but is not the machine I need web access from.

    Hope you can help!

  • brentybrenty

    Team Member

    I've been trying to run 1PasswordAnywhere from the Dropbox web site, not from the local file system.

    @archiemac: Sorry. The point I was trying to make in my last post is that Safari will load 1PasswordAnywhere just fine even locally, but for some reason it is resulting in an error on your machine. That's baffling.

    A: 1Password.agilekeychain/data/default contains 6 files, including encryptionKeys.js

    Do you really only have 3 items stored in 1Password? 3 files there will be for the contents, keys, and backup.

    A: When I'm off site, or doing talks or demos, I have to use the computers provided, and I have to log in to web sites, for example, to download software or data files or to show techniques or examples. I can't install your software on these machines, but having access to my login credentials is essential. Hence my concern about this functionality - its absence is a deal-breaker.

    Understood. I just want to make the risks clear. Even if you're already aware, someone else reading this discussion may not be. If you must do this, consider using the (free) mobile app to view the data or making a separate vault with only the credentials needed to share via Dropbox (preferably not your personal account, since your credentials could be captured on a strange machine).

    I've sent the diagnostic report from my Apple Mac - which, of course, has the app installed but is not the machine I need web access from.

    While I'm not seeing a message from this address (please post the Support ID you received so I can track it down right away), it would definitely be more helpful to have diagnostics from the computer where you're having the issue. Are you able to load 1PasswordAnywhere in Safari on the Mac you sent this from? Even if you don't plan on using it there normally, that may help narrow things down (if it works, we know the vault is good; if it doesn't, it may be a similar issue to what you're experiencing on others). Please let me know! :)

  • archiemacarchiemac
    edited January 2016

    @brenty > Thanks for the reply. Some answers...

    "Do you really only have 3 items stored in 1Password? 3 files there will be for the contents, keys, and backup."
    Yes, I'm experimenting to make sure things work before I transfer large amounts of data.

    "If you must do this, consider using the (free) mobile app to view the data or making a separate vault with only the credentials needed"
    Good plan. Since I'm still testing how things work, I haven't committed anything important to the default vault yet, and hadn't got as far as investigating the idea of using multiple vaults in the sensible way you describe.

    "please post the Support ID"
    It is ZSG-15731-811

    "Are you able to load 1PasswordAnywhere in Safari on the Mac you sent this from?"
    If I open the 1Password,html file that's in my local Dropbox folder (in Finder) it behaves as it does on all the other machines and browsers I've tried:
    it displays the GUI front end, with this message over it:

    [[ Problem loading 1Password data file
    A key data file could not be loaded and 1PasswordAnywhere cannot continue without it.
    Please see this help guide for troubleshooting tips. ]]

    The words "key data file" are a hyperlink to where 1PasswordAnywhere is expecting to find the local file:
    file:///Users/[myname]/Dropbox/Apps/1Password/data/default/encryptionKeys.js
    But this path is incorrect, and should be
    file:///Users/[myname]/Dropbox/Apps/1Password/1Password.agilekeychain/data/default/encryptionKeys.js

  • @benty > The relative path was the issue. I've put the html file inside the 1Password.agilekeychain 'folder' (actually a package on the Mac), and it now works!. :chuffed:

    The instructions I followed were not as clear as they might have been in regard to placing the html file inside the 1Password.agilekeychain package on a Mac.

    Anyway, all's well now. Many thanks for your assistance.

  • @benty I should make clear for the sake of anyone reading this thread that on Dropbox, the 1Password.html file should be in

    /home/apps/1Password/1Password.agilekeychain/

    along with the /data folder

  • BenBen AWS Team

    Team Member

    Excellent. Thanks for the update @archiemac! I'm gla to hear placing the 1Password.html file inside the 1Password.agilekeychain package resolved this issue for you. It sounds like you have a good approach, as far as limiting the credentials that are available in the keychain that you'll be accessing from untrusted machines.

    Ben

  • brentybrenty

    Team Member

    @archiemac: Ah, that explains it. I believe that our documentation is correct on this, and I did mention it in my initial reply that 1Password.html needs to be opened from inside the .agilekeychain vault. Please let me know if there's an oversight in the knowledgebase so I can fix it! Thanks for letting us know that worked for you. :)

  • archiemacarchiemac
    edited January 2016

    @brenty > Yes, now that I read your instructions again, this time with my new-found knowledge, it's clear what you meant. I think the problem is that for a newbie the terminology is opaque - especially if, like me, you install the 1Password 6 app first, and then have to work out how to convert OPvault to .agilekeychain and to obtain and install 1PasswordAnywhere, which is deprecated/obsoleted for version 6, and not mentioned in the latest user guide. (The fact that it has been obsoleted also creates confusions when one tries to make sense of search results on the forum.)

    Essentially, it's the classic problem for all technical writers: the folk who write the guides know the system inside out, understand all the concepts, and have a rich mental map of the whole system and how it has changed over time. Newbies have absolutely no idea about any of this, and rely on the concepts they bring from their past experience to understand the words - and this may easily lead them astray!

    I think what confused me was the use of the term 'vault'. If you are a newbie, you may not initially be aware that 'vault' is a technical term for an encrypted directory - especially when the item referred to looks like a file in Finder. I suppose I assumed that 'vault' was what the tech guys at AgileBits called this oddly named file. Indeed, the support page about OPvault refers to .opvault as a file format:

    "OPVault” can refer both to the data security design used in 1Password and it to a particular file format typically with the filename extension .opvault."

    Additionally, for someone used to files being grouped in 'directories' (the standard term on unix-like systems) or 'folders' (as Mac and Win call them), it's not immediately obvious that a 'package' (Mac) can be treated in the same way, and have files added to it without breaking how the 'package' works. (On unix-like systems, users had better not go messing around with what's inside 'packages', which are the installation containers for, say, an application, and contain all the other software and libraries on which that application depends in order to work correctly. Another subtle conceptual difference that turns out to be a minefield!)

    After several days of experimenting and googling, you start to build up a mental map of the concepts being used, and appreciate how their meanings differ subtly from what you're expecting them to mean. Daylight dawned for me while I was looking at the directory structure on Dropbox, and I realised that 1Password.agilekeychain was being treated there as a directory. Doh! The meaning of your advice suddenly made a different sense!

    So, I'm sorry I stumbled past your signpost in the darkness of my initial ignorance; but I'm glad I reached the destination eventually. And I am grateful for your continued patience despite my frustration and irritation!

    Many thanks!!!

  • brentybrenty

    Team Member

    @brenty > Yes, now that I read your instructions again, this time with my new-found knowledge, it's clear what you meant. I think the problem is that for a newbie the terminology is opaque - especially if, like me, you install the 1Password 6 app first, and then have to work out how to convert OPvault to .agilekeychain and to obtain and install 1PasswordAnywhere, which is deprecated/obsoleted for version 6, and not mentioned in the latest user guide. (The fact that it has been obsoleted also creates confusions when one tries to make sense of search results on the forum.)

    @archiemac: Ah, understood. We're not trying to encourage people to use AgileKeychain/1PasswordAnywhere going forward since (as you've seen) it may break at anytime in Dropbox. But of course that's what we're here for: to answer questions and help in any way we can. I'm sorry if I caused unnecessary confusion. :(

    Essentially, it's the classic problem for all technical writers: the folk who write the guides know the system inside out, understand all the concepts, and have a rich mental map of the whole system and how it has changed over time. Newbies have absolutely no idea about any of this, and rely on the concepts they bring from their past experience to understand the words - and this may easily lead them astray!

    You're absolutely right! Thanks for the feedback!

    Additionally, for someone used to files being grouped in 'directories' (the standard term on unix-like systems) or 'folders' (as Mac and Win call them), it's not immediately obvious that a 'package' (Mac) can be treated in the same way, and have files added to it without breaking how the 'package' works. (On unix-like systems, users had better not go messing around with what's inside 'packages', which are the installation containers for, say, an application, and contain all the other software and libraries on which that application depends in order to work correctly. Another subtle conceptual difference that turns out to be a minefield!)

    This is a great point, but I think you may be in the minority. I find that when I have referred to an OS X "package" people think I'm a crazy person ("It's a file/folder/directory!") But of course that's just what it is! :lol:

    After several days of experimenting and googling, you start to build up a mental map of the concepts being used, and appreciate how their meanings differ subtly from what you're expecting them to mean. Daylight dawned for me while I was looking at the directory structure on Dropbox, and I realised that 1Password.agilekeychain was being treated there as a directory. Doh! The meaning of your advice suddenly made a different sense!
    So, I'm sorry I stumbled past your signpost in the darkness of my initial ignorance; but I'm glad I reached the destination eventually. And I am grateful for your continued patience despite my frustration and irritation!

    No worries! I only wish you'd asked for clarification on my cryptic comment sooner, so I could have saved you some effort...but of course there is a certain self-satisfaction that comes with this sort of revelation as well. So I'm glad that it all came together in the end — and that this discussion is here for future generations to benefit from it. :chuffed:

This discussion has been closed.