1Password command-line tool version 0.6!

cohix
cohix
1Password Alumni
edited September 2019 in CLI

Happy August, I'm coming to you live from an unseasonably cold southern Canada where version 0.6 of the 1Password command-line tool has been released!

This release has a metric ton of under-the-hood changes. As some of you who frequent this forum may know, the CLI and the SCIM bridge share a huge chunk of code, and all of the internal improvements to that code that we made to help the SCIM bridge, are now included in the CLI as well. There are however some things that you, the CLI user, will care about, too!

We made searching through items faster. If you look up an item by title, url, etc, the command-line tool will now get you those results faster, which includes listing items. We're continuing to work on the performance of the CLI, so stay tuned.

No more pesky 6-digit codes! We now only make you enter your 2FA code one time, and thereafter the CLI will only need your master password to sign in.

And lastly we have added some safety checks when creating new items which will ensure that the JSON you feed into them will be valid and won't break anything!

Please do give us your feedback in this forum category, and give 0.6 a try!

Updates : 0.6.1 and 0.6.2 have also since been released!

Comments

  • matijsvanzuijlen
    matijsvanzuijlen
    Community Member

    I'm trying to verify verify the signature using the instructions at https://support.1password.com/command-line-getting-started/, but I get "gpg: key 0xAC2D62742012EA22: new key but contains no user ID - skipped".

  • Hi @matijsvanzuijlen, welcome to the forum! I just tried it out and it seemed to work on my end and the code signing key definitely has a user ID, so I wonder if the keyserver that gpg is set to use on your computer is taking out the user ID.

    Could you try using a different keyserver to see if that works for you? The Ubuntu keyserver worked fine for me:

    gpg --keyserver hkp://keyserver.ubuntu.com --receive-keys 3FEF9748469ADBE15DA7CA80AC2D62742012EA22
    

    Let me know how you get on :)

  • matijsvanzuijlen
    matijsvanzuijlen
    Community Member

    Thanks @Harry_AG, that worked!

    (As far as I can tell, my system uses the keys.openpgp.org keyserver by default).

  • ag_ana
    ag_ana
    1Password Alumni

    @matijsvanzuijlen, on behalf of Harry_AG, you are very welcome!

    If you have any other questions, please feel free to reach out anytime.

    Have a wonderful day :)

  • jeveleth
    jeveleth
    Community Member

    Hello,

    I too am attempting to verify the signature for op. I think I've imported the public key correctly (by running the following):
    gpg --keyserver hkp://keyserver.ubuntu.com --receive-keys 3FEF9748469ADBE15DA7CA80AC2D62742012EA22

    Yet when I verify the signature I get the following response:
    gpg: Signature made Fri Aug 23 06:04:10 2019 PDT gpg: using RSA key 3FEF9748469ADBE15DA7CA80AC2D62742012EA22 gpg: Good signature from "Code signing for 1Password <codesign@1password.com>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 3FEF 9748 469A DBE1 5DA7 CA80 AC2D 6274 2012 EA22

    I'm running gpg (GnuPG/MacGPG2) 2.2.17 on Mac 10.4.6.

    If there's any other information I can give, please let me know.
    Best,
    Josh

  • SvenS1P
    edited September 2019

    Hey @jeveleth, I'm sorry for the trouble!

    This is something that's expected. GPG has checked the op binary signature and, using the key you imported in the previous step, has calculated that the signature is good:

    gpg: Signature made Fri Aug 23 06:04:10 2019 PDT gpg: using RSA key 3FEF9748469ADBE15DA7CA80AC2D62742012EA22
    gpg: Good signature from "Code signing for 1Password "
    

    The issue arises because GPG itself doesn't know whether or not to trust the key that signed the binary. But that's not something you should worry about as you are able to trust the key yourself — jpgoldberg went into the reasons why (and a bit of history of PGP) over in this thread.

    If you've got any questions about the explanation in the other thread or anything else, do reach out to us and we'll be here to help :chuffed:

  • jeveleth
    jeveleth
    Community Member

    Thanks!

  • AGAlumB
    AGAlumB
    1Password Alumni

    On behalf of Henry, you're very welcome. Cheers! :)

This discussion has been closed.