Manual Password Setup?

[admiralspeedy]

Am I crazy or has the process of storing your account password been changed to a more annoying manual process?

I haven't used ASF for quite a while, like two or three years but in the past I used to configure my bot to use ProtectedDataForCurrentUser, start ASF, enter my password, approve the sign in with the Steam app on my phone and it would seemingly store that information itself and I wouldn't have to enter my password or approve the sign in again on subsequent runs of ASF.

I just set ASF up again today and tried this and was met with an error about an invalid password string and it turns out it was because I had to use the encrypt command to encrypt my password and then put it in the bot's JSON file myself? I absolutely never had to do this before.

[JustArchi]

No, you're likely mixing things up. The only thing that has changed was the encrypt command which now works with password to encrypt - previously it was in fact more troublesome since you had to put password in the config first, use the command, then put encrypted password in the config again.

Inputting invalid password in the config causes ASF to fail decryption process, which obviously gives you an error. Perhaps back then you skipped having password in the config entirely - in this case indeed, there was no error, because there was no password to decrypt. Thing is, with no password to use, you're relying on login keys, which will sooner or later expire and you'll have to enter the password anyway to log in.

The proper mechanism is explained on the wiki, and it involves doing two things:

• Using encrypt command to generate encrypted string using chosen method
• Changing Password to encrypted string, and PasswordFormat to the chosen method

I wouldn't consider the above "annoying". If you don't want to store the password in the config, then don't do it, and don't use encryption at all - nobody is forcing you to do either.

[JustArchi]

You're positive of this, yet you didn't carefully check if what you're stating is truly correct.

The difference comes from the fact that you didn't input any password back then, and now you did. I've just followed your instructions with the latest version of ASF and got exactly the same result as your "old one" - no error for decryption, because the password isn't there. I could log in with no password prompt past the first attempt, want to know why?

It's not black magic. If you omit the password then ASF works purely on login keys mechanism, and it will ask you for password again in a month or so when that login key expires - as I told you already. Moreover, your encryption makes very little sense, you'd get exactly the same result by not using encryption at all, you could just omit the password. So what happens if you do put password in the config? ASF will try to read it using your specified password format. If it fails to do so, because you've put wrong value there (invalid encrypted string), then it'll tell you so with an error, and then proceed the same as if you didn't put any password at all. This is why it continues to work, and if it doesn't, then that's because login key expired, NOT because this mechanism changed between old and current version.

In fact, when omitting password but using encrypted password format, you're effectively encrypting those login keys in Bot.db file exclusively, because the password isn't there to begin with. The whole point of encryption is to use password in the config, but in encrypted form, if you just want to omit the password then you don't need any encryption at all for doing that.

As I said originally, you're not doing the same thing now as you did before. You're mixing two things up, one not using the password at all, and second believing that password format alone changes logging mechanism used by ASF - it does not, never did, all it does is it tells ASF how to read SteamPassword and sensitive details from Bot.db - if those exist to begin with, that is.

[admiralspeedy]

I don't think you understand my post actually. I downloaded ASF and created the following config:

{
	"Enabled": true,
	"OnlineStatus": 7,
	"PasswordFormat": 2,
	"SteamLogin": "redacted"
}

I launched ASF and it asked for my password:

I enter my password, approve the sign in on my phone, type "Y" into the terminal, and then ASF starts idling:

If I close and re-open ASF I get this:

I have to enter my password and approve the sign in again.

You seem to be under the impression that this time around I was putting something in the bot config for a password right from the get go, but I wasn't. I didn't put it in the config until after I ran into these errors and read through the Security portion of the Wiki again.

Previously, I never had these errors and I never had to put an encrypted password in the bot config, all I did was enter my password, enter a Steam guard code and every subsequent time I opened ASF I was logged in automatically.

[JustArchi]

It surprises me how you have very clear message describing what is happening, yet you're under impression you know better. This problem comes from the fact that you're changing PasswordFormat from one format to another after already logging in once, and therefore having login keys saved in Bot.db file. Since password format affects not only password but also the method used for storing other sensitive details - after changing the method, ASF is unable to decrypt those sensitive details, which happens once after changing format, and continues to operate normally afterwards.

So yes, once again you confirmed that you did something else than in your reproduction steps - "run ASF for the first time" would not cause that, as there'd be no Bot.db file present in the config folder from the previous run, so also no login keys being unable to be decrypted due to password format method being changed.

[admiralspeedy]

I didn't change anything? If you actually read and look at what I posted, I have PasswordFormat set to 2 right from the beginning...

The first launch of ASF produces no errors, but subsequent ones do, without changing anything. This is on a clean copy of ASF before bot.db has even been generated.

[JustArchi]

Well then your Windows OS doesn't persist same credentials for further encryption and decryption attempts, and you can't use password format of 2. The error you mentioned should pop up just once after setting up password format. Try with AES (1) instead.