“Failed to Decrypt” Error Message
When using the OS X keychain, several configuration and MobileMe data synchronization problems can occur and you may see a “Failed to Decrypt” error message in the browser or within the 1Password application.
Note: These issues are only present when using the OS X Keychain. The Agile Keychain was created in order to solve these issues and we strongly recommend upgrading to it if you encounter them.
What Does the Decryption Error Mean?
When using the OS X keychain, 1Password uses the Mac OS X Keychain Services to store and access all your data. When something goes wrong, the API returns us a numeric result code which is displayed in the error message. We have encountered and documented a few of these error codes and their probably causes:
Decryption Error -67061
In our experience this is related to an incorrect application signature of Safari. It is important that the Safari’s code signature is valid. See the Invalid Code Signature article for details on confirming that this is the issue and how to fix it.
Decryption Error -61
This is usually a permissions issue on the 1Password keychain file. Use Finder to verify you have read and write permission on this file:
Library > Keychains > 1Password.keychain
This problem is most often caused by a bug in Leopard that causes all your processes to be run as the root super user. For a description of the problem and a possible solution, please refer to our Processes Running as Root (Super User) article.
Decryption Error -2147415734
This error occurs when the MobileMe password in the login keychain becomes corrupted or unusable. We have yet to find any explanation from Apple as to why this happens or how to prevent it from happening. However, we have confirmed that Apple’s solution fixes the problem:
- Load the Keychain Access utility
- Select the login keychain
- Search and delete all items whose kind is “.Mac password”
- Restart your computer, or log out and back in
Next, reset your MobileMe sync data using the following Apple procedure:
- Make sure that all your data is correct and current in Address Book, iCal, Safari bookmarks, Keychain, Mail, and other applications that use .Mac Sync, and make sure that you are connected to the Internet.
- Open System Preferences and click MobileMe
- Click Sync, then click the Advanced button
- Click Reset Sync Data
- From the Replace pop-up menu, choose the information you want to reset, such as Bookmarks, Keychains, or all data.
- Click the right arrow button so that the orange arrow goes from the computer icon to the MobileMe icon in the window, and the text above the icons says “On MobileMe with sync info from this computer.”
Unfortunately, this doesn’t fix the corrupted sync items. This means that you have to restore a keychain from a backup made prior to the sync that corrupted it.
If you would like to read more about this solution, please refer to the original article on Apple’s web site.
Decryption Error -25293
This error is often related to the Safari code signature discussed in Decryption Error -67061, but sometimes is related to Safari running with Rosetta Emulation enabled. Rosetta Emulation should be disabled.
Decryption Error -128
Every keychain item has a list of permissions associated with it so that the OS X keychain can keep track of the applications allowed to access it. Installing a new version of 1Password or your web browser may cause the system to ask you whether you want to allow the updated program to access the items. This is done to make sure that an unauthorized program cannot access your information.
After you update 1Password or your web browser, please always click Allow or you may end up with this decryption error.
How to Prevent Future Decryption Errors
These issues are only present when using the OS X Keychain. The Agile Keychain was created in order to solve these issues and we strongly recommend upgrading to it if you encounter them.