Invalid iv in the message

I tried to create a new item in that vault, and op item get fails for that item.

Looks like op item get 'Anything' fails for all items in the Guillaume vault. I would guess op is trying to list items in the vault to find it, or something...

If you add debug logs, I'll try that for sure.

Thank you again for the info gboudrea

So from my findings, it looks like there was a small period a couple of years ago where items created in the 1Password Android client used a wrong number of nonce (IV) bytes to create an item's key. Most clients are able to handle this, but it looks like op cannot.

We are going to investigate the issue on how to fix it on op's end, but the prescribed method to fix it by our support staff was to simply recreate the item in question. In this case, it looks like My Item Name may be the culprit.

Do you mind giving that a try and seeing if it fixes things?

As for listing items in the Guillaume vault, it will be quite difficult at this point to find the culprit item, as there are over 800 items (wow!) in that vault, right?

I think I can add some debug logs in the upcoming build so we can identify the item(s) that fail. These logs will be enabled with the --debug flag.

How does this sound to you?

Yes, I did (and still) use the Android client.

I tried 1Password 8.7.0; Guillaume vault loads fine. My Item Name also loads as it should from 1Password 8.

Only the CLI seems affected.

I think we may have an idea on what caused this - have you ever created an item using the 1Password Android client in the past?

Also, to help us troubleshoot, would you be able to try and access the item using our https://1password.com/downloads/mac/#beta-downloads client? We have a feeling that the CLI and the Mac Beta 8 client share similar logic and it should not work, but wanted to confirm our theory.

Thanks for all the correspondence so far gboudrea

This is a vault called Guillaume that was created manually.
I'm a 1Password client since v3, when it was only a Mac app; not sure if this vault was created on a Mac client, and later migrated to your server, when this became an option..?

839 items in the vault. Definitely my largest vault.

2nd largest vault is 255 items, was also created manually (but is probably not as old as the Guillaume vault), and going a op item list --vault that_2nd_vault works as expected, while op item list --vault Guillaume do not.

Thanks for the information gboudrea

I'm going to open an issue to investigate this behavior.

In order to help us debug this issue, do you mind giving us some info about the vault in question?

• Is this a vault that was created by you, or came with the system (eg. Private vault)?
• How many items are in the vault?
• You mentioned that the other vault(s) work - could you provide the same info for them as well?

My Item Name works as expected in both 1Password 7 on Mac, and on 1password.com

Same error with op version 2.0.0:

gb@MacBook-Pro:~ $ op --version
2.0.0
gb@MacBook-Pro:~ $ op item get 'My Item Name'
[ERROR] 2022/03/15 19:46:03 failed to listMatchingItemsInVault: Invalid iv in the message: 16


Hey gboudrea

After some investigating, it looks like that error message is being returned from the server when the CLI client asks to list the items for that specific vault (assuming that the 'My Item Name' item is located in the gboudrea vault).

I'm wondering if you get similar errors when trying to access that vault over the other clients like the 1Password website, or the Mac application.

I am also curious if the same error occurs when listing that vault's items in the new https://developer.1password.com/docs/cli/get-started.