Can't access passwords anymore

tim.dreier · April 27, 2020, 12:15pm

Hi,
after a reboot of our Server I can’t access passbolt anymore. In the fronend I get Could not verify server key. The OpenPGP server key defined in the config cannot be used to decrypt. The OpenPGP server key fingerprint defined in the config does not match the one associated with the key on file..

When I try to sudo -H -u www-data bash -c "gpg --list-keys" I get [don't know]: invalid packet (ctb=00)

Any idea how to fix this?

remy · April 27, 2020, 12:32pm

Hello,

It means there is an issue with your server key (e.g. maybe it is expired) or your keyring (e.g. keyring permissions, or gpg config or version change). It is hard to tell with zero information about your system (keyring location, detail of server key, operating system, version of gpg, etc.).

You could try to:

Delete/Rename the old keyring for www-data
Create a new keyring for www-data (in the location specified in your passbolt config if it’s not the default), using gpg --list-keys as the www-data user with the right gpg home location as parameter
Import the server key specified in the config in the keyring again
Run the healthchecks as www-data

tim.dreier · April 27, 2020, 12:49pm

Thank you @remy.
Moving the .gnupg folder to .gnupg.old and reimport the key with sudo su -s /bin/bash -c "gpg --home /home/www-data/.gnupg --import /var/www/passbolt/config//gpg/serverkey_private.asc" www-data worked!

system · May 2, 2020, 12:49pm

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.