I just tried with a self-hosted docker container and got the profile setings (with Env settings, it’s really convenient).
First (minor) issue, this screen on the web app is not taking the remember me into account (THe passphrase is requested even if the box has been checked before) and the label “Untill I log out” is not translated (at least in French - on this screen or any other from the web application).
I installed the android app (v1.0.0 published on Nov. 25 2021), sucessfully scanned QR codes and ended up with an error when the app is requesting my pasphrase.
The app correctly got my user infos (First & last name, avatar, mail address and url) but raise the 'Unknowned error occured".
On the server side, I get the following logs at each passphrase validation attempt:
``
2021-12-07 21:39:33,560 INFO reaped unknown pid 15489 (exit status 0)
2021-12-07 21:39:33,566 INFO reaped unknown pid 15491 (exit status 0)
2021-12-07 21:39:33,566 INFO reaped unknown pid 15494 (exit status 0)
2021-12-07 21:39:33,566 INFO reaped unknown pid 15496 (exit status 0)
172.17.0.1 - - [07/Dec/2021:21:39:33 +0000] “GET /auth/verify.json HTTP/1.1” 200 2169 “-” “okhttp/4.7.2”
I'm really looking forward using this application on a daily basis !
Let me know if I can be of assistance for further testing if it helps ;-)
Cheers and many thanks for the good work !
Which Android phone model do you own ? With which android version ? Are you using a custom Android ROM ? rooted ?
Are you using HTTPS ? If yes, how do you manage certificates ?
Are you able to reach your self-hosted passbolt instance in a web browser from your Android phone ?
I’m a happy passbolt user and looking forward to use the android app.
I’m having the exact same issue. The QR code scanning is doing it’s job but when I try to sign in to the app, I’m getting: Incorrect passphrase or decryption error.
The log shows (when using the correct password):
172.21.0.4 - - [17/Dec/2021:10:35:26 +0000] “GET /auth/jwt/rsa.json HTTP/1.1” 200 1090 “-” “okhttp/4.7.2”
2021-12-17 10:35:26,226 INFO reaped unknown pid 14072 (exit status 0)
2021-12-17 10:35:26,227 INFO reaped unknown pid 14073 (exit status 0)
2021-12-17 10:35:26,228 INFO reaped unknown pid 14076 (exit status 0)
2021-12-17 10:35:26,228 INFO reaped unknown pid 14077 (exit status 0)
172.21.0.4 - - [17/Dec/2021:10:35:26 +0000] “GET /auth/verify.json HTTP/1.1” 200 3878 “-” “okhttp/4.7.2”
(Using an invalid password does not generate a log entry)
I’m using the docker image: passbolt/passbolt:3.4.0-ce behind traefik with a Let’s Encrypt certificate.
whatsmychaincert states the chain is ok.
The site is also scoring an A+.
The common name of the certificate is on the domain while the full host name is in the Subject Alt Names.
I installed the latest version, but unfortunately no change.
Then I cloned the project from github and debugged the Passbolt App in Android Studio on my phone. When I hit the “Sign In” button:
The app did a GET https://server/auth/verify.json which returned a PGP PUBLIC KEY BLOCK.
Next: GetPrivateKeyUseCase: Getting private key. Filename: user_key…
Followed by an exception:
2021-12-27 17:05:24.672 9341-9341/com.passbolt.mobile.android.debug E/OpenPgp: There was an error during encryptSignMessageArmored
go.Universe$proxyerror: gopenpgp: unable to parse public key: gopenpgp: the key contains too many entities
at com.proton.Gopenpgp.helper.Helper.encryptSignMessageArmored(Native Method)
at com.passbolt.mobile.android.gopenpgp.OpenPgp$encryptSignMessageArmored$2.invokeSuspend(OpenPgp.kt:48)
at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106)
Sorry to report that I also updated the app to 1.2.0 and still have the same issue.
However, the dark mode looks really nice on that new release. I cannot wait to use it on a daily basis.
Sorry to hear it, we are working hard to have logs accessible within the passbolt App, and we are also increasing the verbosity of the logs during the auth phase. Of course without any data leak.
We will keep you posted, thank you so much for the feedbacks.
@1voud in the public key do you see any extra new line at the end of the key?
If so can you remove any new line at the end of your JWT public key and try the sign in again?
The key layout (JWT and GPG) look fine fine to me. I did some digging and debugging.
The error: “gopenpgp: the key contains too many entities” seems from gopenpgp:
When I inspect the server PGP key I see 2 entries with: uid Passbolt default user passbolt@yourdomain.com
Since I’m not familiar with GPG I’m not sure, but could it be the issue?
what you can do is to query with postman or other tool https://yourdomain/auth/jwt/rsa.json
Then in the key data looks for double \n after the BEGIN PUBLIC KEY or before END PUBLIC KEY
We notice that some keys badly interpreted by gopenpgp
When I try https:///auth/verify.json, I receive the fingerprint & keydata.
When I try https:///auth/jwt/rsa.json, I receive a 500 error with message “The key pair for JWT Authentication is not complete.”
JWT Authentication
[PASS] The JWT Authentication plugin is enabled
[PASS] The /etc/passbolt/jwt/ directory is not writable.
[PASS] A valid JWT key pair was found
[PASS] No error found. Nice one sparky!
I realized I didn’t provide begin and end of public key (from /auth/verify.json) :
"-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nm##########
#################################################
##==\n=9AAr\n-----END PGP PUBLIC KEY BLOCK-----\n"
,
).
Thanks for the details, and very nice setup, congrats for your A+ 
)
