Can't use Android App

Hello !

I just tried with a self-hosted docker container and got the profile setings (with Env settings, it’s really convenient).

First (minor) issue, this screen on the web app is not taking the remember me into account (THe passphrase is requested even if the box has been checked before) and the label “Untill I log out” is not translated (at least in French - on this screen or any other from the web application).

I installed the android app (v1.0.0 published on Nov. 25 2021), sucessfully scanned QR codes and ended up with an error when the app is requesting my pasphrase.

The app correctly got my user infos (First & last name, avatar, mail address and url) but raise the 'Unknowned error occured".

On the server side, I get the following logs at each passphrase validation attempt:

``
2021-12-07 21:39:33,560 INFO reaped unknown pid 15489 (exit status 0)
2021-12-07 21:39:33,566 INFO reaped unknown pid 15491 (exit status 0)
2021-12-07 21:39:33,566 INFO reaped unknown pid 15494 (exit status 0)
2021-12-07 21:39:33,566 INFO reaped unknown pid 15496 (exit status 0)
172.17.0.1 - - [07/Dec/2021:21:39:33 +0000] “GET /auth/verify.json HTTP/1.1” 200 2169 “-” “okhttp/4.7.2”


I'm really looking forward using this application on a daily basis !

Let me know if I can be of assistance for further testing if it helps ;-)

Cheers and many thanks for the good work !
1 Like

Just updated (docker to Passbolt 3.4.0-ce and App V1.1.0) as well and the issue is still the same.

Hi @johndi89 :wave: ,

Can you tell us more about your environment ?

Which Android phone model do you own ? With which android version ? Are you using a custom Android ROM ? rooted ?
Are you using HTTPS ? If yes, how do you manage certificates ?
Are you able to reach your self-hosted passbolt instance in a web browser from your Android phone ?

Thanks for your help :hugs:

Hi @_jc :wave:

I’ll try to be complete about my setup (You’ll regret asking :smiling_imp:).

On the mobile part :

  • Blackview BV6300 Pro;
  • Android 10;
  • Security update from 5 june 2020;
  • Non rooted device;
  • No custom rom;
  • Passbolt app 1.1.0 from Google Playstore;

On server part :

  • Docker Containers hosted on Synology Nas Server (with 3.4.0-CE image + MariaDB Container);
  • Reverse proxy from Synology redirecting subdomain (specified in docker ENV APP_FULL_BASE_URL) to custom port;
  • HTTPS Certificate provided by letsEncrypt and applied to custom domain name;
  • Full access to web application from any mobile device everywhere on the internet (Tested on Win10 PC’s and Android phone mentionned above);

I hope I answerd all of your questions. If you need more info, let me know :wink:

2 Likes

I also checked SSL validation and got the following reports (if it’s usefull) :





:grin: Thanks for the details, and very nice setup, congrats for your A+ :+1:

Another thought, can you check if there is no intermediate certificate missing? You can check this here: SSL Checker or here: https://whatsmychaincert.com/

Thanks :smiley:
(My colleagues called me crazy for all I run on this but it works just fine :nerd_face:)

Here are the results for certificate analysis :

For SSL Checker:

For the chaincert :
image

I don’t see issues here but I’m surely missing something :sob:

Hi,

I’m a happy passbolt user and looking forward to use the android app.

I’m having the exact same issue. The QR code scanning is doing it’s job but when I try to sign in to the app, I’m getting: Incorrect passphrase or decryption error.

The log shows (when using the correct password):

172.21.0.4 - - [17/Dec/2021:10:35:26 +0000] “GET /auth/jwt/rsa.json HTTP/1.1” 200 1090 “-” “okhttp/4.7.2”
2021-12-17 10:35:26,226 INFO reaped unknown pid 14072 (exit status 0)
2021-12-17 10:35:26,227 INFO reaped unknown pid 14073 (exit status 0)
2021-12-17 10:35:26,228 INFO reaped unknown pid 14076 (exit status 0)
2021-12-17 10:35:26,228 INFO reaped unknown pid 14077 (exit status 0)
172.21.0.4 - - [17/Dec/2021:10:35:26 +0000] “GET /auth/verify.json HTTP/1.1” 200 3878 “-” “okhttp/4.7.2”

(Using an invalid password does not generate a log entry)

I’m using the docker image: passbolt/passbolt:3.4.0-ce behind traefik with a Let’s Encrypt certificate.
whatsmychaincert states the chain is ok.
The site is also scoring an A+.
The common name of the certificate is on the domain while the full host name is in the Subject Alt Names.

Please let me know if I can assist.

1 Like

Thanks @1voud / @johndi89 for your feedbacks. :confused:

A newer release will be shipped in the next days / weeks with more debug logs.

@1voud, just to be sure, you are using the latest android release ?

Best,

1 Like

Thanks for the reply,

I’m using version 1.1.0 of the Android App.
Looking forward to test the new release.

I installed the latest version, but unfortunately no change.

Then I cloned the project from github and debugged the Passbolt App in Android Studio on my phone. When I hit the “Sign In” button:

The app did a GET https://server/auth/verify.json which returned a PGP PUBLIC KEY BLOCK.
Next: GetPrivateKeyUseCase: Getting private key. Filename: user_key…
Followed by an exception:

2021-12-27 17:05:24.672 9341-9341/com.passbolt.mobile.android.debug E/OpenPgp: There was an error during encryptSignMessageArmored
go.Universe$proxyerror: gopenpgp: unable to parse public key: gopenpgp: the key contains too many entities
at com.proton.Gopenpgp.helper.Helper.encryptSignMessageArmored(Native Method)
at com.passbolt.mobile.android.gopenpgp.OpenPgp$encryptSignMessageArmored$2.invokeSuspend(OpenPgp.kt:48)
at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106)

Kind Regards.

Hi !

Sorry to report that I also updated the app to 1.2.0 and still have the same issue.
However, the dark mode looks really nice on that new release. I cannot wait to use it on a daily basis.

Best regards,
John

Hi guys,

Sorry to hear it, we are working hard to have logs accessible within the passbolt App, and we are also increasing the verbosity of the logs during the auth phase. Of course without any data leak.

We will keep you posted, thank you so much for the feedbacks.

Best,
Max

@1voud in the public key do you see any extra new line at the end of the key?
If so can you remove any new line at the end of your JWT public key and try the sign in again?

The key layout (JWT and GPG) look fine fine to me. I did some digging and debugging.
The error: “gopenpgp: the key contains too many entities” seems from gopenpgp:

func (key *Key) readFrom(r io.Reader, armored bool) error {

When trying to read the server public PGP key.

When I inspect the server PGP key I see 2 entries with: uid Passbolt default user passbolt@yourdomain.com
Since I’m not familiar with GPG I’m not sure, but could it be the issue?

what you can do is to query with postman or other tool
https://yourdomain/auth/jwt/rsa.json
Then in the key data looks for double \n after the BEGIN PUBLIC KEY or before END PUBLIC KEY
We notice that some keys badly interpreted by gopenpgp

Hi !

When I try https:///auth/verify.json, I receive the fingerprint & keydata.
When I try https:///auth/jwt/rsa.json, I receive a 500 error with message “The key pair for JWT Authentication is not complete.”

@1voud, Is it the same for you ?

@johndi89 and the healthcheck command indicate that all is green in the JWT section?

Yep :sob:

 JWT Authentication                                                                                                                                         
                                                                                                                                                            
 [PASS] The JWT Authentication plugin is enabled                                                                                                            
 [PASS] The /etc/passbolt/jwt/ directory is not writable.                                                                                                   
 [PASS] A valid JWT key pair was found                                                                                                                      
                                                                                                                                                            
 [PASS] No error found. Nice one sparky!

I realized I didn’t provide begin and end of public key (from /auth/verify.json) :

"-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nm##########
#################################################
##==\n=9AAr\n-----END PGP PUBLIC KEY BLOCK-----\n"

I’m not sure if it’s normal or not…

No double newlines (\n) in the public key /auth/jwt/rsa.json.
The key looks perfectly fine.

But during my debugging session it seems to fail on parsing the server public key (GPG), not the JWT key. (Or I missed something as I’m not an expert)