Can't use Android App

@1voud I unlocked @johndi89 in a call it was an issue with the jwt keys permissions.
So first you need to check the ownership of the jwt folder:

sudo chown -Rf root:www-data /etc/passbolt/jwt
sudo chmod 750 /etc/passbolt/jwt
sudo chmod 640 /etc/passbolt/jwt/jwt.key
sudo chmod 640 /etc/passbolt/jwt/jwt.pem

Then logout from your account
Login again
Try to transfert the key again on mobile
If there is still an issue we can try:

sudo /usr/share/php/passbolt/bin/cake passbolt create_jwt_keys -v -f

Then like before, logout, login, transfert on mobile

Let me know

1 Like

Thanks for your reply.

I followed the instructions, the ownership was correct (www-data www-data).

/etc/passbolt/jwt had 750 --> changed to 755
/etc/passbolt/jwt/jwt.key had 640 --> changed to 600
/etc/passbolt/jwt/jwt.pem had 644

Logged in, transferred keys, no change.

runuser -u www-data -- /usr/share/php/passbolt/bin/cake passbolt create_jwt_keys -v -f

Logged out, logged in, transferred keys, no change.

Have you apache web server or nginx?
You may check this post, I could solve that problem with Apache and there are some users trying to do the same on Nginx

A short summary as the information is bit scattered through the thread.

The mobile App throws an exception in the when calling:

val encryptedChallenge = openPgp.encryptSignMessageArmored(
    publicKey = serverPublicKey,
    privateKey = privateKey,
    passphrase = passphraseCopy,
    message = challengeJson

When I inspect the the serverPublicKey variable it holds the public GPG key from the server.

The Exception is: gopenpgp: unable to parse public key: gopenpgp: the key contains too many entities.

Please let me know if I need to collect some more info.

The fact that you have 2 entry for uid is an issue indeed.

You need to identify which key is used on your server
if you have a passbolt.php (/var/www/passbolt/config/passbolt.php or /etc/passbolt/passbolt.php)

exec the following command to identify your public key fingerprint
cat passbolt.php | grep fingerprint
you should get
'fingerprint' => '2FC8945833C51946E937F9FED47B0811573EE67E',

Then looks for the location of your gpg keyring
sudo su -s /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck --gpg" www-data
sudo su -s /bin/bash -c "/var/www/passbolt/bin/cake passbolt healthcheck --gpg" www-data
you will see this line
[PASS] The directory /home/www-data/.gnupg containing the keyring is writable by the webserver user.

Then you need to list list the keys associated with
sudo su -s /bin/bash -c "gpg --home /home/www-data/.gnupg --list-keys | grep -i -B 2 ''" www-data
You should see two keys identify the one (let say 1183899100E52F0047BBBDF617AE53A5D9F11253 for ex) that is not related listed in your passbolt.php file and do
sudo su -s /bin/bash -c "gpg --home /home/www-data/.gnupg --delete-keys 1183899100E52F0047BBBDF617AE53A5D9F11253" www-data

Then tell us the result


1 Like

I had some issues running the gpg commands in the docker container, the list-keys worked fine. The keyring being writable check PASS-ed.
The GPG keys are being imported during container startup each time, but I was not able to remove the public key from the keyring since there was a private key. The deletion of the private key failed (no permission).

That’s why I took a different route. I exported both keypairs and replaced the GPG files which get imported at container startup so that only one would be imported at a time on container startup.
The first key(pair) got me one step further while the second key(pair) made the Android App work!!

Thanks so much for all the support !!

Passbolt Rocks!

1 Like

Superb @1voud

Enjoy the app and thanks for choosing passbolt :wink:


P.S: @johndi89 Since your started the thread, could it be possible to close it?

(am closing thread after solution has been reached)