Checklist
I have read intro post: https:// About the Installation Issues category
I have read the tutorials, help and searched for similar issues
I provide relevant information about my server (component names and versions, etc.)
I provide a copy of my logs and healthcheck
I describe the steps I have taken to trouble shoot the problem
I describe the steps on how to reproduce the issue
Dear Community,
This is my 2nd post Again, very happy to join !
I was very happy to discover the mobile app but very sad when I failed to log in with the passphrase :
- the install of the app went well
- the scanning of the qr codes when also well
- I arrived on the login page. The informations of the user are correct : username ok, email ok, url ok.
- I entered the passphrase which I am sure is the correct one and I got :
“Incorrect passphrase or encryption error.
Please try again”
The logs on the smartphone show the following error :
go.Universe$proxyerror: gopenpgp: unable to encrypt message: gopenpgp: error in encrypting asymmetrically: openpgp: invalid argument: cannot encrypt a message to key id 0123456789abcdef because it has no encryption keys
Below is the complete log (I’ve obfuscated some infos and added a space between https:// and passbolt.xxx.xxx to comply to the 2 links limit policy for new users) :
Device: samsung SM-G991B
Android 12 (31)
Passbolt 1.8.0-1015:59:11 → PUT https:// passbolt.xxx.xxx/mobile/transfers/x-x-x-x-x/x-x-x-x-x.json http/1.1 (41-byte body)
15:59:11 ← 200 OK https:// passbolt.xxx.xxx/mobile/transfers/x-x-x-x-x/x-x-x-x-x.json (336ms, 747-byte body)
15:59:12 → PUT https:// passbolt.xxx.xxx/mobile/transfers/x-x-x-x-x/x-x-x-x-x.json http/1.1 (41-byte body)
15:59:12 ← 200 OK https:// passbolt.xxx.xxx/mobile/transfers/x-x-x-x-x/x-x-x-x-x.json (308ms, 747-byte body)
15:59:12 → PUT https:// passbolt.xxx.xxx/mobile/transfers/x-x-x-x-x/x-x-x-x-x.json http/1.1 (41-byte body)
15:59:12 ← 200 OK https:// passbolt.xxx.xxx/mobile/transfers/x-x-x-x-x/x-x-x-x-x.json (190ms, 747-byte body)
15:59:13 → PUT https:// passbolt.xxx.xxx/mobile/transfers/x-x-x-x-x/x-x-x-x-x.json http/1.1 (41-byte body)
15:59:14 ← 200 OK https:// passbolt.xxx.xxx/mobile/transfers/x-x-x-x-x/x-x-x-x-x.json (478ms, 747-byte body)
15:59:14 Saving private key.
15:59:14 → PUT https:// passbolt.xxx.xxx/mobile/transfers/x-x-x-x-x/x-x-x-x-x.json?contain%5Buser.profile%5D=1 http/1.1 (38-byte body)
15:59:14 ← 200 OK https:// passbolt.xxx.xxx/mobile/transfers/x-x-x-x-x/x-x-x-x-x.json?contain%5Buser.profile%5D=1 (311ms, 1394-byte body)
15:59:17 Checking biometry state
15:59:17 → GET https:// passbolt.xxx.xxx/img/avatar/user_medium.png http/1.1
15:59:17 ← 200 OK https:// passbolt.xxx.xxx/img/avatar/user_medium.png (17ms, 2921-byte body)
15:59:26 Getting server pgp and rsa keys
15:59:26 → GET https:// passbolt.xxx.xxx/auth/verify.json http/1.1
15:59:26 ← HTTP FAILED: java.io.IOException: unexpected end of stream on https:// passbolt.xxx.xxx/…
15:59:26 → GET https:// passbolt.xxx.xxx/auth/verify.json http/1.1
15:59:27 ← 200 OK https:// passbolt.xxx.xxx/auth/verify.json (826ms, 2820-byte body)
15:59:27 → GET https:// passbolt.xxx.xxx/auth/jwt/rsa.json http/1.1
15:59:28 ← 200 OK https:// passbolt.xxx.xxx/auth/jwt/rsa.json (362ms, 1079-byte body)
15:59:28 Getting server pgp and rsa keys succeeded
15:59:28 Verifying server fingerprint
15:59:28 Server key fingerprint is valid
15:59:28 Preparing sign in challenge
15:59:28 There was an error during encryptSignMessageArmored
go.Universe$proxyerror: gopenpgp: unable to encrypt message: gopenpgp: error in encrypting asymmetrically: openpgp: invalid argument: cannot encrypt a message to key id 0123456789abcdef because it has no encryption keys
at com.proton.Gopenpgp.helper.Helper.encryptSignMessageArmored(Native Method)
at com.passbolt.mobile.android.gopenpgp.OpenPgp$encryptSignMessageArmored$2.invokeSuspend(SourceFile:48)
at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(SourceFile:33)
at kotlinx.coroutines.DispatchedTask.run(SourceFile:106)
at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(SourceFile:571)
at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(SourceFile:750)
at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(SourceFile:678)
at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(SourceFile:665)go.Universe$proxyerror: gopenpgp: unable to encrypt message: gopenpgp: error in encrypting asymmetrically: openpgp: invalid argument: cannot encrypt a message to key id 0123456789abcdef because it has no encryption keys
at com.proton.Gopenpgp.helper.Helper.encryptSignMessageArmored(Native Method)
at com.passbolt.mobile.android.gopenpgp.OpenPgp$encryptSignMessageArmored$2.invokeSuspend(SourceFile:48)
at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(SourceFile:33)
at kotlinx.coroutines.DispatchedTask.run(SourceFile:106)
at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(SourceFile:571)
at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(SourceFile:750)
at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(SourceFile:678)
at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(SourceFile:665)
15:59:28 Error during challenge preparation
com.passbolt.mobile.android.gopenpgp.exception.OpenPgpException: gopenpgp: unable to encrypt message: gopenpgp: error in encrypting asymmetrically: openpgp: invalid argument: cannot encrypt a message to key id 0123456789abcdef because it has no encryption keys
at com.passbolt.mobile.android.gopenpgp.exception.GopenPgpExceptionParser.parseGopenPgpException(SourceFile:7)
at com.passbolt.mobile.android.gopenpgp.OpenPgp.encryptSignMessageArmored(SourceFile:57)
at com.passbolt.mobile.android.gopenpgp.OpenPgp$encryptSignMessageArmored$1.invokeSuspend(Unknown Source:16)
at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(SourceFile:33)
at kotlinx.coroutines.DispatchedTask.run(SourceFile:104)
at android.os.Handler.handleCallback(Handler.java:938)
at android.os.Handler.dispatchMessage(Handler.java:99)
at android.os.Looper.loopOnce(Looper.java:226)
at android.os.Looper.loop(Looper.java:313)
at android.app.ActivityThread.main(ActivityThread.java:8669)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:571)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1135)com.passbolt.mobile.android.gopenpgp.exception.OpenPgpException: gopenpgp: unable to encrypt message: gopenpgp: error in encrypting asymmetrically: openpgp: invalid argument: cannot encrypt a message to key id 0123456789abcdef because it has no encryption keys
at com.passbolt.mobile.android.gopenpgp.exception.GopenPgpExceptionParser.parseGopenPgpException(SourceFile:7)
at com.passbolt.mobile.android.gopenpgp.OpenPgp.encryptSignMessageArmored(SourceFile:57)
at com.passbolt.mobile.android.gopenpgp.OpenPgp$encryptSignMessageArmored$1.invokeSuspend(Unknown Source:16)
at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(SourceFile:33)
at kotlinx.coroutines.DispatchedTask.run(SourceFile:104)
at android.os.Handler.handleCallback(Handler.java:938)
at android.os.Handler.dispatchMessage(Handler.java:99)
at android.os.Looper.loopOnce(Looper.java:226)
at android.os.Looper.loop(Looper.java:313)
at android.app.ActivityThread.main(ActivityThread.java:8669)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:571)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1135)
15:59:28 Error during preparing challenge - incorrect passphrase
The 0123456789abcdef key corresponds to the server key :
$ gpg --list-keys
/home/www-data/.gnupg/pubring.kbx
---------------------------------
pub rsa3072 2019-09-28 [SC]
XXXXXXXXXXXXXXXXXXXXXXXX0123456789ABCDEF
uid [ ultime ] Passbolt server admin@myserver.com
sub rsa3072 2019-09-28 [E]
Here’s the healthcheck :
$ sudo -H -u www-data bash -c “/var/www/passbolt/bin/cake passbolt healthcheck”
____ __ ____ / __ \____ _____ ____/ /_ ____ / / /_
/ // / __ `/ / / __ / __ / / _/
/ / // ( | ) // / // / / /
// _,///./_//__/Open source password manager for teams
-------------------------------------------------------------------------------
Healthcheck shell
-------------------------------------------------------------------------------Environment
[PASS] PHP version 7.4.3.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable and not executable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.Config files
[PASS] The application config file is present
[PASS] The passbolt config file is presentCore config
[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https:// passbolt.xxx.xxx
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.SSL Certificate
[PASS] SSL peer certificate validates
[PASS] Hostname is matching in SSL certificate.
[PASS] Not using a self-signed certificateDatabase
[PASS] The application is able to connect to the database
[PASS] 26 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.GPG Configuration
[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /home/www-data/.gnupg.
[PASS] The directory /home/www-data/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server OpenPGP key is not the default one
[PASS] The public key file is defined in config/passbolt.php and readable.
[PASS] The private key file is defined in config/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in config/passbolt.php.
[PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.
[PASS] The server public key format is Gopengpg compatible.
[PASS] The server private key format is Gopengpg compatible.Application configuration
[PASS] Using latest passbolt version (3.6.0).
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.JWT Authentication
[PASS] The JWT Authentication plugin is enabled
[PASS] The /var/www/passbolt/config/jwt/ directory is not writable.
[PASS] A valid JWT key pair was found[PASS] No error found. Nice one sparky!
The passbolt.php config file includes the mobile activation part :
'passbolt' => [ 'plugins' => [ 'mobile' => [ 'enabled' => true ], 'jwtAuthentication' => [ 'enabled' => true ], ],
And the apache server includes the following rules :
RewriteEngine on
RewriteCond %{SERVER_NAME} =passbolt.xxx.xxx
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
RewriteCond %{HTTP:Authorization} ^(.)
RewriteRule . - [e=HTTP_AUTHORIZATION:%1]
Would you have any hints on the direction where I should look at ?
I am really eager to be able to enjoy passbolt on my smartphone.
Thanks a lot !
G.