Could not verify server key (gpg key expired)

Since today i got this message and can’t use Passbolt Pro anymore:

Could not verify server key. Unable to encrypt the verify token. Error encrypting message: Could not find valid key packet for encryption in key XXXXXXXXXX

The gpg key was expired. I followed this thread and i set the expire date to never via this tutorial.

When i try to recover my account i get this message: This key doesn’t match any account.
Thanks for help.

what i have done:

  • delete the passbolt plugin in firefox and reinstall
  • try to recover with an fresh browser on an vm

both didn’t work.

Now the healtcheck says:

[FAIL] The server public key defined in the config/passbolt.php (or environment variables) is not in the keyring

i tried this:

rm -fr /var/www/.gnpg
and then
sudo su -s /bin/bash -c /gpg–import /var/www/passbolt/config/gpg/serverkey_private.asc" www-data

but it didn’t helped.

any ideas what to do now?

I’m noticing you have serverky_private.asc instead of serverkey_private.asc. Maybe typo?

thx, i checked this but it was only a copy&paste mistake here in the forum. I used on the server sudo su -s /bin/bash -c /gpg–import /var/www/passbolt/config/gpg/serverkey_private.asc" www-data
and it’s not working.

Hi @Holla_Die_Waldfee okay that’s good to know.

I believe the error message is after the app compares the fingerprint of the keys in the keyring with the fingerprint of the key noted in the config file (or environment variables for docker).

Checking the config file is next.

i checked this, but the config is okay.

i think i have the same problem as here: Could not verify server key - did the key expire?

i will write an e-mail to passbolt, because they closed the thread without telling an solution.

unfortunately the Passbolt team did not respond to my request by email. All attempts to renew the expired gpg key have failed. Really stupid that all backups do not help in this case.

Therefore, I am no longer sure whether I can restore my over 1000 passwords at all and now I have to work with a 4 week old Keepass Backup.

@Holla_Die_Waldfee we didn’t receive any email from you on support. Can you forward your email at remy@passbolt.com along with your passbolt customer id (if any). We can schedule a support call with you to get you sorted out.

thx, i have send you an email.

thx to Remy and Cedric for the help. My Passbolt is now working again. To help others with the same problem here an short how-to:

  • [YOUR KEY ID] has to replace with your own id, expample 2930B0302120120…
  • the path to passbolt (/var/www/passbolt/config/gpg) can be different, you have to check if it is the same like mine!

looking for the key id and expire date

gpg --list-keys

enter the gpg shell

gpg --edit-key [YOUR KEY ID]

again, list the gpg keys

list

first, take key 0

key 0

use the command expire to change the expire time of the key 0

expire

change it to never (or what ever you like)

0

confirm this

y

do the same with key 1

key 1

expire

0

y

save it!

save

check that the expire date is changed

gpg --list-keys

first we need to delete the serverkey.asc and serverkey_private.asc in /var/www/passbolt/gpg/

cd /var/www/passbolt/gpg/
rm server.key.asc
rm serverkey_private.asc

now we have to copy the gpg private key to passbolt

gpg --armor --export-secret-keys [YOUR KEY ID] > /var/www/passbolt/config/gpg/serverkey_private.asc

and now for the gpg key

gpg --armor --export [YOUR KEY ID] > /var/www/passbolt/config/gpg/serverkey.asc

change the owner to www-data

su -s /bin/bash -c "gpg --import /var/www/passbolt/config/gpg/serverkey_private.asc" www-data

check that the owner is correct

su -s /bin/bash -c "gpg --list-keys" www-data

now you can recover your account

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.