Do not set a passphrase or an expiration date

Hello community!

Upon completing the installation of PB CE, I flew through the configuration steps in the browser, only then to notice in the Install Passbolt CE on Ubuntu 20.04 instructions, the following:

Do not set a passphrase or an expiration date The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. Similarly do not set an expiration date. Otherwise all your users will need to perform an account recovery when you will eventually need to update the key.

However, I had already setup a passphrase during the initial setup as it looked like I “had” to do this.
I created a new GPG key believing it was a requirement too.

Could I have used the GPG key that was setup during installation?

  • I am not clear on the message about “do NOT create a passphrase”.
  • I am not quite sure why the steps for initial configuration seem to require entering a Passphrase, but the instructions insist not to do this…
  • Should I wipe out the server and start over?

Any help is appreciated.

Hi @dpayn0123 :wave: and welcome to passbolt community forum :handshake:

At 2.3 section of the installation documentation, you have 2 choices:

  • Let passbolt installation wizard creates OpenPGP keys for you by filling the web form (Server Name, Email and an optional comment)
  • If you are not happy with the default settings (key type and lenght), you can import yours

The warning Do not set a passphrase or an expiration date applies only if you choose the second option.

The generated keys at this step are stored on the server on /etc/passbolt/gpg. They are “the server keys” and used by passbolt API to authenticate itself during the login handshake process.

At the end of the installation wizard, you create the first passbolt admin user. And as for any passbolt user, an OpenPGP key pair has to be created to encrypt passwords. This user key must be protected with a passphrase, unlike the server one.

Don’t hesitate if you have further questions.


1 Like

Great to know! I did the first option, mostly because it seemed logical to allow Passbolt to do this for us.

Thank you for your explanation. I am really enjoying the learning process that I have experienced installing Passbolt.

1 Like

You’re welcome, don’t hesitate to ask here if you have further questions :slight_smile: