Do not set a passphrase or an expiration date

dpayn0123 · January 25, 2022, 4:54pm

Hello community!

Upon completing the installation of PB CE, I flew through the configuration steps in the browser, only then to notice in the Install Passbolt CE on Ubuntu 20.04 instructions, the following:

Do not set a passphrase or an expiration date The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. Similarly do not set an expiration date. Otherwise all your users will need to perform an account recovery when you will eventually need to update the key.

However, I had already setup a passphrase during the initial setup as it looked like I “had” to do this.
I created a new GPG key believing it was a requirement too.

Could I have used the GPG key that was setup during installation?

I am not clear on the message about “do NOT create a passphrase”.
I am not quite sure why the steps for initial configuration seem to require entering a Passphrase, but the instructions insist not to do this…
Should I wipe out the server and start over?

Any help is appreciated.

AnatomicJC · January 25, 2022, 5:33pm

Hi @dpayn0123 and welcome to passbolt community forum

At 2.3 section of the installation documentation, you have 2 choices:

Let passbolt installation wizard creates OpenPGP keys for you by filling the web form (Server Name, Email and an optional comment)
If you are not happy with the default settings (key type and lenght), you can import yours

The warning Do not set a passphrase or an expiration date applies only if you choose the second option.

The generated keys at this step are stored on the server on /etc/passbolt/gpg. They are “the server keys” and used by passbolt API to authenticate itself during the login handshake process.

At the end of the installation wizard, you create the first passbolt admin user. And as for any passbolt user, an OpenPGP key pair has to be created to encrypt passwords. This user key must be protected with a passphrase, unlike the server one.

Don’t hesitate if you have further questions.

Best,

dpayn0123 · January 26, 2022, 4:22pm

Great to know! I did the first option, mostly because it seemed logical to allow Passbolt to do this for us.

Thank you for your explanation. I am really enjoying the learning process that I have experienced installing Passbolt.

AnatomicJC · January 26, 2022, 4:36pm

You’re welcome, don’t hesitate to ask here if you have further questions

Topic		Replies	Views
GPG-Key creation failed Installation Issues	8	1721	July 3, 2024
[FAIL] The public and private keys cannot be used to encrypt and sign a message Installation Issues	2	948	August 15, 2020
Error when creating OpenPGP server key in the installation wizard Installation Issues	4	1157	May 12, 2020
Could not verify server key - did the key expire? Installation Issues	8	2397	February 9, 2019
Stuck at create new GPG key Installation Issues	8	4333	March 25, 2019

Do not set a passphrase or an expiration date

Related topics