Error using Android app with Passbolt Cloud

Checklist
[x] I have read intro post: About the Installation Issues category
[x] I have read the tutorials, help and searched for similar issues
[x] I provide relevant information about my server (component names and versions, etc.)
[x] I provide a copy of my logs and healthcheck
[x] I describe the steps I have taken to trouble shoot the problem
[x] I describe the steps on how to reproduce the issue

I have an issue connecting Passbolt Android app with a Passbolt Cloud (trial) account.

The “Mobile account transfer” procedure with QR code scanning proceeds fine. After that, the Android app asks for the password. When the correct password is provided, the sign-in attempt ends with “The credentials are invalid.” error message. (I also tried to enter an invalid password, and the error message is different in that case.)

Here is the log from the Android phone:

Device: samsung SM-G973F
Android 12 (31)
Passbolt 1.5.0-6

14:52:56 Checking biometry state
14:53:06 Getting server pgp and rsa keys
14:53:06 --> GET https://cloud.passbolt.com/managry/auth/verify.json h2
14:53:06 <-- 200 https://cloud.passbolt.com/managry/auth/verify.json (159ms, 762-byte body)
14:53:06 --> GET https://cloud.passbolt.com/managry/auth/jwt/rsa.json h2
14:53:06 <-- 200 https://cloud.passbolt.com/managry/auth/jwt/rsa.json (144ms, 870-byte body)
14:53:06 Getting server pgp and rsa keys succeeded
14:53:06 Verifying server fingerprint
14:53:07 Server key fingerprint is valid
14:53:07 Preparing sign in challenge
14:53:07 Prepared sign in challenge
14:53:07 Signing in
14:53:07 --> POST https://cloud.passbolt.com/managry/auth/jwt/login.json h2 (1048-byte body)
14:53:08 <-- 400 https://cloud.passbolt.com/managry/auth/jwt/login.json (639ms, 239-byte body)
14:53:08 Failure during sign in: The credentials are invalid.

What could be the root cause?
What workaround can I try?

Hi @karelklic :wave: and welcome to passbolt community forum :people_holding_hands:

This authentication problem can occur when date and time on client or server are not well synchronized. Can you check if your smartphone has the correct date and time ? You can compare your current date and time with https://time.is/

In the logs you sent, we can see “the credentials are invalid” only. Can you retry to connect with a bad passphrase first, then with the correct one to compare logs ?

Best regards,

Hi @_jc, thank you for your advice.

The https://time.is/ server says the smartphone time is 0.9 seconds in the future. The smartphone’s date & time settings are using Android default values: automatic synchronization of date and time from the mobile network is enabled, automatic time zone enabled.
(I checked another smartphone where Passbolt works fine. The https://time.is/ reports the time is delayed by 1.4 seconds there. The date & time settings are also on the default values.)

Here is a log from the Android smartphone with a complete mobile account transfer: QR code scanning, one attempt to Sign in with an invalid password, and another attempt to Sign in with a valid password, which ends up with “The credentials are invalid.”

16:15:24 --> PUT https://cloud.passbolt.com/managry/mobile/transfers/3d9a65c5-afb0-4f8e-a1c3-957edba75e86/9c970237-0fbb-4a71-891b-ed0d2226a1cb.json h2 (41-byte body)
16:15:24 <-- 200 https://cloud.passbolt.com/managry/mobile/transfers/3d9a65c5-afb0-4f8e-a1c3-957edba75e86/9c970237-0fbb-4a71-891b-ed0d2226a1cb.json (237ms, 485-byte body)
16:15:25 --> PUT https://cloud.passbolt.com/managry/mobile/transfers/3d9a65c5-afb0-4f8e-a1c3-957edba75e86/9c970237-0fbb-4a71-891b-ed0d2226a1cb.json h2 (41-byte body)
16:15:25 <-- 200 https://cloud.passbolt.com/managry/mobile/transfers/3d9a65c5-afb0-4f8e-a1c3-957edba75e86/9c970237-0fbb-4a71-891b-ed0d2226a1cb.json (145ms, 486-byte body)
16:15:26 --> PUT https://cloud.passbolt.com/managry/mobile/transfers/3d9a65c5-afb0-4f8e-a1c3-957edba75e86/9c970237-0fbb-4a71-891b-ed0d2226a1cb.json h2 (41-byte body)
16:15:26 <-- 200 https://cloud.passbolt.com/managry/mobile/transfers/3d9a65c5-afb0-4f8e-a1c3-957edba75e86/9c970237-0fbb-4a71-891b-ed0d2226a1cb.json (184ms, 485-byte body)
16:15:26 Saving private key.
16:15:27 --> PUT https://cloud.passbolt.com/managry/mobile/transfers/3d9a65c5-afb0-4f8e-a1c3-957edba75e86/9c970237-0fbb-4a71-891b-ed0d2226a1cb.json?contain%5Buser.profile%5D=1 h2 (38-byte body)
16:15:27 <-- 200 https://cloud.passbolt.com/managry/mobile/transfers/3d9a65c5-afb0-4f8e-a1c3-957edba75e86/9c970237-0fbb-4a71-891b-ed0d2226a1cb.json?contain%5Buser.profile%5D=1 (147ms, 766-byte body)
16:15:29 Checking biometry state
16:15:30 --> GET https://cloud.passbolt.com/managry/img/avatar/user_medium.png h2
16:15:30 <-- 200 https://cloud.passbolt.com/managry/img/avatar/user_medium.png (56ms, unknown-length body)
16:15:50 Checking biometry state
16:16:02 There was an error during unlockKey
go.Universe$proxyerror: gopenpgp: error in unlocking key: openpgp: invalid data: private key checksum failure
at com.proton.Gopenpgp.crypto.Key.unlock(Native Method)
at com.passbolt.mobile.android.gopenpgp.OpenPgp$unlockKey$2.invokeSuspend(SourceFile:101)
at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(SourceFile:33)
at kotlinx.coroutines.DispatchedTask.run(SourceFile:106)
at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(SourceFile:571)
at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(SourceFile:750)
at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(SourceFile:678)
at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(SourceFile:665)

go.Universe$proxyerror: gopenpgp: error in unlocking key: openpgp: invalid data: private key checksum failure
at com.proton.Gopenpgp.crypto.Key.unlock(Native Method)
at com.passbolt.mobile.android.gopenpgp.OpenPgp$unlockKey$2.invokeSuspend(SourceFile:101)
at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(SourceFile:33)
at kotlinx.coroutines.DispatchedTask.run(SourceFile:106)
at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(SourceFile:571)
at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(SourceFile:750)
at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(SourceFile:678)
at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(SourceFile:665)
16:16:02 com.passbolt.mobile.android.gopenpgp.exception.OpenPgpException: gopenpgp: error in unlocking key: openpgp: invalid data: private key checksum failure
at com.passbolt.mobile.android.gopenpgp.exception.GopenPgpExceptionParser.parseGopenPgpException(SourceFile:7)
at com.passbolt.mobile.android.gopenpgp.OpenPgp.unlockKey(SourceFile:109)
at com.passbolt.mobile.android.gopenpgp.OpenPgp$unlockKey$1.invokeSuspend(Unknown Source:12)
at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(SourceFile:33)
at kotlinx.coroutines.DispatchedTask.run(SourceFile:104)
at android.os.Handler.handleCallback(Handler.java:938)
at android.os.Handler.dispatchMessage(Handler.java:99)
at android.os.Looper.loopOnce(Looper.java:226)
at android.os.Looper.loop(Looper.java:313)
at android.app.ActivityThread.main(ActivityThread.java:8663)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:567)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1135)

com.passbolt.mobile.android.gopenpgp.exception.OpenPgpException: gopenpgp: error in unlocking key: openpgp: invalid data: private key checksum failure
at com.passbolt.mobile.android.gopenpgp.exception.GopenPgpExceptionParser.parseGopenPgpException(SourceFile:7)
at com.passbolt.mobile.android.gopenpgp.OpenPgp.unlockKey(SourceFile:109)
at com.passbolt.mobile.android.gopenpgp.OpenPgp$unlockKey$1.invokeSuspend(Unknown Source:12)
at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(SourceFile:33)
at kotlinx.coroutines.DispatchedTask.run(SourceFile:104)
at android.os.Handler.handleCallback(Handler.java:938)
at android.os.Handler.dispatchMessage(Handler.java:99)
at android.os.Looper.loopOnce(Looper.java:226)
at android.os.Looper.loop(Looper.java:313)
at android.app.ActivityThread.main(ActivityThread.java:8663)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:567)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1135)
16:16:07 Getting server pgp and rsa keys
16:16:07 --> GET https://cloud.passbolt.com/managry/auth/verify.json h2
16:16:08 <-- 200 https://cloud.passbolt.com/managry/auth/verify.json (177ms, 764-byte body)
16:16:08 --> GET https://cloud.passbolt.com/managry/auth/jwt/rsa.json h2
16:16:08 <-- 200 https://cloud.passbolt.com/managry/auth/jwt/rsa.json (139ms, 870-byte body)
16:16:08 Getting server pgp and rsa keys succeeded
16:16:08 Verifying server fingerprint
16:16:08 Server key fingerprint is valid
16:16:08 Preparing sign in challenge
16:16:09 Prepared sign in challenge
16:16:09 Signing in
16:16:09 --> POST https://cloud.passbolt.com/managry/auth/jwt/login.json h2 (1048-byte body)
16:16:09 <-- 400 https://cloud.passbolt.com/managry/auth/jwt/login.json (781ms, 239-byte body)
16:16:09 Failure during sign in: The credentials are invalid. 

Hi @karelklic

We see in our logs this 400 error but it is followed with a successful connection (return code 200).

User agent okhttp is the mobile app.

Did you finally manage to use passbolt on your Android smartphone ?

Best,

Hi again @karelklic ,

After some investigation, we were able to reproduce the behavior you encountered and spotted a bug we referenced as MOB-416.

When you put wrong passphrase for the first time the setup is failing but after killing the app the account is set up (without biometry).

As biometry is not set, you can configure it through app settings.

Thank you for reporting this. We will keep you informed once this bug will be fixed.

Cheers,

1 Like

Hello @_jc,

thanks for the investigation.

For me, it is unclear whether you suggest a workaround in your message. I tried to work around the problem today by killing the app in various stages of the Mobile account transfer procedure, but this didn’t help. I also failed to enter app settings on the phone - the app wants to perform the Mobile account transfer procedure before allowing anything else.

I’m looking forward to testing a fix of MOB-416.

Kind regards
Karel