Hello,
I am installing Passbolt on Debian 9.5. using Apache.
I tried moving the key into www-data’s keyring using the command below:
sudo su -s /bin/bash -c “gpg --import /var/www/passbolt/config/gpg/serverkey_private.asc” www-data
Here the output of that command:
gpg: key B1A356…: “James Little jlittle@email.com ” not changed
gpg: key B1A356…/B1A356…: error sending to agent: Permission denied
gpg: error building skey array: Permission denied
gpg: Total number processed: 1
gpg: unchanged: 1
gpg: secret keys read: 1
I don’t know why I keep getting permission denied.
However, after I try doing that, everything breaks.
Here the new output from health check:
Healthcheck shell…Exception: get_key failed in [/var/www/passbolt/src/Utility/Healthchecks/GpgHealthchecks.php, line 301]
Here what the error.log says:
2018-08-29 21:41:11 Error: [Exception] get_key failed
Request URL: /auth/verify.json?api-version=v1
And here is what I am getting from the web application:
Could not verify server key. An Internal Error Has Occurred.
Before I tried importing the key into the keyring the only error Health check was returning was I needed to import the key into the keyring.
Any help would be greatly appreciated.
remy
August 30, 2018, 8:31am
2
Hello,
Do you have a passphrase on your key?
What are the permissions for the www-data keyring?
Hi remy,
I do have a passphrase on my key, should I create a new one without a passphrase?
The permissions are below:
-rw-r----- 1 www-data www-data 1769 Aug 29 16:20 serverkey.asc
-rw-r----- 1 www-data www-data 3661 Aug 29 16:20 serverkey_private.asc
Thank You!
remy
August 30, 2018, 1:36pm
4
I do have a passphrase on my key, should I create a new one without a passphrase?
Yes, passphrases are not supported by php-gnupg (due to limitations introduced by gnupg pinentry afaik).
I will generate a new key without a passphrase this time and report back to confirm that fixed the issue.
Thanks again.
Well, I created a new key without a passphrase, I was really frustrated the installation manual didn’t mention this, but there it was in big bold letters
“Important: Currently php-gnupg does not support keys with a passphrase so you will need to leave that field empty.”
At any rate, I am super annoyed, because I am pretty sure I did this correctly, but I took screen shots as verification I did it right, but I sure hope someone finds my mistake.
The only error I am receiving from health check now (well other than I need to update, this is a new one) is a fingerprint mismatch.
[FAIL] The server key fingerprint doesn’t match the one defined in config/passbolt.php.
So I found the fingerprint for the key:
Notice the user (www-data), See the key was generated today (the 30th) this is the key without the passphrase.
So I copied the fingerprint (so I think), and pasted it in the config/passbolt.php and removed all the spaces
‘serverKey’ => [
// Server private key fingerprint.
‘fingerprint’ => ‘EA9C … 7055’,
‘public’ => CONFIG . ‘gpg’ . DS . ‘serverkey.asc’,
‘private’ => CONFIG . ‘gpg’ . DS . ‘serverkey_private.asc’,
],
I run health check again, and the same errors.
What am I doing wrong this time?
Thanks.
remy
August 30, 2018, 2:19pm
7
Do you have spaces in your fingerprint in your configuration file? If so try removing them.
@remy I removed all the spaces.
remy
August 30, 2018, 2:28pm
9
You can check other existing solutions for this new issue:
There was a recent thread regarding this same issue, but was never resolved:
This is on ubuntu 16.04.
When I run:
sudo -H -u www-data /bin/bash -c “gpg --list-keys --fingerprint --home /var/www/.gnupg”
I do see the correct name and email address I created the keys with.
/var/www/passbolt/app/Config/app.php has the correct values for:
home
fingerprint
public
private
'home' => '/var/www/.gnupg',
],
// Main server key
'serverKey' =>…
Server Configuration:
Debian 9.2.1
Apache 2.4.25
mySQL 10.1.26
PHP Version 7.0.19-1
Passbolt Version: Not installed yet
When running install (or healthcheck), I get an error that “The server key fingerprint doesn’t match the one defined in app/config.php”. I’ve looked for that file and can’t find it. I’ve gone through where I created the GPG key and done it a few times. I’ve edited the php file to have the correct GPG key each time still with the same error. I’ve got to be missing somethin…
I cannot say for certain what fixed the issue.
I deleted all keys, and started the key generation process over again.
All is fixed, I successfully updated the software. No errors from healthcheck.
1 Like
system
Closed
September 4, 2018, 3:42pm
11
This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.