Facing "The OpenPGP key can not be used to encrypt." while installation is from source code

I have read intro post: About the Installation Issues category
I have read the tutorials, help and searched for similar issues
I provide relevant information about my server (component names and versions, etc.)
I provide a copy of my logs and healthcheck
I describe the steps I have taken to trouble shoot the problem
I describe the steps on how to reproduce the issue


Health check report:

PHP Warning:  Module 'intl' already loaded in Unknown on line 0

     ____                  __          ____  
    / __ \____  _____ ____/ /_  ____  / / /_ 
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/ 
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /    
 /_/    \__,_/____/____/_.___/\____/_/\__/   

 Open source password manager for teams
 Healthcheck shell         


 [PASS] PHP version 7.4.3.
 [PASS] PCRE compiled with unicode support.
 [PASS] The temporary directory and its content are writable and not executable.
 [PASS] The logs directory and its content are writable.
 [PASS] GD or Imagick extension is installed.
 [PASS] Intl extension is installed.
 [PASS] Mbstring extension is installed.

 Config files

 [PASS] The application config file is present
 [PASS] The passbolt config file is present

 Core config

 [PASS] Debug mode is off.
 [PASS] Cache is working.
 [PASS] Unique value set for security.salt
 [PASS] Full base url is set to http://dev-passbolt.arbisoft.com
 [PASS] App.fullBaseUrl validation OK.
 [PASS] /healthcheck/status is reachable.

 SSL Certificate

 [PASS] SSL peer certificate validates
 [PASS] Hostname is matching in SSL certificate.
 [PASS] Not using a self-signed certificate


 [PASS] The application is able to connect to the database
 [PASS] 26 tables found
 [PASS] Some default content is present
 [PASS] The database schema up to date.

 GPG Configuration

 [PASS] PHP GPG Module is installed and loaded.
 [PASS] The environment variable GNUPGHOME is set to /home/hamzapervez/.gnupg.
 [PASS] The directory /home/hamzapervez/.gnupg containing the keyring is writable by the webserver user.
 [PASS] The server OpenPGP key is not the default one
 [PASS] The public key file is defined in config/passbolt.php and readable.
 [PASS] The private key file is defined in config/passbolt.php and readable.
 [PASS] The server key fingerprint matches the one defined in config/passbolt.php.
 [PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
 [PASS] There is a valid email id defined for the server key.
 [PASS] The public key can be used to encrypt a message.
 [PASS] The private key can be used to sign a message.
 [PASS] The public and private keys can be used to encrypt and sign a message.
 [PASS] The private key can be used to decrypt a message.
 [PASS] The private key can be used to decrypt and verify a message.
 [PASS] The public key can be used to verify a signature.
 [PASS] The server public key format is Gopengpg compatible.
 [PASS] The server private key format is Gopengpg compatible.

 Application configuration

 [PASS] Using latest passbolt version (3.8.3).
 [PASS] Passbolt is configured to force SSL use.
 [FAIL] App.fullBaseUrl is not set to HTTPS.
 [HELP] Check App.fullBaseUrl url scheme in config/passbolt.php.
 [PASS] Selenium API endpoints are disabled.
 [PASS] Search engine robots are told not to index content.
 [PASS] Registration is closed, only administrators can add users.
 [PASS] Serving the compiled version of the javascript app
 [PASS] All email notifications will be sent.

 JWT Authentication

 [PASS] The JWT Authentication plugin is enabled
 [PASS] The /home/hamzapervez/passbolt/config/jwt/ directory is not writable.
 [PASS] A valid JWT key pair was found

 SMTP Settings

 [PASS] The SMTP Settings plugin is enabled.
 [PASS] SMTP Settings coherent. You may send a test email to validate them.
 [WARN] The SMTP Settings source is: /home/hamzapervez/passbolt/config/passbolt.php.
 [HELP] It is recommended to set the SMTP Settings in the database through the administration section.

 [FAIL] 1 error(s) found. Hang in there!

Only one error is due to SSL and that does not seem related.
I’ve checked the NTP service and it is working fine as mentioned in this GPG-Key creation failed
All the ports are open for outbound communication.

No error in any logs. Can’t seem to figure out why is this not letting me setup a passphrase for admin user.

Hello @hamza ,

Can you share the user public key? If not can you check if the public key is expired. It could be the case if you generated the key for example from Gnupg (i.e. not passbolt) and imported the key during the setup. Depending on what you used to generate it could be set to expire.

Is it a fresh install or an existing install? If it’s a fresh install from source, which tutorial did you follow? We recommend to using the official packages / documentation.


I used this tutorial for this fresh install Passbolt Help | Install passbolt API from source.

Generated the keys using this command

gpg --batch --no-tty --gen-key <<EOF
  Key-Type: default
  Key-Length: 2048
  Subkey-Type: default
  Subkey-Length: 2048
  Name-Real: John Doe
  Name-Email: email@domain.tld
  Expire-Date: 0

Can you share the user public key?


Here it is.


Hi @hamza,

The key looks good to me. So there must be something else preventing to use it. Most likely it will be a time difference issue between the client and the server. Can you double check that you have NTP installed on the server? Then check for differences between the time on your laptop/desktop and the server.


I checked and it was working fine. I decided to remove the source directory, cloned again then ran the steps but did not copy the config file neither ran the install script and tried to setup via the web interface. That did not work either but it created a new PGP key pair with length 3072. I used that key after removing the source again, cloning for the 3rd time and repeating the steps and lo and behold it is working now.