From one day to the next - Cannot log in to passbolt anymore

Hi all,

To start off with: I’m not the person who installed Passbolt. My knowledge acquisition on our installation started this morning.

So this morning I needed a password from Passbolt, and it gave the error message:
‘Could not use key XXXXXXXXXXXXX for signing’. This is strange since I use it almost every day, and last Friday it still worked. No changes were pushed through.

I’ve updated Passbolt (it runs on a server hosted by a company elsewhere, so I had to SSH in) to 3.2.1, but this didn’t help.
I’m trying to add the keys to the keyring, but I’m getting error messages:
‘gpg: can’t connect to the agent: No such file or directory’
I seem to be missing the gpg-agent? I suppose this would be needed for Passbolt to run, why would it be removed overnight?

The system I’m working with is not playing ball. I’ve tried installing some things but I did not manage. The thing doesn’t recognise commands like ‘make’ or ‘apt’, so that makes things very difficult.

I’ve also tried renaming passbolt.php to passbolt_old.php and starting a new wizard, without much luck. There, I get stuck at the ‘serverkeys’ tab.
The error message I get is: ‘The data entered are not correct: The OpenPGP private key cannot be used to decrypt.’

A healthcheck with the original passbolt.php gives me back an exception:
‘Could not use key XXXXXXXXXX for signing. get_key failed in […/src/Utility/OpenPGP/Backends/Gnupg.php, line 242’]’

I’ve spent most of today on this forum, but haven’t found a solution yet…
Any help is much appreciated!

Hi @bvanharen,

It is very weird that the gpg-agent has been removed between Friday and today, maybe the server has been upgraded this week-end. I confirm you that the gpg-agent is necessary to run passbolt.

Can you tell us more about your environment (Debian, CentOS)? Where passbolt is located (/usr/share/php/passbolt or /var/www/passbolt)?

Hi Cedric,

From what I can tell, we are getting a version of CloudLinux on this server.
Passbolt is located elsewhere, ~/public_html
Does this matter?

@bvanharen this error looks like the server key has expired. It can be fixed by updating the server key expiry date, replacing it on file and loading it in the gpg keyring. It’s going to be complicated if you don’t have access to gpg (most likely it’s available, but not for your user).

At that stage, since your setup seems custom and you don’t have documentation, I think the best for you would be the following:

  1. Install passbolt 3.2 using the Ubuntu or Debian package following the official documentation on a brand new machine. Passbolt Help | Installation
  2. Perform a complete installation until the end of the wizard, make sure it works. Don’t bother about the data there, it will be replaced, but make sure this clean installation works first.
  3. Take a backup of the database from the old installation using mysql dump or whatever is available to you on the original machine.
  4. Transfer the database, e.g. delete the newly created database on the new fresh install, create a new one with the same name, and load the content of the old one.
  5. Run the database migration script (in case you are not running the latest one on the old server). sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate"
  6. Switch the DNS of the old server to the new one
  7. Perform an account recovery on the new machine using your original user private key
  8. Decommission old server.

Thanks a lot!
I’ll give it a try. I’ve also got communication going to the hosting service now, so maybe their support can explain why gpg-agent is missing now…