Generate another key with a valid email id

anthony · November 17, 2021, 9:16am

Checklist
[ x] I have read intro post: About the Installation Issues category
[ x] I have read the tutorials, help and searched for similar issues
[ x] I provide relevant information about my server (component names and versions, etc.)
[ ] I provide a copy of my logs and healthcheck
[ ] I describe the steps I have taken to trouble shoot the problem
[ ] I describe the steps on how to reproduce the issue

Open source password manager for teams
-------------------------------------------------------------------------------
 Healthcheck shell........Warning Error: file_get_contents(/etc/passbolt/jwt/jwt.pem): failed to open stream: No such file or directory
In [/usr/share/php/passbolt/plugins/Passbolt/JwtAuthentication/src/Service/AccessToken/JwtKeyPairService.php, line 110]

2021-11-17 08:43:21 Warning: Warning (2): file_get_contents(/etc/passbolt/jwt/jwt.pem): failed to open stream: No such file or directory in [/usr/share/php/passbolt/plugins/Passbolt/JwtAuthentication/src/Service/AccessToken/JwtKeyPairService.php, line 110]
-------------------------------------------------------------------------------

 Environment

 [PASS] PHP version 7.3.31-1~deb10u1.
 [PASS] PCRE compiled with unicode support.
 [PASS] The temporary directory and its content are writable and not executable.
 [PASS] The logs directory and its content are writable.
 [PASS] GD or Imagick extension is installed.
 [PASS] Intl extension is installed.
 [PASS] Mbstring extension is installed.

 Config files

 [PASS] The application config file is present
 [PASS] The passbolt config file is present

 Core config

 [PASS] Debug mode is off.
 [PASS] Cache is working.
 [PASS] Unique value set for security.salt
 [PASS] Full base url is set to https://mydomain
 [PASS] App.fullBaseUrl validation OK.
 [PASS] /healthcheck/status is reachable.

 SSL Certificate

 [FAIL] SSL peer certificate does not validate
 [FAIL] Hostname does not match when validating certificates.
 [WARN] Using a self-signed certificate
 [HELP] cURL Error (60) SSL certificate problem: unable to get local issuer certificate

 Database

 [PASS] The application is able to connect to the database
 [PASS] 26 tables found
 [PASS] Some default content is present
 [PASS] The database schema up to date.

 GPG Configuration

 [PASS] PHP GPG Module is installed and loaded.
 [PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
 [PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
 [PASS] The server OpenPGP key is not the default one
 [PASS] The public key file is defined in config/passbolt.php and readable.
 [PASS] The private key file is defined in config/passbolt.php and readable.
 [PASS] The server key fingerprint matches the one defined in config/passbolt.php.
 [PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
 [FAIL] The server key does not have a valid email id.
 [HELP] Edit or generate another key with a valid email id.
 [PASS] The public key can be used to encrypt a message.
 [PASS] The private key can be used to sign a message.
 [PASS] The public and private keys can be used to encrypt and sign a message.
 [PASS] The private key can be used to decrypt a message.
 [PASS] The private key can be used to decrypt and verify a message.
 [PASS] The public key can be used to verify a signature.

 Application configuration

 [PASS] Using latest passbolt version (3.3.0).
 [PASS] Passbolt is configured to force SSL use.
 [PASS] App.fullBaseUrl is set to HTTPS.
 [PASS] Selenium API endpoints are disabled.
 [PASS] Search engine robots are told not to index content.
 [PASS] Registration is closed, only administrators can add users.
 [PASS] Serving the compiled version of the javascript app
 [PASS] All email notifications will be sent.

 JWT Authentication

 [WARN] The JWT Authentication plugin is disabled
 [HELP] Set the environment variable PASSBOLT_PLUGINS_JWT_AUTHENTICATION_ENABLED to true

 [FAIL] 3 error(s) found. Hang in there!

Hello,

i updated passbolt this, and i have this message:

[FAIL] The server key does not have a valid email id.
[HELP] Edit or generate another key with a valid email id.

I can not understand.

I have looked at several posts, but none seem to match my problem.

What should I do?

Thank you

AnatomicJC · November 18, 2021, 2:23pm

Hi @anthony and welcome in Passbolt community forum

You can create a new GnuPG key like this:

gpg --batch --no-tty --gen-key <<EOF
  Key-Type: default
  Key-Length: 2048
  Subkey-Type: default
  Subkey-Length: 2048
  Name-Real: John Doe
  Name-Email: email@domain.tld
  Expire-Date: 0
  %no-protection
  %commit
EOF

Feel free to replace Name-Real and Name-Email with your own.

Then export private and public keys:

# Private key
gpg --armor --export-secret-keys email@domain.tld > serverkey_private.asc
# Public key
gpg --armor --export email@domain.tld > serverkey.asc

Then you can replace your current Passbolt gpg server keys with the new fresh ones.

If you have installed Passbolt with Debian or Ubuntu package, they are located in /etc/passbolt/gpg, else in /var/www/passbolt/config/gpg

Once done, you must replace the old GPG fingerprint with the new one in passbolt.php configuration file.
If you have installed Passbolt with Debian or Ubuntu package, it are located in /etc/passbolt/passbolt.php, else in /var/www/passbolt/config/passbolt.php

To get fingerprint, launch gpg --list-key command to get your new key fingerprint. In the example below, mine is E2FCE885333A107AA480FC94C352B738F50DBDB1

$ gpg --list-key
/home/vagrant/.gnupg/pubring.kbx
--------------------------------
pub   rsa2048 2021-11-18 [SC]
      E2FCE885333A107AA480FC94C352B738F50DBDB1
uid           [ultimate] John Doe <email@domain.tld>
sub   rsa2048 2021-11-18 [E]

Let me know if you have further questions.

Cheers,

anthony · February 15, 2022, 2:10pm

It works, thank you very much