GPG imported key taking revoked sub-key

gregober · June 4, 2021, 4:24pm

Hello,

I have setup a new user and imported his pgp private key.
This key dates from 2002 and includes revoked keys in DSA and updated keys in RSA 4096.

Upon import only the old revoked key in DSA appears on the GUI.

You might want to check that passbolt is not importing revoked key.

It would be very convenient to have the ability to manage keys within passbolt and change private key.
This might have important security issue since it is a key component of your soft, but being unable to change the key is a problem.

I am also not sure what will happen when my actual key will be outdated ??

Thanks for your feedback and help.

Checklist
[X ] I have read intro post: About the Installation Issues category
[X ] I have read the tutorials, help and searched for similar issues
[X ] I provide relevant information about my server (component names and versions, etc.)
[X ] I provide a copy of my logs and healthcheck
[X ] I describe the steps I have taken to trouble shoot the problem
[X ] I describe the steps on how to reproduce the issue

gregober · June 7, 2021, 2:55pm

Has anyone had time to have a look at the GPG key problem we are having ?

Gerold · June 8, 2021, 2:18pm

Hello @gregober,

Hope you are doing good,

Indeed, “Upon import only the old revoked key in DSA appears on the GUI.” is a bug from the application, you might want to open a bug on github and this will be taken care of in the future.

Passbolt isn’t shipped with a feature to manage the keys of a given user, if still you want to do a key rotation, you might want to check the workaround mentioned in this topic : As a logged in user I should be able to change my private/public key.

Cheers,
Gérold.