How can I update / recover from an expired user key

I currently can’t login to our passbolt because my gpg key for the account was expired. I removed the expiry from my local copy of the key, but what is the best way to update on server side. Account recovery with browser extension didn’t help.

This is a self-hosted instance and I am the administrator, so I have full access to database and server keyring etc. if necessary. However I’d prefer any other solution to hand editing those if one exists

Hi @tplantta Here is a recent post that might help: Could not verify server key (gpg key expired)

Not that much since that post is about expired server key, not expired user key. I have done the first part about removing expiry from the key on client machine.

Now the rest of it is quite different for server key and user key. I find the user public key stored in two places on the server, in database table gpgkeys and in webserver user keyring. Which of these places, or both, should the modified key be replaced into? Is there anything else to be done than replacing the key?

@tplantta yes the procedure is as follow:

  • Remove the expiry date on your key (or push it back in the future). Export a new public key.
  • Edit the public gpg key in the database, make sure you update the modification date so that other users can get the new one
  • Remove the old key from the gpg keyring and Import the new key in the server gpg keyring (or alternatively if it doesn’t work you can create a new keyring, import the server key and let the application import the keys for the users as needed).
  • Do an account recovery.

We’ll try to provide a more user friendly procedure for this in the future.

1 Like

Thanks, got it back working. In editing the key in database I changed the following

  • updated field ‘armored_key’ with the modified key
  • set field ‘expires’ to null
  • set field ‘modifled’ to current timestamp

Is that all, or did I overlook something?

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.