Checklist
I have read intro post: About the Installation Issues category
I have read the tutorials, help and searched for similar issues
I provide relevant information about my server (component names and versions, etc.)
I provide a copy of my logs and healthcheck
I describe the steps I have taken to trouble shoot the problem
I describe the steps on how to reproduce the issue
Hello,
I have a VM created in Vsphere 6.7 using Oracle Linux 8.5, the Passbolt CE version is updated and corresponds to 3.11; it has 4 cores and 8 GB RAM allocated and 40 GB (in terms of cores, RAM and hard disk space is normal).
At present the administrator users and those who have created their account can log in normally (via the plugin in the browsers, or directly in the browsers), create new passwords and groups, share, etc. In general the operation is normal.
The problem we have is with new users; when they trying to configure the account gives an error.
Process.
- Login using an admin account.
- The new account is created for a collaborator in Passbolt.
- The new collaborator enters the link and tries to create the account.
- He/she receives the error message that it is not feasible to create the account.
- OpenPGP key cannot be used for encrypting.
Error Message.
OpenPGP key cannot be used for encrypting
{
“code”: 400,
“body”: {
“gpgkey”: {
“gpgkey”: { “OpenPGP key cannot be used for encryption.”
}
}
}
I’ve searched the forum for help, there are similar issues but I haven’t found the solution yet.
The OpenPGP key can not be used to encrypt
Facing "The OpenPGP key can not be used to encrypt." while installation is from source code
GPG-Key creation failed
Error 400 - "armored_key": "The OpenPGP key can not be used to encrypt." [pubring.kbx file permissions] - #8 by Cedric2
Entropy is at 256, which at least for password creation and normal use does not seem to be a problem.
Is it necessary to increase entropy, or install rng-tools?
$ cat /proc/sys/kernel/random/entropy_avail
256
The server’s private and public keys were created during installation in January, and seem to be fine; there is no expiration date.
$ gpg --show-keys /etc/passbolt/gpg/serverkey.asc
pub rsa3072 2023-01-20 [SC]
3940…E3B9
uid server.domain.org (Passbolt) email@server.domain.org
sub rsa3072 2023-01-20 [E]
*for security reasons change / simplify some data.
One factor could be the time, but observing the server time is correct (NTP is used). Have the same our that my laptop.
Server time
$ timedatectl
Local time: Mon 2023-03-06 17:05:00 CST
Universal time: Mon 2023-03-06 23:05:00 UTC
RTC time: Mon 2023-03-06 23:05:00
Time zone: America/Costa_Rica (CST, -0600)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
Laptop time (Windows 10 x64)
05:05 PM
The pubring.kbx looks fine (owner nginx).
$ ls -lh ./var/lib/passbolt/.gnupg/pubring.kbx
-rw-r–r–. 1 nginx nginx 14K Jan 23 19:36 ./var/lib/passbolt/.gnupg/pubring.kbx
Passbolt API status
Environment
PHP version 8.1.16. > Pass
PCRE compiled with unicode support. > Pass
Temporary directory and its contents are writable and not executable. > Pass
The logs directory and its contents are writable. > Pass
GD or Imagick extension is installed. > Pass
The Intl extension is installed. > Pass
Mbstring extension is installed. > Pass
SSL access is enabled. > Pass
Configuration files
Application configuration file is present > Pass
The passbolt configuration file is present > Pass
Core config
Debugging mode is disabled. > Pass
Cache is working. > Pass
Single value set for security.salt > Pass
Full base url is set to https://server.domain.org/passbolt. > Pass
App.fullBaseUrl validation OK. > Pass
Could not reach /healthcheck/status with url specified in App.fullBaseUrl > Error (maybe for the reverse proxy)
Database
The application can connect to the database > Pass
26 tables found > Pass
Some default content is present > Pass
Database schema is up to date. > Pass
GPG configuration
The PHP GPG module is installed and loaded. > Pass
The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg. > Pass
The web server user can write to the /var/lib/passbolt/.gnupg directory containing the keychain. > Pass
The OpenPGP key on the server is not the default key. > Pass
The public key file is defined in /etc/passbolt/passbolt.php and is readable. > Pass
The private key file is defined in /etc/passbolt/passbolt.php and is readable. > Pass
The fingerprint of the server key matches that defined in /etc/passbolt/passbolt/passbolt.php. > Pass
The server public key defined in /etc/passbolt/passbolt.php (or environment variables) is in the keyring. > Pass
There is a valid email identifier defined for the server key. > Pass
The public key can be used to encrypt a message. > Pass
The private key can be used to sign a message. > Pass
The public and private keys can be used to encrypt and sign a message. > Pass
The private key can be used to decrypt a message. > Pass
The private key can be used to decrypt and verify a message. > Pass
The public key can be used to verify a signature. > Pass
The public key format of the server is supported by Gopengpg. > Pass
The server’s private key format is Gopengpg-compliant. > Pass
Application configuration
Unable to connect to the passbolt repository to check versions It is not possible to check if your version is up to date. > Error (its updated, v3.11)
Passbolt is configured to force the use of SSL. > Pass
App.fullBaseUrl is configured as HTTPS. > Pass
Selenium API endpoints are disabled. > Pass
Search engine robots are told not to index the content. > Pass
Self Registration plugin is enabled. > Pass
Registration is closed, only administrators can add users. > Pass
Obsolete self-registration public configuration was found in /etc/passbolt/passbolt.php. > > Warning
Host availability check is disabled. > Warning
Serving the compiled version of the javascript application. > Pass
Some email notifications are disabled by the administrator. > Warning
Any recommendations on what to validate?
Regards.