Hi All,
I’m attempting to install passbolt for testing but keep hitting a wall with the following error:
"Error: [Cake\Http\Exception\InternalErrorException] The OpenPGP server key defined in the config cannot be used to decrypt. Could not import the key. (/var/www/passbolt/src/Auth/GpgAuthenticate.php:284)
Request URL: /auth/verify.json?api-version=v1"
I’ve read through similar experiences on this forum which were the result of incorrect GPG versions or keyfile references for GPG keys, both of which I think do not apply to my case.
The build environment I’m using is:
Virtual Machine
Red Hat v7.9
Passbolt v2.12.1 (intended as I’d like to work with this previous version initially)
gpg (GnuPG) v2.0.22
PHP v7.2.34
Following the build (which includes SELinux updates and 600 perms to “/usr/share/httpd/.gnupg/” I am able to register a new user and access the website but am presented with the following page when I attempt to login:
When I inspect the GPG keys as the apache user I get the following:
[root@dev-passbolt passbolt]# su -s /bin/bash -c "gpg --list-keys --with-finger" apache
/usr/share/httpd/.gnupg/pubring.gpg
-----------------------------------
pub 2048R/EDC6CC8D 2020-10-29
Key fingerprint = E068 B649 F85B 8A3E 13F7 4EBF 2B03 4FA5 EDC6 CC8D
uid dev-passbolt <dev-passbolt@OMITTED>
sub 2048R/0037CA8E 2020-10-29
[root@dev-passbolt passbolt]# su -s /bin/bash -c "gpg --list-secret-keys --with-finger" apache
/usr/share/httpd/.gnupg/secring.gpg
-----------------------------------
sec 2048R/EDC6CC8D 2020-10-29
Key fingerprint = E068 B649 F85B 8A3E 13F7 4EBF 2B03 4FA5 EDC6 CC8D
uid dev-passbolt <dev-passbolt@OMITTED>
ssb 2048R/0037CA8E 2020-10-29
Both keys were exported to the following files:
su -s /bin/bash -c "gpg --armor --export-secret-keys dev-passbolt@OMITTED > /var/www/passbolt/config/gpg/serverkey_private_ecc.asc" apache
su -s /bin/bash -c "gpg --armor --export dev-passbolt@OMITTED > /var/www/passbolt/config/gpg/serverkey_ecc.asc" apache
and I compared that to the passbolt.php entry:
// Main server key.
'serverKey' => [
// Server private key fingerprint.
'fingerprint' => 'E068B649F85B8A3E13F74EBF2B034FA5EDC6CC8D',
'public' => CONFIG . 'gpg' . DS . 'serverkey_ecc.asc',
'private' => CONFIG . 'gpg' . DS . 'serverkey_private_ecc.asc',
I also ran the healthcheck which provides the following report:
I’m at a bit of a loss and could use some guidance please.
I’ll snapshot the current state and move on to building the latest release (using the installation scripts which are available instead of building from source-ish).
Thanks in advance,
Dave