Public and private keys cannot be used to encrypt and sign a message

New installation on Debian 9. I followed the guide however when running healthecheck i get the following errors
./bin/cake passbolt healthcheck

Same issue recorder here https://github.com/passbolt/passbolt_api/issues/213

GPG Configuration

 [PASS] PHP GPG Module is installed and loaded.
 [PASS] The server gpg key is not the default one
 [PASS] The environment variable GNUPGHOME is set to /var/www/.gnupg.
 [PASS] The directory /var/www/.gnupg containing the keyring is writable by the webserver user.
 [PASS] The public key file is defined in config/passbolt.php and readable.
 [PASS] The private key file is defined in config/passbolt.php and readable.
 [PASS] The server key fingerprint matches the one defined in config/passbolt.php.
 [PASS] The server public key defined in the config/passbolt.php is in the keyring.
 [PASS] There is a valid email id defined for the server key.
 [PASS] The public key can be used to encrypt a message.
 [FAIL] The private key cannot be used to sign a message
  [HELP] Make sure that the server private key is valid and that there is no passphrase.
  [HELP] Make sure you imported the private server key in the keyring of the webserver user.
  [HELP] you can try:
  [HELP] sudo su -s /bin/bash -c "gpg --home /var/www/.gnupg --import /var/www/passbolt/config/gpg/serverkey_private.asc" www-data
 [FAIL] The public and private keys cannot be used to encrypt and sign a message
 [FAIL] The private key cannot be used to decrypt a message
 [FAIL] The private key cannot be used to decrypt and verify a message
 [FAIL] The public key cannot be used to verify a signature.

 Application configuration

 [PASS] Using latest passbolt version (2.1.0).
 [PASS] Passbolt is configured to force SSL use.
 [PASS] App.fullBaseUrl is set to HTTPS.
 [PASS] Selenium API endpoints are disabled.
 [PASS] Search engine robots are told not to index content.
 [PASS] Registration is closed, only administrators can add users.
 [PASS] Serving the compiled version of the javascript app
 [PASS] All email notifications will be sent.

Hi @stelios ,

It seems that there is a problem with your private key. Could you check:

  1. that your private key is in your keyring: sudo su -s /bin/bash -c "gpg --home /var/www/.gnupg --import /var/www/passbolt/config/gpg/serverkey_private.asc" www-data
  2. that your private key is not encrypted with a password.
  3. that your version of gpg is v2: gpg --version. We have seen similar issues with the keyring being managed by gpg2 while the keys were imported by gpg1.
  4. if it’s still not working, then try to generate another keypair, don’t forget to update the fingerprint in passbolt.php and try again.

Let me know if any of this works.

thanks found the issue , added a password to the key. missed that in teh documentation

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.