With the new release v3.6.0 of the browser extension non encrypted private keys are not accepted anymore. This breaks the login mechanism for users who configured the extension with a non encrypted key, e.g. a key without a passphrase.
In order to fix the problem, we propose you to use an OpenPGP compatible tool to set a passphrase on the key and perform an account recovery in passbolt. Here is a quick how-to using Gnupg.
1. Defining a private key passphrase using Gnupg.
With your user key private key in hand (recovery kit), Import the unencrypted private key in the gnupg keyring (if it is not already there).
$ gpg --import UNENCRYPTED_PRIVATE_KEY_FILE_NAME.asc gpg: key 1353B5B15D9B054F: "Ada Lovelace <email@example.com>" not changed gpg: key 1353B5B15D9B054F: secret key imported gpg: Total number processed: 1 gpg: unchanged: 1 gpg: secret keys read: 1 gpg: secret keys unchanged: 1
You can also see if a key already exists in the keyring:
$ gpg --list-secret-keys /Users/you/.gnupg/pubring.kbx ------------------------------ sec rsa4096 2015-08-09 [SC] 03F60E958F4CB29723ACDF761353B5B15D9B054F uid [ unknown] Ada Lovelace <firstname.lastname@example.org> ssb rsa4096 2015-08-09 [E]
Change the passphrase of the private key, where KEY_ID can be found on the previous step, here the id is “03F60E958F4CB29723ACDF761353B5B15D9B054F” (see above):
$ gpg --edit-key KEY_ID gpg> passwd gpg> save
Export the key now protected by passphrase:
$ gpg --armor --export-secret-keys KEY_ID > PRIVATE_KEY_FILE_NAME.asc
2. Account recovery in passbolt.
With the now encrypted private key you will need to recover your account.
- On the login step, you can click on “Switch to another account”
- Or go to url https://PASSBOLT_URL/users/recover
- Open your mailbox and follow the link
- Import the new key
- Enter the passphrase