Release v3.6.0 - Cannot sign-in with unencrypted private key

With the new release v3.6.0 of the browser extension non encrypted private keys are not accepted anymore. This breaks the login mechanism for users who configured the extension with a non encrypted key, e.g. a key without a passphrase.

In order to fix the problem, we propose you to use an OpenPGP compatible tool to set a passphrase on the key and perform an account recovery in passbolt. Here is a quick how-to using Gnupg.

1. Defining a private key passphrase using Gnupg.

With your user key private key in hand (recovery kit), Import the unencrypted private key in the gnupg keyring (if it is not already there).

$ gpg --import UNENCRYPTED_PRIVATE_KEY_FILE_NAME.asc

gpg: key 1353B5B15D9B054F: "Ada Lovelace <ada@passbolt.com>" not changed
gpg: key 1353B5B15D9B054F: secret key imported
gpg: Total number processed: 1
gpg: unchanged: 1
gpg: secret keys read: 1
gpg: secret keys unchanged: 1

You can also see if a key already exists in the keyring:

$ gpg --list-secret-keys

/Users/you/.gnupg/pubring.kbx
------------------------------
sec rsa4096 2015-08-09 [SC]
03F60E958F4CB29723ACDF761353B5B15D9B054F
uid [ unknown] Ada Lovelace <ada@passbolt.com>
ssb rsa4096 2015-08-09 [E]

Change the passphrase of the private key, where KEY_ID can be found on the previous step, here the id is “03F60E958F4CB29723ACDF761353B5B15D9B054F” (see above):

$ gpg --edit-key KEY_ID

gpg> passwd
gpg> save

Export the key now protected by passphrase:

$ gpg --armor --export-secret-keys KEY_ID > PRIVATE_KEY_FILE_NAME.asc

2. Account recovery in passbolt.

With the now encrypted private key you will need to recover your account.

  • On the login step, you can click on “Switch to another account”
  • Open your mailbox and follow the link
  • Import the new key
  • Enter the passphrase
  • Login

That’s it. Thank you for your understanding and for your continued support!
Feel free to get in touch with us on the community forum or,
if you are a customer, at support@passbolt.com.