With the new release v3.6.0 of the browser extension non encrypted private keys are not accepted anymore. This breaks the login mechanism for users who configured the extension with a non encrypted key, e.g. a key without a passphrase.
In order to fix the problem, we propose you to use an OpenPGP compatible tool to set a passphrase on the key and perform an account recovery in passbolt. Here is a quick how-to using Gnupg.
1. Defining a private key passphrase using Gnupg.
With your user key private key in hand (recovery kit), Import the unencrypted private key in the gnupg keyring (if it is not already there).
$ gpg --import UNENCRYPTED_PRIVATE_KEY_FILE_NAME.asc
gpg: key 1353B5B15D9B054F: "Ada Lovelace <ada@passbolt.com>" not changed
gpg: key 1353B5B15D9B054F: secret key imported
gpg: Total number processed: 1
gpg: unchanged: 1
gpg: secret keys read: 1
gpg: secret keys unchanged: 1
You can also see if a key already exists in the keyring:
$ gpg --list-secret-keys
/Users/you/.gnupg/pubring.kbx
------------------------------
sec rsa4096 2015-08-09 [SC]
03F60E958F4CB29723ACDF761353B5B15D9B054F
uid [ unknown] Ada Lovelace <ada@passbolt.com>
ssb rsa4096 2015-08-09 [E]
Change the passphrase of the private key, where KEY_ID can be found on the previous step, here the id is “03F60E958F4CB29723ACDF761353B5B15D9B054F” (see above):
$ gpg --edit-key KEY_ID
gpg> passwd
gpg> save
Export the key now protected by passphrase:
$ gpg --armor --export-secret-keys KEY_ID > PRIVATE_KEY_FILE_NAME.asc
2. Account recovery in passbolt.
With the now encrypted private key you will need to recover your account.
- On the login step, you can click on “Switch to another account”
- Or go to url https://PASSBOLT_URL/users/recover
- Open your mailbox and follow the link
- Import the new key
- Enter the passphrase
- Login
That’s it. Thank you for your understanding and for your continued support!
Feel free to get in touch with us on the community forum or,
if you are a customer, at support@passbolt.com.