The GnuPG key for the user could not be imported

Installation Issues
1

Moving this here from Github as requested:

  • Passbolt Version: 1965ea62ef187c78395078591c308e8e74266d14
  • Platform and Target:
    – Operating system: Ubuntu 16.04.3 LTS
    – PHP: 7.0
    – Web server: Apache 2.4.18
    – Database server: MySQL 14.14

What you did

Fresh install, keyring installed to /var/www/.gnupg and owned by www-data:www-data. This was accomplished by running as another user then copying all files from ~/.gnupg.

What happened

Creating a new user and their corresponding key works as expected, but when attempting to log in I receive the following error:

The server was unable to respect the authentication protocol!
There was a problem when trying to communicate with the server (HTTP Code:500)

passbolt healthcheck passes with no issues.

app/tmp/logs/error.log produces this message on any unsuccessful login attempt:

2018-01-02 16:06:42 Error: [InternalErrorException] The GnuPG key for the user could not be imported
Request URL: /auth/login.json
Stack Trace:
#0 /var/www/passbolt/app/Controller/Component/Auth/GpgAuthenticate.php(97): GpgAuthenticate->_setUserKey('b14c51b574562a7...', Array)
#1 /var/www/passbolt/lib/Cake/Controller/Component/AuthComponent.php(770): GpgAuthenticate->authenticate(Object(CakeRequest), Object(CakeResponse))
#2 /var/www/passbolt/lib/Cake/Controller/Component/AuthComponent.php(611): AuthComponent->identify(Object(CakeRequest), Object(CakeResponse))
#3 /var/www/passbolt/app/Controller/AuthController.php(35): AuthComponent->login()
#4 [internal function]: AuthController->login()
#5 /var/www/passbolt/lib/Cake/Controller/Controller.php(491): ReflectionMethod->invokeArgs(Object(AuthController), Array)
#6 /var/www/passbolt/lib/Cake/Routing/Dispatcher.php(193): Controller->invokeAction(Object(CakeRequest))
#7 /var/www/passbolt/lib/Cake/Routing/Dispatcher.php(167): Dispatcher->_invoke(Object(AuthController), Object(CakeRequest))
#8 /var/www/passbolt/app/webroot/index.php(110): Dispatcher->dispatch(Object(CakeRequest), Object(CakeResponse))
#9 {main}

I’ve regenerated the keyring as www-data, as suggested, to no avail. Again, the healthcheck passes completely, so I don’t believe it is a permissions issue.

2

Hello @superhawk610,

Could you confirm that the rights on the ~/.gnupg folder and its content are ok :

  • ~/.gnupg should be 700
  • ~/.gnupg/* should be 600

How did you generate the user key ? Generating it during the registration ? Importing it during the registration ?

Cheers,
Cédric

3

Permissions are all set to 777, just trying to get something to work. They’re located in /var/www/.gnupg, if that matters.

I generated the user key through the automated process that takes place in the browser after setting up a new user using cake passbolt register_user ....

I’ve gotten it successfully working using the docker container, and I’m already a day behind where I was planning to be with this deployment, so I’m going to chalk it up to bad luck and inexperience.

4

Hey, I think you have a permission issue on the folder and its content.

Only www-data should be able to access the keyring, otherwise the gnupg security mechanism rejects any (or maybe just when using it through gpgme) access.

When you have time, could you try the permissions I gave you in my previous comment and let us know.

Cheers

5

@superhawk610 I have also seen that you can trigger this error with GPG 2 when the key is created in the future, e.g. when either the server or the client time is not exactly on time. You can verify this by checking the “key_created” and “created” field difference on the Gpgkey entry for that user. Unfortunately php-gnupg fails on this import operation in this context without returning an error message.

6

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.