The OpenPGP key for the user could not be imported in GnuPG

Checklist
[Done] I have read intro post: About the Installation Issues category
[Done] I have read the tutorials, help and searched for similar issues
[Done] I provide relevant information about my server (component names and versions, etc.)
[Done] I provide a copy of my logs and healthcheck
[Done] I describe the steps I have taken to trouble shoot the problem
[Done ] I describe the steps on how to reproduce the issue

Server operating system name and version:
Amazon GNU Linux 2 (Kernel 4.14.55-68.37.amzn2.x86_64)
– Web server name and version:
Nginx (1:1.12.2-2.el7)
– Database server name and version:
Mairadb (1:5.5.56-2.amzn2)
– Php version
PHP (PHP 7.2.8 (cli) )
– Passbolt version
Passbolt (2.1.0)

 ____                  __          ____
/ __ \____  _____ ____/ /_  ____  / / /_

/ // / __ `/ / / __ / __ / / _/
/ / // ( |
) /
/ / /
/ / / /
/
/ _
,
/
//.__/__//_/

Open source password manager for teams

Healthcheck shell

Environment

[PASS] PHP version 7.2.8.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable.
[PASS] The public image directory and its content are writable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.

Config files

[PASS] The application config file is present
[PASS] The passbolt config file is present

Core config

[FAIL] Debug mode is on.
[HELP] Set debug = false; in config/passbolt.php
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://vault.goplayplay.com
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.

SSL Certificate

[PASS] SSL peer certificate validates
[PASS] Hostname is matching in SSL certificate.
[PASS] Not using a self-signed certificate

Database

[PASS] The application is able to connect to the database
[PASS] 18 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.

GPG Configuration

[PASS] PHP GPG Module is installed and loaded.
[PASS] The server gpg key is not the default one
[PASS] The environment variable GNUPGHOME is set to /var/lib/nginx/.gnupg.
[PASS] The directory /var/lib/nginx/.gnupg containing the keyring is writable by the webserver user.
[PASS] The public key file is defined in config/passbolt.php and readable.
[PASS] The private key file is defined in config/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in config/passbolt.php.
[PASS] The server public key defined in the config/passbolt.php is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.

Application configuration

[PASS] Using latest passbolt version (2.1.0).
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.

1 error(s) found. Hang in there!

Went to check with “./src/Auth/GpgAuthenticate.php”, Found that exception was throw from “_initUserKey(string $keyid)”. Not really sure why the %keyid is empty and database is with the valid key.


image

After enter password, information above pop up.

Hi @BigBuBu,

  • What kind of public key is it? Did you import it or create it during the setup?
  • Is it a new installation with existing user or is it the first one?
  • Can you share the public key with us so that we can try to see if the import fails on another setup?

You can also try to import the user public key in gnupg keyring manually on the server and see if there is more information why the import is failing (or if it imports and solves the issue).

I did have the same problem.

Right after install and creation of the first user it takes up to 2 minutes before I was able to log in. This should not be a permanent error. Once I invite a new user it works just fine. :slight_smile:

@flogalen this can happen when the clock of the client is set in the future or the clock of the server lagging behind in the past. For example I’ve seen this on virtualbox machines after a sleep before the clock is sync’ed again.

Hi @remy

  • This is the first user (admin). The Server key authentication passed, it’s the authentication between user and server part.
  • This is fresh-install.
  • Below is the armored_key stored in DB.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: OpenPGP.js v3.0.9
Comment: https://openpgpjs.org

xsBNBFtVX7EBCAC+aJh00wxCBk02damlQjglIutxbQiCgtsH4gHHjsKmvk57
3sH5bZhHl0+i++GfjecA3gEYBmeWJUZFRItbFMjcRgKpXvcXGyJItj/wUQW2
aGqD+jnZdTEikYdgcp1eeOwbZ7640NL37j8Yes1Svy5/+CyyF42Gp8Lj7ijs
WwCzRLIzJlxHBcvlA6ZlPG/KO/3agV3bXgWokEj+2K0BDDhZsR4WibY6TYxS
Eum9AhH4FzsDPYk9mL+mpgHzpp5DEcHOwa9ovTol314dn9PR0xxKoUn8JQtp
i/g43tv5Hy0eIC1z+L8/0wi3D0jww+xZsumD0fBM50g9xViR1F/ipbiZABEB
AAHNJFdlbHNoIFlldyA8bWN5ZXdAaWctaW50ZXJhY3RpdmUuY29tPsLAdQQQ
AQgAKQUCW1VfsQYLCQcIAwIJEIODsgljDKR4BBUICgIDFgIBAhkBAhsDAh4B
AADzRQf/Rds/OjGc5Ft2HJ9cp01rDguxXU6Buwe1q4bIvIAvAhyrAc47yrpt
+fFfzbQNch4ZKMbhi8SOEWC4YP1WtpdjDTSzEBHFdt3bRpTEyXEN1Sk8u9Yk
ueCbUEtTMLLGrl6l1VVMwJLQt7J70RRZvYqS5wW88Ywfu+08tH0BnSFDnqe+
xRKwfm8rF/lVedQSzF2U8OmAGsQ/ON5r5gTJEUOEWm8gWIzMc/RAWK5nclwi
fi8hLhEmumL++6MaR2s6cmkFE8NycrcsiagDzwRWsHQLITiARYFysaMHVLuD
BBQ8LfKKMco4LcgT7bHRQHZF22T1IYXbLyRskDBQelM9DhWQBs7ATQRbVV+x
AQgAtj37To4WQ1/bHmTO6fkSUYfXIoRpS58WiKLXoyYSDHCEQh8LLWd3/fUi
RAhR0jwq00XieNW+g8XYgEJM7opPptTPIp2wTIgLzB4yW64lkTqT7DG3StyJ
ggIAHZkvUfvcvUECOZ1r49Xo6yaeh1HdAfCQnnLkufTmFud+tnRU9o2ypzyv
85HRksfffMLMyVkGajfV0sg8SnaEbNBKlKlz98o221OTTJ2qBQkUOimwdUoW
YTC2HYWgLNV3SFiPEAaOVu/cmrhINxc85yVXuRZrV0lZmhri03PsD/yZTZ/H
bMv3fyhlRlwfPo8OMGqVKOCAXYjOJi6NBi4jbyR0BVJ5MQARAQABwsBfBBgB
CAATBQJbVV+xCRCDg7IJYwykeAIbDAAAvGAH/20bWdH6szzQfr6inbp5F+bs
1NuPYMeIMTOhyTT0Kb+l+WC/0QT+UBVOOBV0exb51e6rLo920DksjCFfWN0v
q7I6FKNLTYDa+qKqdeayuJ8b+la8+B0IPSjszu29kwt2/NY+oy+BGuoiO4cT
9Xusf/e++7MVTj7N1Q28aLlzGngGdtLyCHJhHaxC6M+9YfMk/pTU5FguAUrI
iGgsNZjNR+nLJurj7/IZaxAltgyjCTanmPpv+3q3es50l9ozK98igvmxlfhg
Ivr51vWD/YmLif4QzBuI46SELJ/ZqtZcSuZmCksLgmSTGH+irbHLpLgYKrxo
OYMIBTmW0eytIZl1nbY=
=kNQ5
-----END PGP PUBLIC KEY BLOCK-----

Okay, I will give your suggestion a try. :slight_smile:

Hi @flogalen,

Not really sure if it’s the same issue. But it’s few days after installation, still can’t :frowning:

@remy, When I trying to import manually, I got the result as below:

gpg: assuming bad signature from key 1DCDF90B due to an unknown critical bit
gpg: assuming bad signature from key 1DCDF90B due to an unknown critical bit
gpg: key 1DCDF90B: no valid user IDs
gpg: this may be caused by a missing self-signature
gpg: Total number processed: 1
gpg: w/o user IDs: 1

Besides when I follow the setup-guide to do this : sudo su -s /bin/bash -c “gpg --list-keys” nginx

gpg: directory /var/lib/nginx/.gnupg' created gpg: new configuration file/var/lib/nginx/.gnupg/gpg.conf’ created
gpg: WARNING: options in /var/lib/nginx/.gnupg/gpg.conf' are not yet active during this run gpg: keyring/var/lib/nginx/.gnupg/pubring.gpg’ created
gpg: /var/lib/nginx/.gnupg/trustdb.gpg: trustdb created

Hi Guys, Could it be Amazon EC2 instance issue?

This could be an issue with Openpgpjs / Gnupg compatibility. Since it’s a new install I’d recommend reinstalling and creating a new user / following the setup again.

@BigBuBu I’m not able to reproduce the key import issue, so maybe it’s an issue with the gnupg version running on the server. Can you check the version number to see if we can reproduce it?

Hi @remy Thanks for responding! Below is the gpg version info.

sh-4.2$ gpg --verison
gpg: invalid option “–verison”
bash-4.2$ gpg --version
gpg (GnuPG) 2.0.22
libgcrypt 1.5.3
Copyright © 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ?, ?, ELG, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

Any user successfully install on Amazon-Linux2 machine before?

I will reinstall everything from scratch again, and update again. Thanks @remy!

I tried with both Gnupg 2.1 and 2.2, so maybe worth checking if you can update the Gpg version or try with a different Linux distro if that’s not possible.

Thanks Buddy, really appreciate your time. I will start everything from scratch again. I will update here if really it’s distro causing this issue.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.