The public key cannot be used to verify a signature


After a fresh install i get the following error message, when i run a healthcheck however everything seems working fine, didn’t tried shared password right now.

The public key cannot be used to verify a signature.

Hi @tsradmin,

We’ve never seen this issue.
It is not an blocker right now, but it could become one later with a future version of passbolt.

Do you know which version of gpg did you use to generate the server key ? And which version of gpg you’re using on the server if not the same ?


This is the last version from CentOS 7:

gpg (GnuPG) 2.0.22
libgcrypt 1.5.3

We use an ansible role to generate keys and the role use gen-key in batch mode with these parameters :

Key-Type: 1
Key-Length: 2048
Subkey-Type: 1
Subkey-Length: 2048

This issue occurs for any key that you generate using this method or just some of them?
Could you give me (or send me at the exact command you use (as I couldn’t reproduce it so far)?

Here is the command from the ansible role :

"gpg --batch --gen-key {{ gpg_home }}/.gnupg/gen-key-script-{{ gpg_user }} chdir={{ gpg_home }}"

And the content of the “gen-key-script-{{ gpg_user }}” file :

%echo Generating a basic OpenPGP key
Key-Type: 1
Key-Length: 2048
Subkey-Type: 1
Subkey-Length: 2048
Name-Real: XXX
Name-Email: XXX@XXX.XXX
Expire-Date: 3650
%secring XXX.priv
%echo done

I’ve found a gpg.conf file in the .gnupg directory:

# Options for GnuPG

#keyserver hkp://

auto-key-locate cert pka ldap hkps://
keyserver hkps://
keyserver-options ca-cert-file=/etc/ssl/certs/sks-keyservers.netCA.pem
keyserver-options no-honor-keyserver-url
keyserver-options auto-key-retrieve

# Crypto preferences
cert-digest-algo SHA256
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed
personal-cipher-preferences AES256 TWOFISH AES192 AES
personal-digest-preferences SHA512 SHA384 SHA256 SHA224
personal-compress-preferences BZIP2 ZLIB ZIP

The error messages seems disappear when i’m create keys from command line without any specific options :confused:

I’ve found the problem, the key and sub-key type need to be changed from “1” to “default” in the gpg batch file.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.