The public key cannot be used to verify a signature

Hi,

After a fresh install i get the following error message, when i run a healthcheck however everything seems working fine, didn’t tried shared password right now.

The public key cannot be used to verify a signature.

Hi @tsradmin,

We’ve never seen this issue.
It is not an blocker right now, but it could become one later with a future version of passbolt.

Do you know which version of gpg did you use to generate the server key ? And which version of gpg you’re using on the server if not the same ?

Hi,

This is the last version from CentOS 7:

gpg (GnuPG) 2.0.22
libgcrypt 1.5.3

We use an ansible role to generate keys and the role use gen-key in batch mode with these parameters :

Key-Type: 1
Key-Length: 2048
Subkey-Type: 1
Subkey-Length: 2048
...

This issue occurs for any key that you generate using this method or just some of them?
Could you give me (or send me at contact@passbolt.com) the exact command you use (as I couldn’t reproduce it so far)?

Here is the command from the ansible role :

"gpg --batch --gen-key {{ gpg_home }}/.gnupg/gen-key-script-{{ gpg_user }} chdir={{ gpg_home }}"

And the content of the “gen-key-script-{{ gpg_user }}” file :

%echo Generating a basic OpenPGP key
Key-Type: 1
Key-Length: 2048
Subkey-Type: 1
Subkey-Length: 2048
Name-Real: XXX
Name-Email: XXX@XXX.XXX
Expire-Date: 3650
%pubring XXX.pub
%secring XXX.priv
%commit
%echo done

I’ve found a gpg.conf file in the .gnupg directory:

# Options for GnuPG

#keyserver hkp://keys.gnupg.net
use-agent

auto-key-locate cert pka ldap hkps://hkps.pool.sks-keyservers.net
keyserver hkps://hkps.pool.sks-keyservers.net
keyserver-options ca-cert-file=/etc/ssl/certs/sks-keyservers.netCA.pem
keyserver-options no-honor-keyserver-url
keyserver-options auto-key-retrieve

# Crypto preferences
cert-digest-algo SHA256
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed
personal-cipher-preferences AES256 TWOFISH AES192 AES
personal-digest-preferences SHA512 SHA384 SHA256 SHA224
personal-compress-preferences BZIP2 ZLIB ZIP

The error messages seems disappear when i’m create keys from command line without any specific options :confused:

I’ve found the problem, the key and sub-key type need to be changed from “1” to “default” in the gpg batch file.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.