Hi,
After a fresh install i get the following error message, when i run a healthcheck however everything seems working fine, didn’t tried shared password right now.
The public key cannot be used to verify a signature.
Hi,
After a fresh install i get the following error message, when i run a healthcheck however everything seems working fine, didn’t tried shared password right now.
The public key cannot be used to verify a signature.
Hi @tsradmin,
We’ve never seen this issue.
It is not an blocker right now, but it could become one later with a future version of passbolt.
Do you know which version of gpg did you use to generate the server key ? And which version of gpg you’re using on the server if not the same ?
Hi,
This is the last version from CentOS 7:
gpg (GnuPG) 2.0.22
libgcrypt 1.5.3
We use an ansible role to generate keys and the role use gen-key in batch mode with these parameters :
Key-Type: 1
Key-Length: 2048
Subkey-Type: 1
Subkey-Length: 2048
...
This issue occurs for any key that you generate using this method or just some of them?
Could you give me (or send me at contact@passbolt.com) the exact command you use (as I couldn’t reproduce it so far)?
Here is the command from the ansible role :
"gpg --batch --gen-key {{ gpg_home }}/.gnupg/gen-key-script-{{ gpg_user }} chdir={{ gpg_home }}"
And the content of the “gen-key-script-{{ gpg_user }}” file :
%echo Generating a basic OpenPGP key
Key-Type: 1
Key-Length: 2048
Subkey-Type: 1
Subkey-Length: 2048
Name-Real: XXX
Name-Email: XXX@XXX.XXX
Expire-Date: 3650
%pubring XXX.pub
%secring XXX.priv
%commit
%echo done
I’ve found a gpg.conf file in the .gnupg directory:
# Options for GnuPG
#keyserver hkp://keys.gnupg.net
use-agent
auto-key-locate cert pka ldap hkps://hkps.pool.sks-keyservers.net
keyserver hkps://hkps.pool.sks-keyservers.net
keyserver-options ca-cert-file=/etc/ssl/certs/sks-keyservers.netCA.pem
keyserver-options no-honor-keyserver-url
keyserver-options auto-key-retrieve
# Crypto preferences
cert-digest-algo SHA256
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed
personal-cipher-preferences AES256 TWOFISH AES192 AES
personal-digest-preferences SHA512 SHA384 SHA256 SHA224
personal-compress-preferences BZIP2 ZLIB ZIP
The error messages seems disappear when i’m create keys from command line without any specific options
I’ve found the problem, the key and sub-key type need to be changed from “1” to “default” in the gpg batch file.
This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.