The server key fingerprint doesn't match the one defined in app/config.php

There was a recent thread regarding this same issue, but was never resolved:

This is on ubuntu 16.04.

When I run:

sudo -H -u www-data /bin/bash -c “gpg --list-keys --fingerprint --home /var/www/.gnupg”

I do see the correct name and email address I created the keys with.

/var/www/passbolt/app/Config/app.php has the correct values for:

  • home
  • fingerprint
  • public
  • private
                    'home' => '/var/www/.gnupg',
            ],
            // Main server key
            'serverKey' => [
                    // Server private key location and fingerprint
                    'fingerprint' => 'OMITTED',
                    'public' => APP . 'Config' . DS . 'gpg' . DS . 'unsecure.key',
                    'private' => APP . 'Config' . DS . 'gpg' . DS . 'unsecure_private.key',

I specifically exported my public and private keys to match the default expected names above.

Hello,

Is it safe to assume that you are using Apache? I used Nginx, so I’m not sure how this works for Apache, but the nginx process is run by a user called nginx. Its home directory is /var/cache/nginx. I noticed that you list your home (i.e. www-data’s home) as “/var/www/”; you should double check if that’s www-data’s true home directory (isn’t that Apache’s default webroot?). If it’s not, I think moving the keys around to the true home directory should suffice.

I hope you find this to be useful.

I am using apache.

/var/www/ is indeed the home directory as evidenced by running

sudo -H -u www-data /bin/bash -c “cd ~; pwd”

as well as what it shows in /etc/passwd

I am basing my directions on the semi-official debian 8 instructions, but adapting them to Ubuntu 16.04 (just a few package names need changed).

Oh boy, I’m stumped. I can’t really think of anything other than a possible typo. If it’s not that, maybe try renaming the keys? Perhaps there are default settings in the different php files that test for the existence of the default keys. But that would seem unlikely, since I would expect the healthcheck to warn against the use of default keys vs. what I’m saying.

I also had problems with this and what I remember doing was simply moving the files created under the /root/.gnupg directory (I generated the keys as root) to /var/cache/nginx/.gnupg and modifying the values in the app.php file. Needless to say, I changed permissions accordingly. I’m sorry I can’t be of much help :disappointed:

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.