This key does not match any account

This key does not match any account. i am getting this error while recovering the account

Hi @yash What’s the situation? Are you testing recovery after creating a user?

I notice you are using passbolt_private(1).txt is there a passbolt_private.txt?

i am trying to recover my account

@yash Yes, I understand you are trying to recover your account. I’m assuming you believe the key should work, but as we can see the message is saying it doesn’t match any account.

If the key you need is lost and you haven’t shared the passwords with any other user, then the passwords are lost.

Do you have access at all from any device? Recovery is also the process by which users create access from an additional device, which is why I’m asking.

What is the reason you are needing to recover your account? Can you provide more info about this?

There is another thing, when i click recover password and send email, it shows email sent but the emails are not triggering, do I need to setup smtp?

i have used this private key previously as well to recover my account, and it worked properly, is there anything that i can find in the database?

There is another thing, when i click recover password and send email, it shows email sent but the emails are not triggering, do I need to setup smtp?

@yash Refer to Passbolt Help | Why are my emails not being sent? for steps to check.

i have solved the email issue, but i am getting private key doesn’t exist error, does the private keys get expired or something

@yash No, if you had passbolt create the private key for you it doesn’t have an expiration.

@remy I know the messages have gotten clearer in recent updates. Would this message indicate the key is in the keyring already? What else is behind this message that should be checked?

Hello this error basically means that the “verify” operation cannot be performed. I’m not sure why, it could be an issue with the server key or the user key.

A few things that would help identify the issue:

  • Make sure the server is up to date and indicate the version you are using
  • Run a health check on the server side to make sure the server key can be used.
  • Check for errors on the server side logs
  • Show us the extension logs and the verify.json request response

We can assist you if you need help to get this info.
Thanks,

2 Likes

yes please, how to do that, can you help me with this

If you installed passbolt recently you should be able to do:
sudo /usr/share/php/passbolt/bin/status-report

For the web extension logs, if you are using Google Chrome can you please go to: chrome://extensions ; Activate the Developer mode in the top right corner ; look for the Passbolt card and click details button ; Looks for the Inspect views and the index.html link ; A new window will appear this is the debugger of the browser extension, try to reproduce the error and send us the logs

i am using ./bin/status-report
there is no file named status report in bin folder

do i have to add any file @remy ?

i am using ./bin/status-report
there is no file named status report in bin folder

Should i create a new instance of passbolt and then copy the old database @remy

Hi,

If you have no data in your instance you might as well restart from start with a clean install yes. Otherwise we can still try to fix this one.

What do you see in this bin directory:

sudo ls /usr/share/php/passbolt/bin/

Is there anything you can run, like cake? if so you can try to run

su -s /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck" www-data

Open source password manager for teams

Healthcheck shell

Environment

[PASS] PHP version 7.3.33-4+0~20220627.98+debian9~1.gbp40b3e4.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable.
[PASS] The public image directory and its content are writable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.

Config files

[PASS] The application config file is present
[PASS] The passbolt config file is present

Core config

[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://creds.bpl-dev.com
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.

SSL Certificate

[PASS] SSL peer certificate validates
[PASS] Hostname is matching in SSL certificate.
[PASS] Not using a self-signed certificate

Database

[PASS] The application is able to connect to the database
[PASS] 23 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.

GPG Configuration

[PASS] PHP GPG Module is installed and loaded.
[PASS] The server gpg key is not the default one
[PASS] The environment variable GNUPGHOME is set to /home/master/.gnupg.
[PASS] The directory /home/master/.gnupg containing the keyring is writable by the webserver user.
[PASS] The public key file is defined in config/passbolt.php and readable.
[FAIL] The private key file is not defined in config/passbolt.php or not readable.
[HELP] Ensure the private key file is defined by the variable passbolt.gpg.serverKey.private in config/passbolt.php.
[HELP] Ensure there is a private key armored block in the key file.
[HELP] Ensure the private key defined in config/passbolt.php exists and is accessible by the webserver user.
[HELP] See. Passbolt Help | Installation
[FAIL] The server key fingerprint doesn’t match the one defined in config/passbolt.php.
[HELP] Double check the key fingerprint, example:
[HELP] sudo su -s /bin/bash -c “gpg --list-keys --fingerprint --home /home/master/.gnupg” master_qkkygwshtj | grep -i -B 2 ‘SERVER_KEY_EMA
IL’
[HELP] SERVER_KEY_EMAIL: The email you used when you generated the server key.
[HELP] See. Passbolt Help | Installation
[FAIL] The server public key defined in the config/passbolt.php is not in the keyring
[HELP] Import the private server key in the keyring of the webserver user.
[HELP] you can try:
[HELP] sudo su -s /bin/bash -c “gpg --home /home/master/.gnupg --import /mnt/data/home/master/applications/thtggjbrym/public_html/confi/gp
g/serverkey_private.asc” master_qkkygwshtj
[FAIL] The server key does not have a valid email id.
[HELP] Edit or generate another key with a valid email id.

Application configuration

[FAIL] This installation is not up to date. Currently using 2.4.0 and it should be v3.6.0.
[HELP] See. Passbolt Help | Update
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.

5 error(s) found. Hang in there!

@remy i have added the health check

Hi @yash,

I think the best at that stage would be to upgrade, since you’re using v2.4 which is from 2018.
Best would be to create a new server on a Debian10 and migrate your data using this tutorial: Passbolt Help | Migrate passbolt CE from install scripts to Debian package

Otherwise you can try to follow the instructions provided in the healthcheck under [HELP] after the [FAIL].
Cheers,

Dear Community,

This is my first post :blush: I’m happy to join.
I’ve been an enthusiast Passbolt user for several years, and I am for the first time facing issues I could not solve by crawling the web and more particularly this forum.

One of the problem is the same as yash’s, although the cause might be different. Since his post is quite recent, I thought it was better to continue it rather than creating a new one. Please correct me if it wasn’t the proper thing to do.

I am trying to install my account on a new laptop and did the recovery process. I got the email, clicked and experienced the same problem “This key does not match any account”. I had successfully done the same on another laptop a year ago.

First, here’s my healthcheck :

$ sudo -H -u www-data bash -c “/var/www/passbolt/bin/cake passbolt healthcheck”

 ____                  __          ____  
/ __ \____  _____ ____/ /_  ____  / / /_ 

/ // / __ `/ / / __ / __ / / _/
/ / // ( |
) /
/ / /
/ / / /
/
/ _
,
/
//./_//__/

Open source password manager for teams

Healthcheck shell

Environment

[PASS] PHP version 7.4.3.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable and not executable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.

Config files

[PASS] The application config file is present
[PASS] The passbolt config file is present

Core config

[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://passbolt.xxx.xxx
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.

SSL Certificate

[PASS] SSL peer certificate validates
[PASS] Hostname is matching in SSL certificate.
[PASS] Not using a self-signed certificate

Database

[PASS] The application is able to connect to the database
[PASS] 26 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.

GPG Configuration

[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /home/www-data/.gnupg.
[PASS] The directory /home/www-data/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server OpenPGP key is not the default one
[PASS] The public key file is defined in config/passbolt.php and readable.
[PASS] The private key file is defined in config/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in config/passbolt.php.
[PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.
[PASS] The server public key format is Gopengpg compatible.
[PASS] The server private key format is Gopengpg compatible.

Application configuration

[PASS] Using latest passbolt version (3.6.0).
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.

JWT Authentication

[PASS] The JWT Authentication plugin is enabled
[PASS] The /var/www/passbolt/config/jwt/ directory is not writable.
[PASS] A valid JWT key pair was found

[PASS] No error found. Nice one sparky!

The fingerprint of the private key I used matched the fingerprint of the public key on the keyring of the server (I’ve obfuscated some infos) :

laptop side :

$ gpg --list-packets passbolt_private.asc
# off=0 ctb=c5 tag=5 hlen=3 plen=966 new-ctb
:secret key packet:
version 4, algo 1, created 1570006720, expires 0
pkey[0]: [2048 bits]
[…]
keyid: 0123456789ABCDEF
# off=969 ctb=cd tag=13 hlen=2 plen=20 new-ctb
:user ID packet: “My user <my@mail.com>”

server side :

$ gpg --list-keys
/home/www-data/.gnupg/pubring.kbx
---------------------------------
[…]
pub rsa2048 2019-10-02 [SC]
XXXXXXXXXXXXXXXXXXXXXXXX0123456789ABCDEF
uid [ ultime ] My user <my@mail.com>
sub rsa2048 2019-10-02 [E]

There are no other keys listed for my@mail.com
The key was created by Pasbolt so there is no expiration.

I did not find any relevant logs on the server, but will be happy to provide them if required.

One final thing I noticed : with a packet capture on the server (tshark), I can see that the error message appears right away : there is no communication between the client and the server when I click on “Next”. Is this the expected behaviour ?

Could you please point me to some possible causes ? I’ve been trying to solve this for several days and finally gave up. As a workaround, I’ve created a new user account on the new laptop and have shared all my passwords with that new user. It works but it is not very satisfying.

Many thanks !

Dũng