This key does not match any account. i am getting this error while recovering the account
Hi @yash Whatâs the situation? Are you testing recovery after creating a user?
I notice you are using passbolt_private(1).txt is there a passbolt_private.txt?
@yash Yes, I understand you are trying to recover your account. Iâm assuming you believe the key should work, but as we can see the message is saying it doesnât match any account.
If the key you need is lost and you havenât shared the passwords with any other user, then the passwords are lost.
Do you have access at all from any device? Recovery is also the process by which users create access from an additional device, which is why Iâm asking.
What is the reason you are needing to recover your account? Can you provide more info about this?
There is another thing, when i click recover password and send email, it shows email sent but the emails are not triggering, do I need to setup smtp?
i have used this private key previously as well to recover my account, and it worked properly, is there anything that i can find in the database?
There is another thing, when i click recover password and send email, it shows email sent but the emails are not triggering, do I need to setup smtp?
i have solved the email issue, but i am getting private key doesnât exist error, does the private keys get expired or something
@yash No, if you had passbolt create the private key for you it doesnât have an expiration.
@remy I know the messages have gotten clearer in recent updates. Would this message indicate the key is in the keyring already? What else is behind this message that should be checked?
Hello this error basically means that the âverifyâ operation cannot be performed. Iâm not sure why, it could be an issue with the server key or the user key.
A few things that would help identify the issue:
- Make sure the server is up to date and indicate the version you are using
- Run a health check on the server side to make sure the server key can be used.
- Check for errors on the server side logs
- Show us the extension logs and the verify.json request response
We can assist you if you need help to get this info.
Thanks,
2 Likes
yes please, how to do that, can you help me with this
If you installed passbolt recently you should be able to do:
sudo /usr/share/php/passbolt/bin/status-report
For the web extension logs, if you are using Google Chrome can you please go to: chrome://extensions ; Activate the Developer mode in the top right corner ; look for the Passbolt card and click details button ; Looks for the Inspect views and the index.html link ; A new window will appear this is the debugger of the browser extension, try to reproduce the error and send us the logs
i am using ./bin/status-report
there is no file named status report in bin folder
do i have to add any file @remy ?
i am using ./bin/status-report
there is no file named status report in bin folder
Hi,
If you have no data in your instance you might as well restart from start with a clean install yes. Otherwise we can still try to fix this one.
What do you see in this bin directory:
sudo ls /usr/share/php/passbolt/bin/
Is there anything you can run, like cake? if so you can try to run
su -s /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck" www-data
Open source password manager for teams
Healthcheck shell
Environment
[PASS] PHP version 7.3.33-4+0~20220627.98+debian9~1.gbp40b3e4.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable.
[PASS] The public image directory and its content are writable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.
Config files
[PASS] The application config file is present
[PASS] The passbolt config file is present
Core config
[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://creds.bpl-dev.com
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.
SSL Certificate
[PASS] SSL peer certificate validates
[PASS] Hostname is matching in SSL certificate.
[PASS] Not using a self-signed certificate
Database
[PASS] The application is able to connect to the database
[PASS] 23 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.
GPG Configuration
[PASS] PHP GPG Module is installed and loaded.
[PASS] The server gpg key is not the default one
[PASS] The environment variable GNUPGHOME is set to /home/master/.gnupg.
[PASS] The directory /home/master/.gnupg containing the keyring is writable by the webserver user.
[PASS] The public key file is defined in config/passbolt.php and readable.
[FAIL] The private key file is not defined in config/passbolt.php or not readable.
[HELP] Ensure the private key file is defined by the variable passbolt.gpg.serverKey.private in config/passbolt.php.
[HELP] Ensure there is a private key armored block in the key file.
[HELP] Ensure the private key defined in config/passbolt.php exists and is accessible by the webserver user.
[HELP] See. Passbolt Help | Installation
[FAIL] The server key fingerprint doesnât match the one defined in config/passbolt.php.
[HELP] Double check the key fingerprint, example:
[HELP] sudo su -s /bin/bash -c âgpg --list-keys --fingerprint --home /home/master/.gnupgâ master_qkkygwshtj | grep -i -B 2 âSERVER_KEY_EMA
ILâ
[HELP] SERVER_KEY_EMAIL: The email you used when you generated the server key.
[HELP] See. Passbolt Help | Installation
[FAIL] The server public key defined in the config/passbolt.php is not in the keyring
[HELP] Import the private server key in the keyring of the webserver user.
[HELP] you can try:
[HELP] sudo su -s /bin/bash -c âgpg --home /home/master/.gnupg --import /mnt/data/home/master/applications/thtggjbrym/public_html/confi/gp
g/serverkey_private.ascâ master_qkkygwshtj
[FAIL] The server key does not have a valid email id.
[HELP] Edit or generate another key with a valid email id.
Application configuration
[FAIL] This installation is not up to date. Currently using 2.4.0 and it should be v3.6.0.
[HELP] See. Passbolt Help | Update
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.
5 error(s) found. Hang in there!
Hi @yash,
I think the best at that stage would be to upgrade, since youâre using v2.4 which is from 2018.
Best would be to create a new server on a Debian10 and migrate your data using this tutorial: Passbolt Help | Migrate passbolt CE from install scripts to Debian package
Otherwise you can try to follow the instructions provided in the healthcheck under [HELP] after the [FAIL].
Cheers,
Dear Community,
This is my first post 
Iâm happy to join.
Iâve been an enthusiast Passbolt user for several years, and I am for the first time facing issues I could not solve by crawling the web and more particularly this forum.
One of the problem is the same as yashâs, although the cause might be different. Since his post is quite recent, I thought it was better to continue it rather than creating a new one. Please correct me if it wasnât the proper thing to do.
I am trying to install my account on a new laptop and did the recovery process. I got the email, clicked and experienced the same problem âThis key does not match any accountâ. I had successfully done the same on another laptop a year ago.
First, hereâs my healthcheck :
$ sudo -H -u www-data bash -c â/var/www/passbolt/bin/cake passbolt healthcheckâ
____ __ ____ / __ \____ _____ ____/ /_ ____ / / /_/ // / __ `/ / / __ / __ / / _/
/ / // ( | ) // / // / / /
// _,///./_//__/Open source password manager for teams
Healthcheck shell
Environment
[PASS] PHP version 7.4.3.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable and not executable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.Config files
[PASS] The application config file is present
[PASS] The passbolt config file is presentCore config
[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://passbolt.xxx.xxx
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.SSL Certificate
[PASS] SSL peer certificate validates
[PASS] Hostname is matching in SSL certificate.
[PASS] Not using a self-signed certificateDatabase
[PASS] The application is able to connect to the database
[PASS] 26 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.GPG Configuration
[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /home/www-data/.gnupg.
[PASS] The directory /home/www-data/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server OpenPGP key is not the default one
[PASS] The public key file is defined in config/passbolt.php and readable.
[PASS] The private key file is defined in config/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in config/passbolt.php.
[PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.
[PASS] The server public key format is Gopengpg compatible.
[PASS] The server private key format is Gopengpg compatible.Application configuration
[PASS] Using latest passbolt version (3.6.0).
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.JWT Authentication
[PASS] The JWT Authentication plugin is enabled
[PASS] The /var/www/passbolt/config/jwt/ directory is not writable.
[PASS] A valid JWT key pair was found[PASS] No error found. Nice one sparky!
The fingerprint of the private key I used matched the fingerprint of the public key on the keyring of the server (Iâve obfuscated some infos) :
laptop side :
$ gpg --list-packets passbolt_private.asc
# off=0 ctb=c5 tag=5 hlen=3 plen=966 new-ctb
:secret key packet:
version 4, algo 1, created 1570006720, expires 0
pkey[0]: [2048 bits]
[âŠ]
keyid: 0123456789ABCDEF
# off=969 ctb=cd tag=13 hlen=2 plen=20 new-ctb
:user ID packet: âMy user <my@mail.com>â
server side :
$ gpg --list-keys
/home/www-data/.gnupg/pubring.kbx
---------------------------------
[âŠ]
pub rsa2048 2019-10-02 [SC]
XXXXXXXXXXXXXXXXXXXXXXXX0123456789ABCDEF
uid [ ultime ] My user <my@mail.com>
sub rsa2048 2019-10-02 [E]
There are no other keys listed for my@mail.com
The key was created by Pasbolt so there is no expiration.
I did not find any relevant logs on the server, but will be happy to provide them if required.
One final thing I noticed : with a packet capture on the server (tshark), I can see that the error message appears right away : there is no communication between the client and the server when I click on âNextâ. Is this the expected behaviour ?
Could you please point me to some possible causes ? Iâve been trying to solve this for several days and finally gave up. As a workaround, Iâve created a new user account on the new laptop and have shared all my passwords with that new user. It works but it is not very satisfying.
Many thanks !
DĆ©ng