Upgrade to Ubuntu 20.04 and passbotlt 3.0.0 - server keys missing

Hi,

I just upgraded my ubuntu from 18.04 to 20.04 which went fine.

Then I upgraded to Passbolt CE 3.0.

The problem I am encountering is :

When I try to login I have to start the recovery procedure. When I open the link in my offline network the recovery process doen’t detect the add-on.

I tried to install the add-on on Chrome AND firefox and both show the add-on as loaded but the recovery process doesn’t detect them in either browser.

Thanks for your help and time.

Hello @Symlink,

You shouldn’t have to follow the recovery procedure after upgrading to the v3. You should see the login screen as usual. Something might have been gone wrong.

Could you please share additional information with us to allow us to understand your problem:

  • A copy of the passbolt log /var/log/passbolt/error.log
  • The output of the healthcheck command
sudo -H -u www-data bash -c "./bin/cake passbolt healthcheck"
  • A copy of the browser extension console error and/or network request that fails:
    – On Chrome:
    New tab > go to chrome://extensions > look for passbolt card > details > inspect views section > click index.html > copy errors under console tab
    – On Firefox:
    New tab > go to about:debugging#/runtime/this-firefox > look for passbolt card > Click inspect > copy errors under console tab

Hi Cedric,

Thanks for your fast answer.

Here is what you requested, I hope everything is according to community standards.

healthcheck :
Healthcheck shell.....Exception: SQLSTATE[HY000] [1045] Access denied for user ''@'localhost' (using password: NO) in [/home/vaultadmin/vendor/cakephp/cakephp/ src/Database/Driver.php, line 92]

error.log :
2021-02-24 16:12:43 Error: [Cake\Http\Exception\InternalErrorException] The public key for this passbolt insta nce was not found. (/usr/share/php/passbolt/src/Controller/Auth/AuthVerifyController.php:55)
Request URL: /auth/verify.json?api-version=v2

    2021-02-24 16:12:49 Error: [Cake\Http\Exception\InternalErrorException] The public key for this passbolt instance was not found. (/usr/share/php/passbolt/src/Controller/Auth/AuthVerifyController.php:55)
    Request URL: /auth/verify.json?api-version=v2


    2021-02-24 16:47:09 Error: [Cake\Http\Exception\InternalErrorException] The public key for this passbolt instance was not found. (/usr/share/php/passbolt/src/Controller/Auth/AuthVerifyController.php:55)
    Request URL: /auth/verify.json?api-version=v2


    2021-02-24 16:47:25 Error: [Cake\Routing\Exception\MissingRouteException] A route matching "/start" could not be found. (/usr/share/php/passbolt/vendor/cakephp/cakephp/src/Routing/RouteCollection.php:216)
    Request URL: /start


    2021-02-24 16:59:24 Error: [Cake\Http\Exception\InternalErrorException] The public key for this passbolt instance was not found. (/usr/share/php/passbolt/src/Controller/Auth/AuthVerifyController.php:55)
    Request URL: /auth/verify.json?api-version=v2


    2021-02-24 16:59:31 Error: [Cake\Http\Exception\InternalErrorException] The public key for this passbolt instance was not found. (/usr/share/php/passbolt/src/Controller/Auth/AuthVerifyController.php:55)
    Request URL: /auth/verify.json?api-version=v2


    2021-02-24 17:03:00 Error: [Cake\Http\Exception\InternalErrorException] The public key for this passbolt instance was not found. (/usr/share/php/passbolt/src/Controller/Auth/AuthVerifyController.php:55)
    Request URL: /auth/verify.json?api-version=v2


    2021-02-24 17:03:07 Error: [Cake\Http\Exception\InternalErrorException] The public key for this passbolt instance was not found. (/usr/share/php/passbolt/src/Controller/Auth/AuthVerifyController.php:55)
    Request URL: /auth/verify.json?api-version=v2


    2021-02-24 17:03:26 Error: [Cake\Http\Exception\InternalErrorException] The public key for this passbolt instance was not found. (/usr/share/php/passbolt/src/Controller/Auth/AuthVerifyController.php:55)
    Request URL: /auth/verify.json?api-version=v2


    2021-02-24 17:08:48 Error: [Cake\Http\Exception\InternalErrorException] The public key for this passbolt instance was not found. (/usr/share/php/passbolt/src/Controller/Auth/AuthVerifyController.php:55)
    Request URL: /auth/verify.json?api-version=v2

Console for firefox :
Successfully compiled asm.js code (total compilation time 2ms) openpgp.js
Successfully compiled asm.js code (total compilation time 5ms) openpgp.js
Successfully compiled asm.js code (total compilation time 46ms) openpgp.js
Successfully compiled asm.js code (total compilation time 2ms) openpgp.js
Successfully compiled asm.js code (total compilation time 5ms) openpgp.js
Successfully compiled asm.js code (total compilation time 43ms) openpgp.js
Strict-Transport-Security: The connection to the site is untrustworthy, so the specified header was ignored.
verify.json
PassboltApiFetchError: The public key for this passbolt instance was not found.
PassboltApiFetchError moz-extension://fa36ad6c-72d9-4c0c-b5cc-e7c532807daa/index.min.js:7785
fetchAndHandleResponse moz-extension://fa36ad6c-72d9-4c0c-b5cc-e7c532807daa/index.min.js:32486
index.min.js:9282:15
Strict-Transport-Security: The connection to the site is untrustworthy, so the specified header was ignored.
settings.json
TypeError: worker.port is undefined
listen moz-extension://fa36ad6c-72d9-4c0c-b5cc-e7c532807daa/index.min.js:9264
index.min.js:9266:15
Uncaught (in promise) TypeError: worker.port is undefined
listen moz-extension://fa36ad6c-72d9-4c0c-b5cc-e7c532807daa/index.min.js:9267
index.min.js:9267:7
Use of nsIFile in content process is deprecated.

It looks like a server gpg keys issue.
Can you check the folder /etc/passbolt/gpg? it should contain your server gpg keys.

vaultadmin@mac-svr-pr-vault:/etc/passbolt/gpg/gpg$ ls -al
total 28
dr-xr-x— 2 root www-data 4096 Feb 24 10:29 .
drwxr-x— 3 root www-data 4096 Feb 24 10:29 …
-r–r----- 1 root www-data 1771 Feb 24 10:29 serverkey.asc
-r–r----- 1 root www-data 3567 Feb 24 10:29 serverkey_private.asc
-rw-r–r-- 1 root www-data 3151 Feb 24 10:29 unsecure.key
-rw-r–r-- 1 root www-data 6651 Feb 24 10:29 unsecure_private.key

Anything wrong ?

Yes there is an issue here, the keys should be in the folder gpg, and not gpg/gpg
Can you move them in their parent folder:
mv /etc/passbolt/gpg/gpg/* /etc/passbolt/gpg

edit: The documentation has been updated, thank you for your report @Symlink

Hi,

The behaviour is different I have to go through the recovery process but it is now asking for my OpenPGP private key block.

I tried with serverkey_private and it gives me no account.

I will restore my VM I think and start the upgrade process all over I must have did something wrong.

While recovering your account, the private key that is asked is your account private key. The one you created or imported while creating your account the first time. You should have a backup of this key, it’s requested to store it in a safe place during the setup.

Let’s say I did not store it, is it possible to recover it and store it once I recovered the VM before I attempted the upgrade?

I think I found the way :

Thanks

@Symlink If you did not store your private key for any future recovery events, this is a very unfortunate situation. The private key for a user is not kept on the server - it is instead kept in the browser extension component of the app, so your backup VM image will not have it (unless you saved it there on purpose for some reason).

If you did not download the private key at the moment of user registration or do not have it anymore for some reason, then there is no other method to recover access to your passwords. If you shared them with another user, you could create a new user, and the other user can share them back with you.

If it is the case that your machine with your browser is a VM and an image/backup to restore…this may be an option.

Hi garrett,

Thanks for your support !

I did not have a backup of my key (mea culpa) so what I did is I restored the VM which was used to access Passbolt AND the passbolt server in order to access my server again and I exported my key.

What happened is when I installed the new web extension my key was lost in the process.

FYI I tried restoring the extension folder only from C:\Users\UserName\AppData\Google\Chrome\Default\Extensions\extensionID (from my backup) but it didn’t seem to contain the key so I had to restore the entire VM.

1 Like