If i do gpg --delete-secret-keys, i get four different confirmation prompts in total. This seems excessive.
i understand that two of them are from gpg itself, and two are from gpg-agentbut most users won't understand. Also, all four prompts are different, with very slightly different semantics.
- (console): Delete this key from the keyring? (presumably "this is a deletion, deletions are scary" double-check)
- (console): This is a secret key! - really delete? (shouldn't this be part of the original prompt? now it feels like nagging)
- (gui): prompt looks like:
┌───────────────────────────────────────────────────────────────────┐ │ Do you really want to permanently delete the OpenPGP secret key: │ │ "xxx" │ │ 3072-bit RSA key, ID BE726F321E39CA16, │ │ created 2019-08-03. │ │ ? │ │ │ │ <Delete key> <No> │ └───────────────────────────────────────────────────────────────────┘
- (gui): second prompt looks like:
┌──────────────────────────────────────────────────────────────────────────┐ │ Do you really want to permanently delete the OpenPGP secret subkey key: │ │ "xxx" │ │ 3072-bit RSA key, ID BD8362436A594803, │ │ created 2019-08-03 (main key ID BE726F321E39CA16). │ │ ? │ │ │ │ <Delete key> <No> │ └──────────────────────────────────────────────────────────────────────────┘
Note that most users will have a hard time differentiating between the two GUI prompts, and they won't understand why those prompts are distinct (we don't want most users to have to think about those details).
Furthermore, if i say "no" to any of the first three prompts, then i am left without any changes being made. But if i say "yes" to the first three, but "no" to the fourth, i end up in a state where the secret primary key is deleted but the secret subkey is *not* deleted. This is perhaps something that some people want to do sometimes, but it's a very idiosyncratic way of arriving at the end result. That is, the "no" to the final prompt means something very different than "no" to any of the first three prompts, despite them being largely indistinguishable from one another for normal users.
If prompting is required at all for this operation, there should be a single prompt to the user that describes the full outcome of the operation, and allows them to accept or decline it in one piece.