Reported in wald: https://wald.intevation.org/forum/message.php?msg_id=6777
Kleopatra apparently only changes the expiry on the primary key. There should be at least an option or a question to change the expiry also for subkeys.
Description
Description
Details
Details
- External Link
- https://wald.intevation.org/forum/message.php?msg_id=6777
- Version
- Kleopatra-3.1.8
Revisions and Commits
Revisions and Commits
| rKLEOPATRA Kleopatra | |||
| rKLEOPATRA6f9a481be003 Optionally, also update subkeys when changing expiration of key | |||
| rKLEOPATRA1b7a1df50993 Remove separate expirydialog.ui | |||
| rKLEOPATRA47ab3744a366 Modernize code | |||
| rKLEOPATRA4fe2bb5763c2 Add support for changing the expiry of a subkey | |||
| rM GPGME | |||
| rMd8638ed0aa5b Update NEWS. | |||
| rM801acd89b234 qt: Add test for ChangeExpiryJob | |||
| rM144d580607dd qt: Allow changing expiration date of primary key and all subkeys | |||
| rM3503816570a1 qt: Add mechanism for missing d-pointer in Job | |||
| rM4f2cd3a0c6a8 qt: Support changing expiry of subkeys | |||
| Status | Assigned | Task | ||
|---|---|---|---|---|
| Resolved | aheinecke | T4717 Kleopatra: Changing expiry does not change expiry for subkeys | ||
| Resolved | aheinecke | T4999 GPGME: Add interface for quick-set-expire | ||
| Resolved | aheinecke | T5003 GpgME++: Add support for gpgme_set_expire |
Event Timeline
Comment Actions
In Kleopatra/src/dialogs/subkeyswidget.cpp there is already a context menu for subkeys.
This should now have the option to change the expiry date. Alternatively we could make the expiry editable in the list. But I don't know how to do this easily with a nice interface.
So IMO it should be OK to do a right click on the subkey. If its a secret key then offer the option to change expiry, which will then bring up a datetime picker with the current expiry date preselected. There already is an expirydialog in kleopatra.
I don't think we need the full logic of a job / command like the current expiry stuff. When the expirydialog is accepted it can start the sync call to gpgme_set_expire in the background and either show an error when finished or update the key in the subkeyswidget to reflect the changed dates.
Comment Actions
The expiry of the subkeys (and that of the primary key) can now be changed via a context menu action in the subkeyswidget.
Comment Actions
I noticed when testing the surprising behavior that when I changed the expiry on the primary key (tested with a smartcard) it did not change the explriy on the subkey. I think in the past it must have been different that the subkey did not get the expiry by default.
We need to better handle this as kleopatra only shows the primary keys expiry and the subkeys expiry is well hidden under more details. I think its more okay to switch the logic around so that changing expiry of the primary key changed the expiry for all subkeys that have an expiry date and if you explicity change it under the more details view you can manipulate them separately.
Comment Actions
This really depends on the use case. Some people want to extend the lifetime of their whole key. Others explicitly use a long-lived primary key with short lived subkeys. A possible heuristic for the default behavior to propose to the user would be to check whether the current expiry dates of primary key and subkeys are the same or not. The user could still change this proposed default in the dialog that's anyway shown for the new expiry date.
Comment Actions
Yes I agree it makes sense to have this as an explicit setting to cover both use cases.
Comment Actions
Fixed as discussed.
If a user changes the expiration of a key which has subkeys, then they can optionally also update the expiration of all (not revoked and not expired) subkeys. The option defaults to enabled, iff all subkeys have (more or less) the same expiration as the primary key.