Page MenuHome GnuPG

Kleopatra Verification Duplicates Results
Open, LowPublic


When I select a file and its signature from Windows, click the left mouse button, and select to verify it, Kleopatra shows this result, which is clearly duplicated:


Kleopatra - 3.1.8 gpg4win - 3.1.10

Event Timeline

aheinecke triaged this task as Low priority.
aheinecke added a subscriber: aheinecke.

Thanks for the report. I'm only giving it low priority because while it is ugly it is no loss of functionality.

I'll have to check the signature, I think from the filename I can find the file and signature online. If Veracrypt (accidentally?) signed their package twice this could happen without a "bug" in Kleopatra.

Just downloaded the file and signature and there is only one signature. Just verifying the signature also does not result in duplicated results.

I can reproduce it though if I select both the file and the signature and verify. In that case Kleopatra tries to verify two files and we have an algorithm that automatically tries to find the matching signature for a file by adding ".sig" as an extension.

So the .exe file is verified by automatically looking for the .sig file.
And the .sig is verified by automatically looking for the .exe file.

This results in two verifications of the same exe with the same .sig file.
It's not easy in our architecture to catch that because the two verification jobs are independent and don't know about each other.

Still I agree that it is ugly and should be fixed.

I always select both files and click to verify, I thought that was the way
it was supposed to be done, that I should provide the file and the
signature to the program.