Page MenuHome GnuPG

Kleopatra: Add more support for WKS / WKD
Closed, ResolvedPublic


we have this problem with Web Key Service which is our idea to publish keys automatically in a Web Key Directory. Kleopatra has no support to search in Web Key Directory (because GnuPG only allows you to import directly through --locate-key / --locate-external-key and this does not really match kleopatras "Search" interface. But this is probably a different issue.

What I would very much like to have would be both a WKD / WKS status indication and the option to publish a key in a WKD through WKS in the Certificate Details of Kleopatra.

I'm currently not recommending WKD / WKS to our gpgcom customers because the support is still too lacking in my opinion.

Kleopatra currenlty interacts with WKD if you enter a e-mail address in file encryption then it will do a --locate-key and find / import a key from WKD.
KMail has some support for WKS through the Accountwizard so genral handling of mails is already there.

Kleopatra could add some interaction with the QGpgME WKSPublishjob and basically then try to call the MUA to mail the WKS request. When we test that with KMail and GpgOL we are already cover a lot of Kleopatra users.

Event Timeline

I thought about this a bit regarding the search dialog.

It would be required to change GnuPG to have a locate-key equivalent (dirmngrs WKD_GET) without actually getting and importing it. I think that a solution could be that if you search for a mail address in Kleopatras search that Kleopatra would do a locate-key (keylist mode locate) and then just show a label below the search bar with something like "Key imported from the providers directory" or so to indicate that the key was imported.

This is not perfect as I think it is counterintutive that if you search you will get results that are not imported but the key provided through WKD is automatically imported but I think this would be good enough and help users trying to discover a key.

Just an idea, I'm not sure it is the most usable solution.

ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Dec 1 2021, 2:25 PM
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Jan 3 2022, 4:41 PM

I have merged a contribution by Felix Tiede which adds support for publishing a key via WKS. It depends on KF5IdentityManagement, KF5MailTransport, and KF5MailTransportAkonadi. Those dependencies are optional. If they are not provided, WKS publishing is not available.

For now that we do not want to push for more WKS support with gpgcom, as this will depend on adoption of WKS. So I am resolving this issue.

For WKD there might still be improvements, e.g. displaying WKD state (Is the certificate published, does it have the same validity / expiry) in certificatedetails. But I will open a different issue for this.