Page MenuHome GnuPG
Create Task
Maniphest T5334

Kleopatra: Add more support for WKS / WKD
Closed, ResolvedPublic
Actions

Description

we have this problem with Web Key Service which is our idea to publish keys automatically in a Web Key Directory. Kleopatra has no support to search in Web Key Directory (because GnuPG only allows you to import directly through --locate-key / --locate-external-key and this does not really match kleopatras "Search" interface. But this is probably a different issue.

What I would very much like to have would be both a WKD / WKS status indication and the option to publish a key in a WKD through WKS in the Certificate Details of Kleopatra.

I'm currently not recommending WKD / WKS to our gpgcom customers because the support is still too lacking in my opinion.

Kleopatra currenlty interacts with WKD if you enter a e-mail address in file encryption then it will do a --locate-key and find / import a key from WKD.
KMail has some support for WKS through the Accountwizard so genral handling of mails is already there.

Kleopatra could add some interaction with the QGpgME WKSPublishjob and basically then try to call the MUA to mail the WKS request. When we test that with KMail and GpgOL we are already cover a lot of Kleopatra users.

Revisions and Commits

rKLEOPATRA Kleopatra
rKLEOPATRA367ca863d20d Do not crash if primary fingerprint is nullptr
rKLEOPATRA93221c7f7f46 Set the key origin when importing keys retrieved via WKD
rKLEOPATRA8cd626002847 Remove keys not matching lookup pattern from WKD lookup results
rKLEOPATRA80ecfe9ac9bf Import only user IDs matching address used for WKD lookup
rKLEOPATRA9f1fb2f8a41b Disable WKD lookup if QGpgME does not support it
rKLEOPATRAa240f45cdd45 Perform WKD lookup additionally to keyserver lookup

Related Objects
Search...

Event Timeline

aheinecke created this task.Mar 1 2021, 11:23 AM
aheinecke added a comment.Mar 2 2021, 9:53 AM

I thought about this a bit regarding the search dialog.

It would be required to change GnuPG to have a locate-key equivalent (dirmngrs WKD_GET) without actually getting and importing it. I think that a solution could be that if you search for a mail address in Kleopatras search that Kleopatra would do a locate-key (keylist mode locate) and then just show a label below the search bar with something like "Key imported from the providers directory" or so to indicate that the key was imported.

This is not perfect as I think it is counterintutive that if you search you will get results that are not imported but the key provided through WKD is automatically imported but I think this would be good enough and help users trying to discover a key.

Just an idea, I'm not sure it is the most usable solution.

ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Dec 1 2021, 2:25 PM
ikloecker closed subtask T5727: gpgme: Add support for dirmngr (and all other components) to dirinfo() as Resolved.Dec 10 2021, 12:14 PM
ikloecker added a commit: rKLEOPATRAa240f45cdd45: Perform WKD lookup additionally to keyserver lookup.Dec 13 2021, 1:54 PM
ikloecker closed subtask T5728: qgpgme: Add support for doing a WKD lookup without implicit import as Resolved.Dec 13 2021, 1:55 PM
ikloecker closed subtask T5733: gpgme: Allow setting key origin when importing keys from data as Resolved.Dec 13 2021, 4:53 PM
ikloecker added a commit: rKLEOPATRA9f1fb2f8a41b: Disable WKD lookup if QGpgME does not support it.Dec 13 2021, 5:15 PM
ikloecker added a commit: rKLEOPATRA8cd626002847: Remove keys not matching lookup pattern from WKD lookup results.Dec 15 2021, 3:26 PM
ikloecker added a commit: rKLEOPATRA80ecfe9ac9bf: Import only user IDs matching address used for WKD lookup.
ikloecker added a commit: rKLEOPATRA93221c7f7f46: Set the key origin when importing keys retrieved via WKD.
ikloecker closed subtask T5739: gpgme: Allow setting import filters when importing keys as Resolved.Dec 15 2021, 3:28 PM
ikloecker added a commit: rKLEOPATRA367ca863d20d: Do not crash if primary fingerprint is nullptr.Dec 21 2021, 2:59 PM
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Jan 3 2022, 4:41 PM
ikloecker added a comment.May 16 2022, 7:52 PM

I have merged a contribution by Felix Tiede which adds support for publishing a key via WKS. It depends on KF5IdentityManagement, KF5MailTransport, and KF5MailTransportAkonadi. Those dependencies are optional. If they are not provided, WKS publishing is not available.

aheinecke added a comment.Aug 26 2022, 10:53 AM

WKS re-publishing was requested for Windows again in: https://wald.intevation.org/forum/message.php?msg_id=8562

aheinecke closed this task as Resolved.Jan 5 2023, 12:35 PM

For now that we do not want to push for more WKS support with gpgcom, as this will depend on adoption of WKS. So I am resolving this issue.

For WKD there might still be improvements, e.g. displaying WKD state (Is the certificate published, does it have the same validity / expiry) in certificatedetails. But I will open a different issue for this.

ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Jul 24 2023, 2:12 PM