Page MenuHome GnuPG

Kleopatra: LDAP Search only shows one key
Closed, ResolvedPublic


When searching on LDAP there is a problem that GPGME returns keys which have a keyid set but the primaryFingerprint is NULL.

Kleopatra throughout the models and views always assumes that fingerprint is not null for a valid key and uses this for example in maps and sets as the primary identifier for a key. This results in the search only showing one key because kleopatra deduplicates them based on the fingerprint.

As a workaround GPGME could return the keyID when no fingerprint is available for primaryFingerprint. This would in my opinion fit with primaryFingerprint meaning "The best primary identifier available for this key."

But I am not really happy with that because then "primaryFingerprint" in GpgME++ would be decoupled from the fingerprint value of the C API and so maybe this is better handled on an even lower level e.g. in GpgME's keylist parsing code?

I'm not really happy about changing kleopatra everywhere to use the keyid instead of the fingerprint internally because of this issue.

Event Timeline

aheinecke created this task.

Should have linked the commit with a patch for Gpg4win here: 22bc52775bdb I mostly needed that as an immediate fix for someone testing with ldap servers a lot.

I just talked with werner about that and he told me that GnuPG can return the fingerprint. And I also mentioned to him that kleopatra really assumes that a Fingerprint is always set for a valid key object.

But we are distracted right now by another bug.

Having a fallback in Kleopatra makes sense because very old HKP keyservers don't return the fingerprint and LDAP keyservers not using the modernized schema do neither.

ebo removed a project: Restricted Project.Apr 12 2023, 2:54 PM
ebo added a project: Restricted Project.Apr 12 2023, 4:07 PM
ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.