Page MenuHome GnuPG
Create Task
Maniphest T5441

Kleopatra: LDAP Search only shows one key
Closed, ResolvedPublic
Actions

Description

When searching on LDAP there is a problem that GPGME returns keys which have a keyid set but the primaryFingerprint is NULL.

Kleopatra throughout the models and views always assumes that fingerprint is not null for a valid key and uses this for example in maps and sets as the primary identifier for a key. This results in the search only showing one key because kleopatra deduplicates them based on the fingerprint.

As a workaround GPGME could return the keyID when no fingerprint is available for primaryFingerprint. This would in my opinion fit with primaryFingerprint meaning "The best primary identifier available for this key."

But I am not really happy with that because then "primaryFingerprint" in GpgME++ would be decoupled from the fingerprint value of the C API and so maybe this is better handled on an even lower level e.g. in GpgME's keylist parsing code?

I'm not really happy about changing kleopatra everywhere to use the keyid instead of the fingerprint internally because of this issue.

Revisions and Commits

rG GnuPG
rGf0e538619d50 dirmngr: For KS_SEARCH return the fingerprint also with LDAP.
rGa660e1060630 dirmngr: For KS_SEARCH return the fingerprint also with LDAP.

Related Objects

Event Timeline

aheinecke triaged this task as High priority.May 19 2021, 1:54 PM
aheinecke created this task.
aheinecke added a comment.May 19 2021, 2:09 PM

Should have linked the commit with a patch for Gpg4win here: 22bc52775bdb I mostly needed that as an immediate fix for someone testing with ldap servers a lot.

aheinecke reassigned this task from aheinecke to werner.May 19 2021, 3:23 PM

I just talked with werner about that and he told me that GnuPG can return the fingerprint. And I also mentioned to him that kleopatra really assumes that a Fingerprint is always set for a valid key object.

But we are distracted right now by another bug.

werner added a commit: rGa660e1060630: dirmngr: For KS_SEARCH return the fingerprint also with LDAP..May 19 2021, 6:18 PM
werner added a commit: rGf0e538619d50: dirmngr: For KS_SEARCH return the fingerprint also with LDAP..May 19 2021, 6:21 PM
werner added a comment.May 19 2021, 9:31 PM

Having a fallback in Kleopatra makes sense because very old HKP keyservers don't return the fingerprint and LDAP keyservers not using the modernized schema do neither.

werner mentioned this in T5482: Release GnuPG 2.2.28.Jun 10 2021, 5:42 PM
aheinecke closed this task as Resolved.Jun 11 2021, 4:07 PM
werner mentioned this in T5405: Release GnuPG 2.3.2.Aug 24 2021, 7:55 PM
ebo removed a project: Restricted Project.Apr 12 2023, 2:54 PM
ebo added a project: Restricted Project.Apr 12 2023, 4:07 PM
ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.