Page MenuHome GnuPG
Create Task
Maniphest T5688

Kleopatra: Configure to hide CSR creation
Closed, ResolvedPublic
Actions

Description

We have users now that will only use Kleopatra for OpenPGP. In that case we can already hide S/MIME related actions like the CRL stuff through the kleopatrarc. But we currently do not have a dedicated only PGP Setting. This needs to be added at least for the new key action so that we can skip the protocolselectionpage.

I would like to make this unrelated from actions and generalize a pgpOnly setting so that we can reuse it in other places, too. This might even make more sense to have in libkleopatrarc and not in Kleopatrarc so that it can be shared across clients.

Revisions and Commits

rLIBKLEO Libkleo
rLIBKLEO91e452144045 Add helper to check if a range contains elements satisfying a predicate
rLIBKLEOc658a0a2a419 Add helper for removing elements matching a predicate from a vector
rLIBKLEO200ceb8e72d5 Check if key matches for super class before checking special rule
rLIBKLEO83374e3f9514 Add possibility to force filtering by protocol for all filters
rKLEOPATRA Kleopatra
rKLEOPATRA27c5d3113ae8 Replace "Protocols" group with "CMS" group
rKLEOPATRAc36353558721 Add setting for (dis)allowing signatures with S/MIME certificates
rKLEOPATRAee29e8176256 Add setting for (dis)allowing of S/MIME certificate creation
rKLEOPATRA232817a77371 Hide CMS-specific certificate categories in settings if CMS is disabled
rKLEOPATRA4783266e333b Hide DN-Attribute Order configuration if CMS is disabled
rKLEOPATRAabb355c8d47f Hide "Hierarchical Certificate List" option if CMS is disabled
rKLEOPATRA69a9c7eda391 Replace action containers with less error-prone helper
rKLEOPATRA3766cca7fdb9 Hide DN-Attribute Order configuration if CMS is disabled
rKLEOPATRA24c417aa6e06 Hide S/MIME Validation settings if CMS is disabled
rKLEOPATRA508170afd559 Hide X.509 directory services configuration if CMS is disabled
rKLEOPATRA9cbc2269c473 Use same protocol for key lookup as for key selection
rKLEOPATRA20653bdc47d4 Restrict key lookup to OpenPGP if CMS is disabled
rKLEOPATRA27b04b3f52f3 Offer only OpenPGP keys in edit group dialog if CMS is disabled
rKLEOPATRAfa654bd793fc Offer only OpenPGP when encrypting clipboard if CMS is disabled
rKLEOPATRAda5e65e83a03 Restrict file operations to OpenPGP if CMS is disabled
rKLEOPATRA6e23b46c260c Filter out any non-OpenPGP keys in filtered key lists if CMS is disabled
rKLEOPATRAf593e1df1134 Offer CMS-specific actions only if CMS is enabled
rKLEOPATRAa541238972ca Do not offer creation of S/MIME certificate requests if CMS is disabled
rKLEOPATRA489204d86bf3 Offer only OpenPGP keys for signing/encrypting notepad if CMS is disabled
rKLEOPATRAd26810c90af8 Modernize API of make_actions_from_data()
rKLEOPATRAb22938a68cf8 Add option to disable CMS-only functionality in the main UI

Event Timeline

aheinecke triaged this task as Normal priority.Nov 15 2021, 1:57 PM
aheinecke created this task.
ikloecker claimed this task.Nov 23 2021, 9:17 AM
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker added a commit: rLIBKLEO200ceb8e72d5: Check if key matches for super class before checking special rule.Nov 24 2021, 12:19 PM
ikloecker added a commit: rLIBKLEO83374e3f9514: Add possibility to force filtering by protocol for all filters.
ikloecker added a commit: rLIBKLEOc658a0a2a419: Add helper for removing elements matching a predicate from a vector.Nov 24 2021, 12:28 PM
ikloecker added a commit: rKLEOPATRAd26810c90af8: Modernize API of make_actions_from_data().Nov 24 2021, 12:37 PM
ikloecker added a commit: rKLEOPATRAb22938a68cf8: Add option to disable CMS-only functionality in the main UI.
ikloecker added a commit: rKLEOPATRAa541238972ca: Do not offer creation of S/MIME certificate requests if CMS is disabled.
ikloecker added a commit: rKLEOPATRA489204d86bf3: Offer only OpenPGP keys for signing/encrypting notepad if CMS is disabled.
ikloecker added a commit: rKLEOPATRAf593e1df1134: Offer CMS-specific actions only if CMS is enabled.
ikloecker added a commit: rKLEOPATRA6e23b46c260c: Filter out any non-OpenPGP keys in filtered key lists if CMS is disabled.
ikloecker added a commit: rKLEOPATRAda5e65e83a03: Restrict file operations to OpenPGP if CMS is disabled.
ikloecker added a commit: rKLEOPATRAfa654bd793fc: Offer only OpenPGP when encrypting clipboard if CMS is disabled.Nov 25 2021, 12:10 PM
ikloecker added a commit: rKLEOPATRA27b04b3f52f3: Offer only OpenPGP keys in edit group dialog if CMS is disabled.Nov 25 2021, 4:14 PM
ikloecker added a commit: rKLEOPATRA20653bdc47d4: Restrict key lookup to OpenPGP if CMS is disabled.
ikloecker added a commit: rKLEOPATRA9cbc2269c473: Use same protocol for key lookup as for key selection.
ikloecker added a commit: rKLEOPATRA24c417aa6e06: Hide S/MIME Validation settings if CMS is disabled.Nov 29 2021, 12:15 PM
ikloecker added a commit: rKLEOPATRA508170afd559: Hide X.509 directory services configuration if CMS is disabled.
ikloecker added a commit: rKLEOPATRA3766cca7fdb9: Hide DN-Attribute Order configuration if CMS is disabled.
ikloecker added a commit: rKLEOPATRAabb355c8d47f: Hide "Hierarchical Certificate List" option if CMS is disabled.
ikloecker added a commit: rKLEOPATRA69a9c7eda391: Replace action containers with less error-prone helper.
ikloecker added a commit: rKLEOPATRA232817a77371: Hide CMS-specific certificate categories in settings if CMS is disabled.
ikloecker added a commit: rKLEOPATRA4783266e333b: Hide DN-Attribute Order configuration if CMS is disabled.
ikloecker added a commit: rLIBKLEO91e452144045: Add helper to check if a range contains elements satisfying a predicate.Nov 29 2021, 3:12 PM
ikloecker added a commit: rKLEOPATRA27c5d3113ae8: Replace "Protocols" group with "CMS" group.Nov 29 2021, 3:34 PM
ikloecker added a commit: rKLEOPATRAc36353558721: Add setting for (dis)allowing signatures with S/MIME certificates.
ikloecker added a commit: rKLEOPATRAee29e8176256: Add setting for (dis)allowing of S/MIME certificate creation.
ikloecker added a comment.Dec 1 2021, 12:04 PM

The functionality to create CSRs can be hidden with the setting

[CMS]
AllowCertificateCreation=false

The functionality to sign the clipboard content with an S/MIME certificate can be hidden with the setting

[CMS]
AllowSigning=false

All CMS-specific functionality including CMS certificates can be hidden with the setting

[CMS]
Enabled=false
ikloecker changed the task status from Open to Testing.Dec 1 2021, 12:05 PM
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker removed ikloecker as the assignee of this task.Dec 3 2021, 7:46 PM
ikloecker added a subscriber: ikloecker.
ebo added a subscriber: ebo.EditedNov 22 2022, 2:42 PM

I have tried all 3 settings (in %LOCALAPPDATA%\kleopatrarc):

AllowCertificateCreation=false

works as described.

Enabled=false

Hides CRS creation, the choice between OpenPGP and S/MIME in the recipients tab of the notepad and all S/MIME certificates in the certificate list.

AllowSigning=false

Seems to do nothing, it definititly does not hide the choice between OpenPGP and S/MIME in the recipients tab.
Neither given on it's own nor together with AllowCertificateCreation=false

Tested with GnuPG VSD 3.1.25

ikloecker added a comment.Nov 22 2022, 4:26 PM
[CMS]
AllowSigning=false

hides the S/MIME-Sign... entry in the Clipboard menu (in the Tools menu and the context menu of the system tray icon).

ebo closed this task as Resolved.Nov 23 2022, 9:58 AM
ebo claimed this task.

ok, works as described.

ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Apr 5 2023, 2:58 PM