Page MenuHome GnuPG
Create Task
Maniphest T5725

Kleopatra: Certificate lookup shows only one result even if there are 100s matches
Closed, ResolvedPublic
Actions

Description

How to reproduce:

  • Select Lookup on Server
  • Enter test
  • Click Search

Observation:
A single key is listed as result of the lookup.

Analysis:

  • Kleopatra's certificate tree view removes duplicate keys based on their fingerprint.
  • KeyListJob returns keys which have fingerprint NULL.

-> Both together result in a list with a single key.

KeyListJob does something like
gpg --with-colons --search-keys -- test

Running this on the command line I get a list of keys with long key ids but without fingerprints. I'm using the default keyserver, i.e. I haven't specified any keyservers in any configuration files. Did keyservers in the past return fingerprints? Or do they still do so, but gpg somehow "forgets" the fingerprints when parsing the keyserver replies?

In the end it means that OpenPGP certificate lookup in Kleopatra is completely useless unless there is exactly one matching key.

Revisions and Commits

rKLEOPATRA Kleopatra
rKLEOPATRAcea56e0146a1 Explicitly ignore keys without user IDs and notify the user
rKLEOPATRAce5936a06116 Create UI of Lookup Certificates dialog in code
rKLEOPATRA46e169403327 Notify user if keyservers return results without fingerprints

Related Objects

Event Timeline

ikloecker created this task.Dec 8 2021, 5:00 PM
ikloecker mentioned this in T5741: dirmngr does not ask keyservers for fingerprints.Dec 16 2021, 4:34 PM
ikloecker added a comment.Dec 20 2021, 9:38 AM

That KeyListJob returns keys which have fingerprint NULL is caused by keyservers returning just key IDs instead of fingerprints. The change for T5741: dirmngr does not ask keyservers for fingerprints should fix this. Still keyservers are only guaranteed to return key IDs, so we cannot assume that keys returned by KeyListJob have fingerprints.

ikloecker added a comment.Dec 22 2021, 3:34 PM

We decided to notify the user if the keyserver doesn't return fingerprints. The fingerprints are needed by Kleopatra as unique identifier for keys. Trying to make key lookup work without fingerprints isn't useful.

ikloecker added a commit: rKLEOPATRAce5936a06116: Create UI of Lookup Certificates dialog in code.Dec 23 2021, 11:25 AM
ikloecker added a commit: rKLEOPATRA46e169403327: Notify user if keyservers return results without fingerprints.
ikloecker added a commit: rKLEOPATRAcea56e0146a1: Explicitly ignore keys without user IDs and notify the user.
ikloecker closed this task as Resolved.Dec 23 2021, 11:38 AM
ikloecker claimed this task.
ikloecker mentioned this in T6042: Cannot search on keyserver from kleopatra 3.1.22 inside an AppImage of GnuPG Desktop or GnuPG VS Desktop.Jul 6 2022, 2:28 PM
ikloecker merged a task: T6042: Cannot search on keyserver from kleopatra 3.1.22 inside an AppImage of GnuPG Desktop or GnuPG VS Desktop.
ikloecker added subscribers: vitusb, aheinecke, werner.
vitusb mentioned this in T6067: dirmngr 2.2 does not ask keyservers for fingerprints.Jul 15 2022, 1:38 PM
ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Apr 12 2023, 4:18 PM