Page MenuHome GnuPG

Kleopatra: Configure min and max values for validity in Newcertificatewizard
Closed, ResolvedPublic

Description

With the newcertificatewizard configuration institutional users try to enforce policies about their used openpgp keys.

One such requirement is that new keys must have a validity set and that validity may be at most 365 days.

So in configuration something like:

[CertificateCreationWizard]
# The default
ValidityPeriodInDays=365
# Min > 0 would always check the expiry
ValidityPeriodMin=1
# Max needs to somehow modify the calendar widget.
ValidityPeriodMax=365

Would be needed.

Btw. while Testing this I noticed that "isConfigImmutable" does not work as expected. An entry like:

[CertificateCreationWizard]
ValidityPeriodInDays=365

[CertificateCreationWizard][$i]
PGPKeyType=
RSAKeySizes=4096

Will return true on the Immuitablitiy of ValidityPeriodInDays. So we should probably avoid that and use explicit min / force config values anyway.

Event Timeline

aheinecke triaged this task as Wishlist priority.Mar 1 2022, 11:18 AM
aheinecke created this task.

KConfig simply reads all sections with the same group name into the same KConfigGroup. I strongly suggest not to use`[$i] on groups. KConfig` will anyway add [$i] to all config entries (and remove it from the group) when the configuration file is saved the next time.

Thanks, I always did it differently and never saw that because I changed the read only configs.

ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker changed the task status from Open to Testing.Apr 19 2022, 5:30 PM
ikloecker removed ikloecker as the assignee of this task.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker added a project: Restricted Project.

Done. Note that different from the comments in your example a non-negative ValidityPeriodInDaysMax value implies that an expiration date is required. This way it's possible to require a validity period of at least 10 days, but still allow unlimited validity.

Immutability of the settings is ignored, i.e. the immutability of the default validity doesn't imply a fixed validity anymore. This is now done by setting min=max.

aheinecke changed the task status from Testing to Open.May 5 2022, 8:54 AM
aheinecke assigned this task to ikloecker.
aheinecke raised the priority of this task from Wishlist to High.

This can be bypassed by entering the date manually, was reported by a customer and I have just confirmed this.

ikloecker changed the task status from Open to Testing.May 6 2022, 10:13 AM
ikloecker removed ikloecker as the assignee of this task.
ikloecker added a project: Restricted Project.

Proper accessible error reporting will be done with the accessibility related tasks.

werner removed a project: Restricted Project.Sep 22 2022, 11:04 AM
ebo claimed this task.
ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ebo added a subscriber: ebo.

works