Page MenuHome GnuPG
Create Task
Maniphest T5864

Kleopatra: Configure min and max values for validity in Newcertificatewizard
Closed, ResolvedPublic
Actions

Description

With the newcertificatewizard configuration institutional users try to enforce policies about their used openpgp keys.

One such requirement is that new keys must have a validity set and that validity may be at most 365 days.

So in configuration something like:

[CertificateCreationWizard]
# The default
ValidityPeriodInDays=365
# Min > 0 would always check the expiry
ValidityPeriodMin=1
# Max needs to somehow modify the calendar widget.
ValidityPeriodMax=365

Would be needed.

Btw. while Testing this I noticed that "isConfigImmutable" does not work as expected. An entry like:

[CertificateCreationWizard]
ValidityPeriodInDays=365

[CertificateCreationWizard][$i]
PGPKeyType=
RSAKeySizes=4096

Will return true on the Immuitablitiy of ValidityPeriodInDays. So we should probably avoid that and use explicit min / force config values anyway.

Revisions and Commits

rKLEOPATRA Kleopatra
rKLEOPATRA9bc72ccb2290 Force the entered expiration date into the allowed range
rKLEOPATRAf51009536b04 Allow configuration of minimum and maximum validity for new OpenPGP keys

Related Objects

Event Timeline

aheinecke triaged this task as Wishlist priority.Mar 1 2022, 11:18 AM
aheinecke created this task.
ikloecker added a subscriber: ikloecker.Mar 1 2022, 3:09 PM

KConfig simply reads all sections with the same group name into the same KConfigGroup. I strongly suggest not to use`[$i] on groups. KConfig` will anyway add [$i] to all config entries (and remove it from the group) when the configuration file is saved the next time.

aheinecke added a comment.Mar 1 2022, 4:14 PM

Thanks, I always did it differently and never saw that because I changed the read only configs.

ikloecker claimed this task.Apr 19 2022, 2:01 PM
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker added a commit: rKLEOPATRAf51009536b04: Allow configuration of minimum and maximum validity for new OpenPGP keys.Apr 19 2022, 5:22 PM
ikloecker changed the task status from Open to Testing.Apr 19 2022, 5:30 PM
ikloecker removed ikloecker as the assignee of this task.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker added a project: Restricted Project.

Done. Note that different from the comments in your example a non-negative ValidityPeriodInDaysMax value implies that an expiration date is required. This way it's possible to require a validity period of at least 10 days, but still allow unlimited validity.

Immutability of the settings is ignored, i.e. the immutability of the default validity doesn't imply a fixed validity anymore. This is now done by setting min=max.

aheinecke changed the task status from Testing to Open.May 5 2022, 8:54 AM
aheinecke assigned this task to ikloecker.
aheinecke raised the priority of this task from Wishlist to High.

This can be bypassed by entering the date manually, was reported by a customer and I have just confirmed this.

aheinecke removed a project: Restricted Project.May 5 2022, 8:54 AM
ikloecker added a commit: rKLEOPATRA9bc72ccb2290: Force the entered expiration date into the allowed range.May 5 2022, 11:24 AM
ikloecker changed the task status from Open to Testing.May 6 2022, 10:13 AM
ikloecker removed ikloecker as the assignee of this task.
ikloecker added a project: Restricted Project.

Proper accessible error reporting will be done with the accessibility related tasks.

werner removed a project: Restricted Project.Sep 22 2022, 11:04 AM
ebo closed this task as Resolved.Jun 19 2023, 11:43 AM
ebo claimed this task.
ebo mentioned this in T6544: Kleopatra: Feedback for invalid date input.
ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ebo added a subscriber: ebo.

works