Page MenuHome GnuPG
Create Task
Maniphest T5903

Kleopatra: Add refresh button in certificatedetails
Open, NormalPublic
Actions

Description

When certificate details are open we do an online check for S/MIME to validate the certificate. Semantically we should in that case also do a refresh-key for the OpenPGP certificate.

At least we should have a refresh button in the certificatedetails to refresh it from the server. But I would like to have this also behind a configuration setting for automatic refresh in which case the button should be invisible. I think an auto refresh would be the best solution from a usability standpoint but from a privacy standpoint an explicit action is better. That way we keep kleoptra never doing network connections if the user does not explicitly trigger them.

I think this issue should have some priority so I classified is as normal and not wishlist because an OpenPGP key refresh is important from a security standpoint.

Details

Version
master

Revisions and Commits

rKLEOPATRA Kleopatra
rKLEOPATRAa3684049dd4f Use ReceiveKeysJob for refreshing OpenPGP keys
rKLEOPATRA87d8b00d4b22 Use ReceiveKeysJob for refreshing OpenPGP keys
rKLEOPATRAdf53ad6c7847 Use RefreshOpenPGPKeysJob for OpenPGP and show detailed result
rKLEOPATRA876a5306b822 Reword UI texts for refresh command
rKLEOPATRA9e2dc6246e20 Add possibility to refresh an individual certificate

Related Objects
Search...

Event Timeline

aheinecke triaged this task as Normal priority.Mar 28 2022, 11:55 AM
aheinecke created this task.
aheinecke added a comment.Mar 28 2022, 11:58 AM

I wonder if we even should change gpgme to do a key refresh when you call it in VALIDATE mode and online? Semantically this makes sense to me as this is where CRL checks for S/MIME are done. But from a conserviative standpoint this could be considered an API change if the API then does something differently and that even does a network connection. So while I consider it I don't think this is a very good idea.

ikloecker claimed this task.Apr 27 2022, 1:59 PM
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker added a commit: rKLEOPATRA9e2dc6246e20: Add possibility to refresh an individual certificate.May 2 2022, 6:08 PM
ikloecker added a commit: rKLEOPATRA876a5306b822: Reword UI texts for refresh command.May 5 2022, 11:24 AM
ikloecker added a commit: rKLEOPATRAdf53ad6c7847: Use RefreshOpenPGPKeysJob for OpenPGP and show detailed result.
ikloecker changed the task status from Open to Testing.May 5 2022, 3:22 PM
ikloecker removed ikloecker as the assignee of this task.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker added a project: Restricted Project.
ikloecker added a subscriber: ikloecker.

The Certificate Details window now has an Update button.

I don't think that it makes much sense to do an auto refresh (only) when the details are opened. If the automatic refresh is really important, then it needs to be performed in the background for all keys all of the time. If people want to encrypt a file, then they won't look at the certificate details for all recipients to make sure that all keys have been refreshed. They will expect that all keys are up-to-date without them having to care about this.

Please add a separate task for an automatic refresh.

ikloecker closed subtask T5951: gpgme: Add support for refreshing OpenPGP keys as Resolved.May 5 2022, 3:23 PM
aheinecke reopened subtask T5951: gpgme: Add support for refreshing OpenPGP keys as Open.Aug 3 2022, 2:41 PM
ikloecker added a commit: rKLEOPATRA87d8b00d4b22: Use ReceiveKeysJob for refreshing OpenPGP keys.Aug 4 2022, 12:32 PM
ikloecker added a comment.Aug 4 2022, 1:36 PM

For an OpenPGP key, Update now performs a simple "retrieve key" operation for the existing key, i.e. it refreshes the key with the public key found on the configured key server.

ikloecker changed the status of subtask T5951: gpgme: Add support for refreshing OpenPGP keys from Open to Testing.Aug 4 2022, 1:40 PM
ikloecker mentioned this in T5951: gpgme: Add support for refreshing OpenPGP keys.
ikloecker added a commit: rKLEOPATRAa3684049dd4f: Use ReceiveKeysJob for refreshing OpenPGP keys.Aug 19 2022, 1:44 PM
werner removed a project: Restricted Project.Sep 22 2022, 11:04 AM
ebo renamed this task from Kleopatra: Add refresh button in certificatedetails and an auto refresh to Kleopatra: Add refresh button in certificatedetails .Dec 5 2022, 1:07 PM
ebo mentioned this in T6299: Kleopatra: Update button in certificate details does not show when an update was not possible.Dec 5 2022, 3:09 PM
ebo mentioned this in T6301: Kleopatra: Update Button does only check on keyserver.Dec 6 2022, 9:10 AM
aheinecke changed the status of subtask T5951: gpgme: Add support for refreshing OpenPGP keys from Testing to Open.Dec 7 2022, 11:34 AM
ikloecker changed the task status from Testing to Open.Dec 7 2022, 11:42 AM
ikloecker merged a task: T6301: Kleopatra: Update Button does only check on keyserver.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker added a subscriber: ebo.
ikloecker added a comment.Dec 7 2022, 11:45 AM
In T5951#165848, @aheinecke wrote:

Ok. So after further discussion. It is good that you kept a WKDRefreshJob copy :)

I would suggest the following, if it is somehow possible. I think we have the API for this now that we can search for WKD keys without importing them. We should additionally check WKD, if the key from WKD has the same fingerprint, we update, if it has not, we show the user something like a search result. Give indication that a different key was found for these UserIDs and then let the user decide to import them?

ikloecker claimed this task.Dec 12 2022, 9:37 AM
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
werner moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Dec 12 2022, 11:47 AM
ikloecker mentioned this in rKLEOPATRA1e133ad7d8c8: T5903.Dec 19 2022, 8:03 AM
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Tue, May 16, 12:11 PM