Page MenuHome GnuPG
Create Task
Maniphest T5958

Kleopatra: Change passphrase is enabled even when it is impossible
Closed, ResolvedPublic
Actions

Description

With RSCS Smartcards (CardOS / PKCS#15) change passphrase is offered to the user. Clicking it only gives a success message. I do not think that we have implemented any PIN change for PKCS#15 cards. So we could probably detect this and not offer this option. I do not know how to best carry this information to the action restrictions.

Revisions and Commits

rKLEOPATRA Kleopatra
rKLEOPATRA5a84623b8d73 Enable "Change Passphrase" action only for secret keys in local keyring

Related Objects

Event Timeline

aheinecke triaged this task as Normal priority.Apr 29 2022, 2:09 PM
aheinecke created this task.
ikloecker claimed this task.May 6 2022, 10:27 AM
ikloecker added a subscriber: ikloecker.

I think we should simply disable this command for card keys. Card key operations like "Change PIN/passphrase" should be performed via the card key view.

ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.May 6 2022, 10:27 AM
ikloecker added a commit: rKLEOPATRA5a84623b8d73: Enable "Change Passphrase" action only for secret keys in local keyring.May 6 2022, 10:45 AM
ikloecker added a comment.May 6 2022, 10:46 AM

In fact, the ChangePassphraseCommand uses gpgme_op_passwd which "changes the passphrase of the private key". It doesn't know anything about smart cards.

Fixed by using the new NeedSecretKeyData flag (see T5956: Kleopatra: Disable backup secret key for smartcards).

ikloecker changed the task status from Open to Testing.May 6 2022, 10:46 AM
ikloecker removed ikloecker as the assignee of this task.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker added a project: Restricted Project.
werner removed a project: Restricted Project.Sep 22 2022, 11:03 AM
ebo closed this task as Resolved.Jul 28 2023, 11:48 AM
ebo claimed this task.
ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ebo added a subscriber: ebo.

I didn't check with a CardOS / PKCS#15 card but as the solution is not card specific, checking with another card should be sufficent.