Page MenuHome GnuPG

Kleopatra: Change passphrase is enabled even when it is impossible
Testing, NormalPublic

Description

With RSCS Smartcards (CardOS / PKCS#15) change passphrase is offered to the user. Clicking it only gives a success message. I do not think that we have implemented any PIN change for PKCS#15 cards. So we could probably detect this and not offer this option. I do not know how to best carry this information to the action restrictions.

Event Timeline

aheinecke triaged this task as Normal priority.Apr 29 2022, 2:09 PM
aheinecke created this task.
ikloecker added a subscriber: ikloecker.

I think we should simply disable this command for card keys. Card key operations like "Change PIN/passphrase" should be performed via the card key view.

ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.May 6 2022, 10:27 AM

In fact, the ChangePassphraseCommand uses gpgme_op_passwd which "changes the passphrase of the private key". It doesn't know anything about smart cards.

Fixed by using the new NeedSecretKeyData flag (see T5956: Kleopatra: Disable backup secret key for smartcards).

ikloecker changed the task status from Open to Testing.May 6 2022, 10:46 AM
ikloecker removed ikloecker as the assignee of this task.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker added a project: Testing.