Page MenuHome GnuPG

Kleopatra: Better way to show expired subkeys
Open, NormalPublic


Kleopatra should also check the subkey's expiration status when deciding whether an OpenPGP key is displayed as expired.

Kleopatra checks only the primary key's expiration date. Users are often surprised that a key is not shown as expired but the encryption fails anyway due to an expired subkey. The key details windows shows the expiration date of the subkey but most users don't known about this.

Event Timeline

werner triaged this task as Normal priority.Wed, Jul 27, 3:22 PM
werner created this task.

This is related to T5950: Allow viewing expired certificates more easily where a user was wondering why some key wasn't offered as encryption key. It turned out that the encryption subkey was expired.

The question is how to show that a valid certificate (i.e. the primary key is valid) doesn't have a valid encryption (sub)key resp. only has expired encryption (sub)keys. One solution coming to my mind would be to show color-coded usage icons, e.g. a green signing icon and a red encryption icon if the certificate has a valid signing (sub)key but only invalid encryption (sub)keys. The problem is that this compact visual solution isn't accessible (e.g. in high-contrast mode where we explicitly turn off all color). This could be solved by additionally crossing out the icons for invalid usage.

I'll add Eva and Andre for brain storming ideas.

ikloecker renamed this task from Better way to show expired subkeys in Kleopatra to Kleopatra: Better way to show expired subkeys.Wed, Jul 27, 4:48 PM