Page MenuHome GnuPG

Kleopatra: On "revoke certification" do not offer keys which did not certify that certificate
Closed, ResolvedPublic

Description

Feedback from a customer was that revoking a certification is confusing because you can select keys and user ids which were not used for certification.

It would be better to show something like "there are no certifications to revoke" or automatically select the key for revocation based on the certification.

Event Timeline

aheinecke created this task.
ikloecker edited projects, added Restricted Project; removed g10code.Aug 3 2022, 9:35 AM
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.

If the user cannot revoke any of the certifications of the selected key or user IDs, then we now inform the user about this instead of showing the dilaog.

Further plans for improving the workflow:

  • If there is exactly one certification per user ID that the user can revoke, then ask for confirmation for each certification. Otherwise, ask the user to revoke individual certifications via the Certifications dialog.
  • In the Certifications dialog add a checkbox to hide all third-party certifications, so that the users can easily find their own certifcations.

Note to self: T6100: Kleopatra: Make revocation of certifications accessible may be obsolete when the improvements are completed because then the dialog will most likely be gone.

ikloecker changed the task status from Open to Testing.Aug 11 2022, 3:51 PM
ikloecker removed ikloecker as the assignee of this task.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker added a project: Restricted Project.
ikloecker added a subscriber: ikloecker.

Depending on what the user selected (key, one or more user IDs, a single certification) all certifications that the user can revoke are determined and, after confirmation, are revoked one after the other.

This is how the confirmation looks like for a single certification and for multiple certifications:

werner removed a project: Restricted Project.Sep 22 2022, 10:50 AM

works as described. But If you already have revoked one or all certifications of that key, you still get the revocation dialog.

For the user it looks like they are revoked again. But in debug output you see:

4 - 2023-07-26 10:39:08 gpg[1776]: sig by 388C015DC9690FFC already revoked at 2023-07-26

Can't we check if the certifications are already revoked before the (pseudo) revocation goes forth?
And why is the action revocation not greyed out as we do with other actions, if they are not possible?

I could be wrong, but I think initially we load OpenPGP certificates without signatures, so that we don't know whether the user has certified or revoked a key. Therefore, in the certificate list we cannot decide whether offering the "Revoke" action makes sense. We load the signatures, when the details or the certification dialog is opened.

We might be able to check if revocation is possible when the dialog is opened. But I'm not sure whether Kleopatra could be fooled by forged signatures into believing that the user already revoked a key. Therefore, Kleopatra delegates this responsibility to gpg and let's gpg decide whether revocation makes sense. We do already duplicate too much logic better left to gpg in Kleopatra.

The user may also have certified a certificate with multiple of their own certificates.

Maybe with keyboxd we do now have the possibility to query the backend for the needed information in a performant way, i.e. without invoking many processes which is prohibitively expensive especially on Windows.

How about giving a notification in Kleopatra relaying gpgs message(s) "signature already revoked"? Instead of ~"3 certifications were successfully revoked, do you want to publish them?"

I had a quick look. gpg --quick-revoke-sig [...] doesn't emit a status message that would tell Kleopatra that the signatures had already been revoked. It just emits a status message telling Kleopatra which key was considered. (Run gpg with --status-fd 2 to see which status messages gpg emits.)

ebo renamed this task from Kleopatra: Improve revoke certification to Kleopatra: On "revoke certification" do not offer keys which did not certify that certificate.Aug 2 2023, 2:01 PM
ebo claimed this task.
ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.

The Task from the description is solved in gpg4win 4.2.0. See follow up tickets for anything else.