Page MenuHome GnuPG
Create Task
Maniphest T6268

Kleopatra: Diagnostic output when importing keys
Closed, ResolvedPublic
Actions

Description

In GPGME we have the audit log option in threadedjobmixin to gather what otherwise would be lost on stderr. This is shown by kleopatra as diagnostic output when doing crypto operations.

It would be good to have this as detailed info when importing both X509 and OpenPGP certficates as we sometimes get reports that users cannot import keys and so on and we have to tell them to try it on the command line to get more detailed information.

I am having trouble finding a good test case, I think importing S/MIME certificates with ECC keys on GnuPG 2.2.x could be a good test. Or just flipping a byte in an X509 Cert / PGP Cert to break it.

Revisions and Commits

rLIBKLEO Libkleo
rLIBKLEO47405266687a Do not show the audit log if dialog is closed with Esc
rLIBKLEO1d891de1dfd1 Add overloads taking an audit log entry
rLIBKLEOa910f5541df8 Remove unused MessageBox::auditLog functions
rLIBKLEO2735f0e270dd Make MessageBox a namespace instead of a class with static methods only
rLIBKLEO0de5871cd885 Remove unused functions
rLIBKLEO830f9c2ef7be Move private static MessageBox::make to cpp file
rLIBKLEOf1be3c2af495 Deprecate the static MessageBox::auditLog methods
rLIBKLEO8ff64d0a464a Use ecm_generate_export_header for generating the export header
rLIBKLEO425ce280dc33 Make AuditLogViewer public
rLIBKLEO57482e61e8d4 Add static method to show an audit log entry
rLIBKLEO9d95d4cbf8be Add AuditLogEntry class
rLIBKLEOfd1a0c812bff Add debug operator for AuditLogEntry
rKLEOPATRA Kleopatra
rKLEOPATRA32006b897933 Allow users to review the audit log when importing certificates
rKLEOPATRA9146502c244b Use AuditLogViewer::showAuditLog instead of MessageBox::auditLog
rKLEOPATRA920cb55ab1ee Use AuditLogEntry from libkleo

Related Objects
Search...

Event Timeline

aheinecke triaged this task as Normal priority.Nov 3 2022, 11:50 AM
aheinecke created this task.
ikloecker added a parent task: T6208: Kleopatra: Provide log for all jobs.Nov 7 2022, 8:10 AM
ikloecker claimed this task.Nov 28 2022, 11:57 AM
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker added a commit: rLIBKLEOfd1a0c812bff: Add debug operator for AuditLogEntry.Nov 30 2022, 12:15 PM
ikloecker added a commit: rLIBKLEO9d95d4cbf8be: Add AuditLogEntry class.
ikloecker added a commit: rLIBKLEO425ce280dc33: Make AuditLogViewer public.
ikloecker added a commit: rLIBKLEO57482e61e8d4: Add static method to show an audit log entry.
ikloecker added a commit: rLIBKLEO8ff64d0a464a: Use ecm_generate_export_header for generating the export header.
ikloecker added a commit: rLIBKLEOf1be3c2af495: Deprecate the static MessageBox::auditLog methods.
ikloecker added a commit: rLIBKLEO830f9c2ef7be: Move private static MessageBox::make to cpp file.
ikloecker added a commit: rLIBKLEO2735f0e270dd: Make MessageBox a namespace instead of a class with static methods only.
ikloecker added a commit: rLIBKLEO0de5871cd885: Remove unused functions.
ikloecker added a commit: rLIBKLEOa910f5541df8: Remove unused MessageBox::auditLog functions.
ikloecker added a commit: rLIBKLEO1d891de1dfd1: Add overloads taking an audit log entry.
ikloecker added a commit: rLIBKLEO47405266687a: Do not show the audit log if dialog is closed with Esc.
ikloecker added a commit: rKLEOPATRA920cb55ab1ee: Use AuditLogEntry from libkleo.Nov 30 2022, 12:22 PM
ikloecker added a commit: rKLEOPATRA9146502c244b: Use AuditLogViewer::showAuditLog instead of MessageBox::auditLog.
ikloecker added a commit: rKLEOPATRA32006b897933: Allow users to review the audit log when importing certificates.
ikloecker changed the task status from Open to Testing.Nov 30 2022, 1:30 PM
ikloecker removed ikloecker as the assignee of this task.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker added a subscriber: ikloecker.

This is now ready for testing. The import result dialog and the import error dialog now have an additional "Show Audit Log" button.

An import error can be provoked by entering a wrong passphrase for one (or more) of the .p12 files. Canceling the passphrase input should also be logged. Note, that you won't get a result dialog (and therefore also no audit log) if you cancel the import of all files (e.g. if you import one or multiple .p12 files).

Because Kleopatra always tries to import all files with gpg and gpgsm the consolidated audit log will contain two audit logs for each imported file. The logs of empty import results are explicitly not omitted to be able to analyze empty imports.

ebo added a subscriber: ebo.Oct 5 2023, 4:13 PM

The error dialog has the "Show Audit Log" button now and it shows error messages but now the user gets two audit logs:

When you click on the "Show Audit Log" button, the audit log opens and immediately the import result window opens above the audit log:

When you click on the audit log there, you get:

My preference would be that only the first error window would be shown and no import result window with 0 imports. It is redundant and therefore annoying. Would it be possible to show the import results window only if there was at least one import operation without error? (We have to provide for the case of import of multiple keys, too)

ebo mentioned this in T6749: Kleopatra: show only one error/information window for a certificate import.Oct 5 2023, 4:45 PM
ebo closed this task as Resolved.Oct 5 2023, 4:57 PM
ebo claimed this task.
ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.

closing this ticket, diagnostic output is there, for improvements see T6749