Page MenuHome GnuPG

Kleopatra: Diagnostic output when importing keys
Testing, NormalPublic

Description

In GPGME we have the audit log option in threadedjobmixin to gather what otherwise would be lost on stderr. This is shown by kleopatra as diagnostic output when doing crypto operations.

It would be good to have this as detailed info when importing both X509 and OpenPGP certficates as we sometimes get reports that users cannot import keys and so on and we have to tell them to try it on the command line to get more detailed information.

I am having trouble finding a good test case, I think importing S/MIME certificates with ECC keys on GnuPG 2.2.x could be a good test. Or just flipping a byte in an X509 Cert / PGP Cert to break it.

Event Timeline

aheinecke triaged this task as Normal priority.Nov 3 2022, 11:50 AM
aheinecke created this task.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker changed the task status from Open to Testing.Nov 30 2022, 1:30 PM
ikloecker removed ikloecker as the assignee of this task.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker added a subscriber: ikloecker.

This is now ready for testing. The import result dialog and the import error dialog now have an additional "Show Audit Log" button.

An import error can be provoked by entering a wrong passphrase for one (or more) of the .p12 files. Canceling the passphrase input should also be logged. Note, that you won't get a result dialog (and therefore also no audit log) if you cancel the import of all files (e.g. if you import one or multiple .p12 files).

Because Kleopatra always tries to import all files with gpg and gpgsm the consolidated audit log will contain two audit logs for each imported file. The logs of empty import results are explicitly not omitted to be able to analyze empty imports.