Page MenuHome GnuPG

Kleopatra: Diagnostic output when importing keys
Closed, ResolvedPublic

Description

In GPGME we have the audit log option in threadedjobmixin to gather what otherwise would be lost on stderr. This is shown by kleopatra as diagnostic output when doing crypto operations.

It would be good to have this as detailed info when importing both X509 and OpenPGP certficates as we sometimes get reports that users cannot import keys and so on and we have to tell them to try it on the command line to get more detailed information.

I am having trouble finding a good test case, I think importing S/MIME certificates with ECC keys on GnuPG 2.2.x could be a good test. Or just flipping a byte in an X509 Cert / PGP Cert to break it.

Event Timeline

aheinecke created this task.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker changed the task status from Open to Testing.Nov 30 2022, 1:30 PM
ikloecker removed ikloecker as the assignee of this task.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker added a subscriber: ikloecker.

This is now ready for testing. The import result dialog and the import error dialog now have an additional "Show Audit Log" button.

An import error can be provoked by entering a wrong passphrase for one (or more) of the .p12 files. Canceling the passphrase input should also be logged. Note, that you won't get a result dialog (and therefore also no audit log) if you cancel the import of all files (e.g. if you import one or multiple .p12 files).

Because Kleopatra always tries to import all files with gpg and gpgsm the consolidated audit log will contain two audit logs for each imported file. The logs of empty import results are explicitly not omitted to be able to analyze empty imports.

The error dialog has the "Show Audit Log" button now and it shows error messages but now the user gets two audit logs:

When you click on the "Show Audit Log" button, the audit log opens and immediately the import result window opens above the audit log:

When you click on the audit log there, you get:

My preference would be that only the first error window would be shown and no import result window with 0 imports. It is redundant and therefore annoying. Would it be possible to show the import results window only if there was at least one import operation without error? (We have to provide for the case of import of multiple keys, too)

ebo claimed this task.
ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.

closing this ticket, diagnostic output is there, for improvements see T6749