Page MenuHome GnuPG

GpgOL: revision of configuration public key import
Open, NormalPublic


There are configuration options for importing pub keys on two different tabs of the GpgOL configuration window.
In the first part "GpgOL" "Import any keys included in mails" and in the second part "GnuPG system (technical)" in the first tab "OpenPGP" "import key from signature" and "put key in signature".

These related options should be in one place together and the difference between them probably better explained.

Event Timeline

aheinecke triaged this task as Normal priority.Jan 2 2023, 12:24 PM
aheinecke added a subscriber: aheinecke.

My opinion here would be add the "import key from signature" and "put key in signature" in the automatition group of the main GpgOL config page and change the wording of "Import any keys included in Mails" to "Import keys from Headers and Attachments".

I would make it explicit because they are GnuPG options and when they are combined with "Import Any key" it is unclear what a toggle / untoggle does with the GnuPG Option.

aheinecke raised the priority of this task from Normal to High.Jan 12 2023, 3:16 PM

This should really be in the next release.

This won't go into the next release it is too invasive and needs to be very thought through and announced to users. This also needs to be deployed in a Gpg4win first to get user feedback. GpgOL is pretty much done for the summer release of GnuPG VS-Desktop.

we could include the "better explanation" part, though. The options in "GnuPG system (technical)" do not have a tooltip, we could add one there, at least.

aheinecke lowered the priority of this task from High to Normal.Aug 9 2023, 11:45 AM

Not really, the GnuPG System configuration settings are generated from gpgconf output and there is no tooltip mechanism for that.

This is also what would make it difficult to add this to the GpgOL settings because these two are a GnuPG setting currently. And then we would mix that somehow. And to make it so that include-sigs and auto-import-key is only done by GpgOL (which would then make it a real GpgOL option and not a GnuPG option) we would need to extend GPGME first. So this issue is more complicated then I first thought. Although I still think it would be good for the general user experience, but it might also be confusing to users when their keyring suddenly starts to contain many uncertified keys. And currently I don't think that our VS-NfD users do much signing without encryption, so this would really be better suited for Gpg4win first.