Page MenuHome GnuPG
Create Task
Maniphest T6330

Kleopatra: Additional Expiry handling
Closed, ResolvedPublic
Actions

Description

Kleopatra should have a configurable time when it informs you that your own key is about to expire and if keys you are using to encrypt to are about to expire. KMail does this already.

I would probably implement this in Libkleo so that the newkeyresolver in libkleo can also make use of this, as this should also work if you never open Kleopatra and only use GpgOL. Also with respect to T6198 this would be required for a feature equivalent KMail replacement of the resolver.

My suggestion would be that if we have a secret for a key that we would warn 3 Month before expiry by default and if we do not have a secret we would warn 10 Days before it.

The warning for a key with secret should offer to extend the expiry by two years with just a dialog that should offer "export" and "upload" functionality with a bit of information that this new public key needs to be given to communication partnerts.

The warning for expired public keys should just generally be "Please ask your communication partner to provide you an updated key". I think we do not need to offer the "Update" functionality for OpenPGP keys there as we will have T1235 implemented in the next feature release..

Revisions and Commits

rLIBKLEO Libkleo
rLIBKLEO82bb6e2b870b Fix checking never expiring subkeys for expiration
rLIBKLEO551d9123a6a6 Add accessesors for the threshold config items
rLIBKLEO8ce422f5d4d1 Add minimum and maximum values for expiry notification thresholds
rLIBKLEOc884b9296917 Check expiration of suitable subkey instead of primary key
rLIBKLEO98ff208f9f43 Check for null keys and invalid check flags
rLIBKLEO14e642c8faf1 Remove internally used enum value alias
rLIBKLEO679ff1c669de Add EncryptionKey flag
rLIBKLEO686670a7769e Make expiration duration the actual days until/since expiry
rLIBKLEO7ead2b27093a Add parent argument to c'tor of ExpiryChecker
rLIBKLEO4ab6b65227fd Fix build
rLIBKLEOd2aa6694b83a Make checkKey return the result of the expiry check
rLIBKLEOe3334efc7cd8 Extract checking for threshold to helper
rLIBKLEOed8cf6b6d3e4 Remove superfluous check for positive threshold
rLIBKLEO56ec6bd9b8de Do not stop checking if certificate in chain never expires
rLIBKLEO99827ffcaf5a Add flag to request check of certificate chain
rLIBKLEO60f6ceda94fa Test with different durations since expiration
rLIBKLEO04b35e005e58 Do not check certificates in circular chains twice
rLIBKLEO6ee2255bf189 Make expiry checker more robust in case of a circular certificate chain
rLIBKLEOb0564325d824 Remove bogus semicolons from expiry messages
rLIBKLEO16fa85c09a95 Use a loop instead of recursion to check the certificate chain
rLIBKLEO335d1fcf7667 Make expiry notification thresholds configurable
rLIBKLEO86f4904e43e1 Wrap the four thresholds in a simple object
rLIBKLEO16ba827ee333 Replace different check methods with a single method
rLIBKLEOa8d3694243bc Test ExpiryChecker without accessing private data
rLIBKLEOd8b3a59bab3f Use the key cache instead of repeated key list jobs in the test
rLIBKLEO83905d1b3814 Add ExpiryChecker
rKLEOPATRA Kleopatra
rKLEOPATRAd2aa4e331698 Unify behavior of completion handling
rKLEOPATRA7439a5e0c9c6 Remove expiry message if input field is cleared
rKLEOPATRA1714f6f9c70c Update expiry notifications when keys or config changed
rKLEOPATRA78627ab45382 Add a sligthly modernized copy of KPluralHandlingSpinBox from KTextWidgets
rKLEOPATRA649814c93237 Make expiry thresholds for own and other certificates configurable
rKLEOPATRAcd2009b999b0 Add setting to disable the expiration notifications
rKLEOPATRA01ef7ba08287 Make display of expiration notifications configurable
rKLEOPATRA323aacabe728 Put tags and tooltips settings on new General tab
rKLEOPATRA38c0ab526717 Create UI of Appearance config in code
rKLEOPATRAc79d94ed0ac7 Handle case that no suitable subkey was found
rKLEOPATRA0f472be2fa2d Explicitly check expiration of (own) encryption keys
rKLEOPATRAff15bb85f5d8 Remove Close button from expiry notifications
rKLEOPATRAbb8a4581c5d2 Pimpl SignEncryptWidget
rKLEOPATRAb905e2229fb0 Notify users if recipient certificates expire soon
rKLEOPATRA32805a2d7c9a Notify users if their certificate expires soon
rKLEOPATRA1c734f97b3db Handle selected crypto operations as flags

Related Objects

Event Timeline

aheinecke triaged this task as High priority.Jan 5 2023, 11:21 AM
aheinecke created this task.
ikloecker claimed this task.Jan 11 2023, 12:12 PM
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker removed ikloecker as the assignee of this task.Jan 11 2023, 12:33 PM
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker added a subscriber: ikloecker.
ikloecker claimed this task.Mar 21 2023, 9:56 AM
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker added a commit: rLIBKLEO83905d1b3814: Add ExpiryChecker.Apr 13 2023, 2:17 PM
ikloecker added a commit: rLIBKLEOd8b3a59bab3f: Use the key cache instead of repeated key list jobs in the test.
ikloecker added a commit: rLIBKLEOa8d3694243bc: Test ExpiryChecker without accessing private data.
ikloecker added a commit: rLIBKLEO86f4904e43e1: Wrap the four thresholds in a simple object.
ikloecker added a commit: rLIBKLEO16ba827ee333: Replace different check methods with a single method.
ikloecker added a commit: rLIBKLEO335d1fcf7667: Make expiry notification thresholds configurable.
ikloecker added a commit: rLIBKLEOb0564325d824: Remove bogus semicolons from expiry messages.
ikloecker added a commit: rLIBKLEO16fa85c09a95: Use a loop instead of recursion to check the certificate chain.
ikloecker added a commit: rLIBKLEO6ee2255bf189: Make expiry checker more robust in case of a circular certificate chain.
ikloecker added a commit: rLIBKLEO04b35e005e58: Do not check certificates in circular chains twice.
ikloecker added a commit: rLIBKLEO99827ffcaf5a: Add flag to request check of certificate chain.
ikloecker added a commit: rLIBKLEO60f6ceda94fa: Test with different durations since expiration.
ikloecker added a commit: rLIBKLEO56ec6bd9b8de: Do not stop checking if certificate in chain never expires.
ikloecker added a commit: rLIBKLEOed8cf6b6d3e4: Remove superfluous check for positive threshold.
ikloecker added a commit: rLIBKLEOe3334efc7cd8: Extract checking for threshold to helper.
ikloecker added a commit: rLIBKLEOd2aa6694b83a: Make checkKey return the result of the expiry check.
ikloecker added a commit: rLIBKLEO4ab6b65227fd: Fix build.Apr 13 2023, 2:55 PM
ikloecker added a commit: rLIBKLEO7ead2b27093a: Add parent argument to c'tor of ExpiryChecker.Apr 14 2023, 5:44 PM
ikloecker added a commit: rLIBKLEO686670a7769e: Make expiration duration the actual days until/since expiry.
ikloecker added a commit: rKLEOPATRA1c734f97b3db: Handle selected crypto operations as flags.Apr 17 2023, 5:02 PM
ikloecker added a commit: rKLEOPATRA32805a2d7c9a: Notify users if their certificate expires soon.
ikloecker added a commit: rKLEOPATRAbb8a4581c5d2: Pimpl SignEncryptWidget.
ikloecker added a commit: rKLEOPATRAb905e2229fb0: Notify users if recipient certificates expire soon.
ikloecker added a commit: rKLEOPATRAff15bb85f5d8: Remove Close button from expiry notifications.
ikloecker added a commit: rLIBKLEO679ff1c669de: Add EncryptionKey flag.Apr 17 2023, 6:20 PM
ikloecker added a commit: rKLEOPATRA0f472be2fa2d: Explicitly check expiration of (own) encryption keys.Apr 17 2023, 6:30 PM
ikloecker added a commit: rLIBKLEO14e642c8faf1: Remove internally used enum value alias.Apr 18 2023, 11:58 AM
ikloecker added a commit: rLIBKLEO98ff208f9f43: Check for null keys and invalid check flags.
ikloecker added a commit: rLIBKLEOc884b9296917: Check expiration of suitable subkey instead of primary key.
ikloecker mentioned this in T6456: Kleopatra: Offers encryption-only OpenPGP keys as signing key.Apr 18 2023, 1:13 PM
ikloecker added a commit: rKLEOPATRAc79d94ed0ac7: Handle case that no suitable subkey was found.Apr 18 2023, 1:24 PM
ikloecker added a commit: rKLEOPATRA323aacabe728: Put tags and tooltips settings on new General tab.Apr 20 2023, 12:19 PM
ikloecker added a commit: rKLEOPATRA38c0ab526717: Create UI of Appearance config in code.
ikloecker added a commit: rKLEOPATRA01ef7ba08287: Make display of expiration notifications configurable.
ikloecker added a commit: rKLEOPATRAcd2009b999b0: Add setting to disable the expiration notifications.
ikloecker added a commit: rLIBKLEO8ce422f5d4d1: Add minimum and maximum values for expiry notification thresholds.Apr 21 2023, 12:47 PM
ikloecker added a commit: rLIBKLEO551d9123a6a6: Add accessesors for the threshold config items.
ikloecker added a commit: rKLEOPATRA649814c93237: Make expiry thresholds for own and other certificates configurable.Apr 21 2023, 12:53 PM
ikloecker added a commit: rKLEOPATRA78627ab45382: Add a sligthly modernized copy of KPluralHandlingSpinBox from KTextWidgets.
ikloecker added a commit: rKLEOPATRA1714f6f9c70c: Update expiry notifications when keys or config changed.
ikloecker added a comment.EditedApr 24 2023, 12:05 PM

A few remarks:

  • For now the users are just informed about the upcoming expiration of certificates used in the Sign/Encrypt dialog. There is no button to act or get further information what to do about it.
  • Expiration of issuer certificates are ignored. If a leaf certificate gets invalid as soon as any certificate in the issuer chain expires, then it may make more sense to treat this as expiration of the leaf certificate since that's effectively what happens. On the other hand, if the expiration of certificates in the issuer chain have no effect on the validity of the leaf certificate (because at the time the leaf certificate was certified the chain was valid), then, in my opinion, it makes little sense to bother the users with the expiration of chain certificates.
  • I took over the default values that are also used by KMail and that seem to be the recommended default by SPHINX (according to the comments for the settings in KMail).
  • I decided to save/load the thresholds from a shared configuration file (kleo-expirycheckerrc), but to keep the setting whether to show expiry notifications as per-application setting.
ikloecker mentioned this in T6467: KMail: Replace usage of NearExpiryChecker with new ExpiryChecker.Apr 24 2023, 12:14 PM
ikloecker changed the task status from Open to Testing.Apr 24 2023, 12:31 PM
ikloecker removed ikloecker as the assignee of this task.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.

Ready for testing.

ikloecker mentioned this in T6468: Message when key will expire soon.Apr 24 2023, 12:39 PM
ikloecker added a commit: rLIBKLEO82bb6e2b870b: Fix checking never expiring subkeys for expiration.May 2 2023, 3:29 PM
ebo added a subscriber: ebo.May 9 2023, 1:49 PM

Works. The only drawback is: for the message to be displayed in the "for others" part of the encryption dialog you have to click in the next line before it is displayed.
If you click on sign/encrypt directly, you won't see the warning. At least if you select the recipient by starting to type and the selecting from the dropdown.

The corresponding issue for it to disappear: if I delete the recipient again the warning goes away only after clicking in the next line.

In contrast: if you use the button on the right side for selection, the warning for the chosen recipient is shown immediately.

And I cannot find the kleo-expirycheckerrc you mentioned, it's probably optional and to be located in %APPDATA% kleopatra?
Instead there ist a configuration option in the appearance tab of Kleos configuration menu, which works, too.

ikloecker changed the task status from Testing to Open.May 9 2023, 3:00 PM
ikloecker claimed this task.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.

Yes, kleo-expirycheckerrc is optional. I'm not sure where the config files live on Windows. It's used by libkleo, so it could also be %APPDATA%/libkleo. The setting in the appearance tab is stored in kleopatrarc. (I thought it makes sense to have the warning configured per application, but the thresholds should be shared by all applications.)

I may have to look into the "for others" issue you found. I've moved it back to WIP.

aheinecke added a comment.May 9 2023, 3:55 PM

Mmh, why did this go into its own rc file. I guess its because its in libkleo and not in Kleo itself. I have to check how this works with my registry code. I doubt that this will work out of the box but its important for us that our settings can be set through the windows registry.

ikloecker added a comment.May 9 2023, 4:22 PM

@aheinecke As I wrote "the thresholds should be shared by all applications". Therefore (and because the code is in libkleo), using kleopatrarc wasn't an option. Or is the question why I didn't use libkleopatrarc? One advantage of using a separate file is that watching for relevant changes by other applications is much easier resp. that one doesn't get change notifications for unrelated settings.

ikloecker added a comment.May 15 2023, 12:29 PM
In T6330#170382, @ebo wrote:

[...] The only drawback is: for the message to be displayed in the "for others" part of the encryption dialog you have to click in the next line before it is displayed.
If you click on sign/encrypt directly, you won't see the warning. At least if you select the recipient by starting to type and the selecting from the dropdown.

The warning is shown either when the users accept their input with Return or when the navigate to another UI element (e.g. with Tab). This is done to avoid distraction by too much jumping of the UI while the user is interacting with the input field.

ikloecker added a commit: rKLEOPATRA7439a5e0c9c6: Remove expiry message if input field is cleared.May 16 2023, 11:56 AM
ikloecker added a commit: rKLEOPATRAd2aa4e331698: Unify behavior of completion handling.
ikloecker changed the task status from Open to Testing.May 16 2023, 12:03 PM
ikloecker removed ikloecker as the assignee of this task.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.

The warning is now removed immediately, when the input field becomes empty.

Moreover, selecting one of the completion entries with the mouse or the keyboard (Return) now behaves identical.

It's still possible to click Sign/Encrypt without getting the warning by entering some text matching exactly one key and then clicking on the button.

ebo closed this task as Resolved.Jun 14 2023, 11:55 AM
ebo claimed this task.
ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.

works