Page MenuHome GnuPG
Create Task
Maniphest T6403

Kleopatra: Warn if a certificate in a group is deleted
Closed, ResolvedPublic
Actions

Description

If I import a group definition and delete one of the included certificates afterwards, the certificate is no longer shown in the group definition and therefore no longer used for encryption to that group.

This may cause confusion especially in the context of encrypted group mails. A users might not always be aware who is participant in a group mail address (as group membership is not shown in the certificate list, see also T6240) and might delete a certificate of the group. The result would be that that person would then get a mail which is not encrypted to them.

I propose
a) a warning when attempting to delete a certificate which is in a group
b) an optional column in the certificate view displaying the group memberships of a certificate (edit: this was moved to another ticket)

Details

Version
3.1.26

Revisions and Commits

rKLEOPATRA Kleopatra
rKLEOPATRA9db994410413 Warn the user when deleting keys that are part of a keygroup
rKLEOPATRA73b57a8c8030 Warn the user when deleting keys that are part of a keygroup
rKLEOPATRA09e6b2dbdb06 Warn the user when deleting keys that are part of a keygroup
rKLEOPATRA259b452dfa8d Warn the user when deleting keys that are part of a keygroup

Related Objects
Search...

Event Timeline

ebo created this task.Mar 6 2023, 11:06 AM
ikloecker added a subscriber: ikloecker.EditedMar 7 2023, 9:56 AM

This pretty much highlights a general problem of groups: If the distribution groups for the email client are managed independently from the certificate groups then there will inevitably be discrepancies. The obvious solution is the usage of groups managed by a central service for email addresses and certificates. (Or an encrypted mailing list service.)

a) is a good idea.
b) is already covered by T6240: Kleopatra: Add column for groups in the certificate view.

aheinecke renamed this task from Kleopatra: handling of keys/certificates which are in a group to Kleopatra: Warn if a certificate in a group is deleted.Mar 15 2023, 10:15 AM
aheinecke triaged this task as Normal priority.
aheinecke added a subscriber: aheinecke.

I changed the title of the issue to make it about adding the warning. I also think that is a good idea to avoid confusion / accidents.

werner mentioned this in T6506: Release GnuPG 2.4.2.May 30 2023, 4:42 PM
ebo added a parent task: T6916: Kleopatra group related improvements.Jan 3 2024, 12:05 PM
TobiasFella added a commit: rKLEOPATRA259b452dfa8d: Warn the user when deleting keys that are part of a keygroup.Feb 16 2024, 10:59 AM
TobiasFella claimed this task.Feb 16 2024, 11:36 AM
TobiasFella added a commit: rKLEOPATRA09e6b2dbdb06: Warn the user when deleting keys that are part of a keygroup.Feb 16 2024, 1:38 PM
TobiasFella added a commit: rKLEOPATRA73b57a8c8030: Warn the user when deleting keys that are part of a keygroup.
TobiasFella changed the task status from Open to Testing.Feb 21 2024, 2:17 PM
alexk changed the status of subtask T7043: Kleopatra: improve certificate deletion dialog from Open to Testing.Apr 30 2024, 5:38 PM
ikloecker added a commit: rKLEOPATRA9db994410413: Warn the user when deleting keys that are part of a keygroup.May 6 2024, 5:04 PM
ikloecker added projects: Restricted Project, vsd33.May 7 2024, 11:01 AM
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker moved this task from Backlog to WiP on the vsd33 board.
werner mentioned this in T7189: Release GnuPG 2.5.0.Jul 5 2024, 2:42 PM
ebo moved this task from WiP to QA on the vsd33 board.Jul 25 2024, 5:13 PM
ebo added a comment.Jul 29 2024, 11:09 AM

Tested with Version 3.2.2.2405000+git~ (Gpg4win-4.3.2-beta41)

This works in principle, for for single certificate deletion as well as multiple, the warning comes up with appropriate wording iff all certificates where in that group.
So I'll close the ticket for now and plan to open a new one with a low priority.

Points for the future ticket:
When only part of the selected certificates is in a group, all are shown, anyway:

Here one of the certificates was not in the only existing group.

Here the wording is technically correct, but confusing in the case of a revoked certificate where no encryption will happen anyway.

ebo closed this task as Resolved.Jul 29 2024, 11:11 AM
ebo updated the task description. (Show Details)
ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ebo moved this task from QA to vsd-3.3.0 on the vsd33 board.
ebo edited projects, added vsd33 (vsd-3.3.0); removed vsd33.
ebo closed subtask T7043: Kleopatra: improve certificate deletion dialog as Resolved.Jul 31 2024, 12:21 PM
ikloecker mentioned this in T7395: Prepare Release Notes for Gpg4win for Kleopatra.Wed, Nov 13, 5:04 PM