Page MenuHome GnuPG
Create Task
Maniphest T6453

Kleopatra: Show isQualified in Certificate details if true
Closed, ResolvedPublic
Actions

Description

With Okular now used for signing Qualified signatures become more important.

Kleopatra should show this in the certificate details. For testing you might use the "qualified.txt" (although werner is not sure if this still works)

Details

External Link
https://invent.kde.org/pim/kleopatra/-/merge_requests/201

Revisions and Commits

rKLEOPATRA Kleopatra
rKLEOPATRA0e7b8ad3aa8b CertificateDetailsWidget: Show qualified status for SMIME certificates
rKLEOPATRAd72c8e02e1ca CertificateDetailsWidget: Show qualified status for SMIME certificates
rKLEOPATRAe2e6167f732b CertificateDetailsWidget: Show qualified status for SMIME certificates
rKLEOPATRAce39e0f0d0f9 CertificateDetailsWidget: Show qualified status for SMIME certificates

Event Timeline

aheinecke triaged this task as Normal priority.Apr 17 2023, 2:26 PM
aheinecke created this task.
aheinecke added subscribers: svuorela, werner.Apr 17 2023, 2:29 PM

Werner mentioned that the keyword "qual" can also be used like the "relax" keyword can also be used in the global trustlist.txt

TobiasFella added a commit: rKLEOPATRAce39e0f0d0f9: CertificateDetailsWidget: Show qualified status for SMIME certificates.May 15 2024, 11:07 AM
TobiasFella claimed this task.May 15 2024, 11:12 AM
TobiasFella set External Link to https://invent.kde.org/pim/kleopatra/-/merge_requests/201.
TobiasFella moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
TobiasFella added a commit: rKLEOPATRAe2e6167f732b: CertificateDetailsWidget: Show qualified status for SMIME certificates.May 29 2024, 10:16 AM
TobiasFella added a commit: rKLEOPATRAd72c8e02e1ca: CertificateDetailsWidget: Show qualified status for SMIME certificates.May 29 2024, 1:59 PM
TobiasFella added a commit: rKLEOPATRA0e7b8ad3aa8b: CertificateDetailsWidget: Show qualified status for SMIME certificates.May 29 2024, 2:10 PM
TobiasFella changed the task status from Open to Testing.Oct 1 2025, 4:43 PM

(writing this much later, since got lost)

Since this never specified exactly how it should look, here's what's been implemented:

timegrid edited projects, added gpd5x; removed Restricted Project.Fri, Dec 12, 2:38 PM
timegrid moved this task from Backlog to QA on the gpd5x board.
ebo changed the task status from Testing to Open.Tue, Dec 23, 4:21 PM
ebo moved this task from QA to WIP on the gpd5x board.
ebo added a subscriber: ebo.

Gpg4win-5.0.0-beta476:

I've created a global trustlist.txt at C:\ProgramData\GNU\etc\gnupg with an entry for the RootCA for Werners QES key with the qual keyword. (The local config would not work, according to the man page.)

But after restarting Kleopatra and it's background processes I do not see "qualified signature" for Werners key:

If I did something wrong, please point me in the right direction

ikloecker added a subscriber: ikloecker.Mon, Jan 5, 9:35 AM

What does gpgsm -k --with-colons print for Werner's QES key? The usage / capabilities should contain s (for signing) and q (for qualified signing). If q is missing then something isn't set up correctly.

ebo moved this task from WIP to Done on the gpd5x board.Thu, Jan 8, 4:28 PM

What I did wrong was that I did not include the global trustlist.txt (which is not read by default in Gpg4win) in the user trustlist.
This can be done by putting "include-default" at the beginning of the trustlist.txt in the users GNUPGHOME.

After I did that it is now shown in Kleopatra:

Therefore: works with Gpg4win-5.0.0-beta479

And btw, the cli command above is missing "--with-validation", without that the "q" will not be shown. So it needs to be:

gpgsm -k --with-colons --with-validation Key-ID
ebo closed this task as Resolved.Thu, Jan 8, 4:28 PM