Page MenuHome GnuPG

Kleopatra: Offers encryption-only OpenPGP keys as signing key
Closed, ResolvedPublic

Description

While testing T6330: Kleopatra: Additional Expiry handling, I got the message that a signing key I had selected wasn't suitable for signing. It turned out that this (test) key was a certify-encryption-authentication key, but not a signing key. Kleopatra still offered this key in the signing certificate drop-down of the Sign/Encrypt dialog.

Turns out that the root cause is a 19 years old workaround for a bug in an ancient version of gpgme.

Event Timeline

ikloecker triaged this task as Normal priority.
ikloecker created this task.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker changed the task status from Open to Testing.Apr 19 2023, 10:21 AM
ikloecker removed ikloecker as the assignee of this task.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.

Fixed.

To test this you need to create an OpenPGP key without signing capability.

ebo claimed this task.
ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.

This works.

There is only a little cosmetic flaw in the UI if you try to do sign+encrypt:
Sign has a check marking it activated but as no key is selected the field behind it is empty and the action button at the end only shows "Encrypt" and of course does just that.

Ideally, as previously sign+encrypt was chosen, I would expect that the action button would get functional only if you removed the check mark before "Sign".
But as this case is pretty exotic, anyway, I won't open a ticket for that.