Page MenuHome GnuPG
Create Task
Maniphest T6456

Kleopatra: Offers encryption-only OpenPGP keys as signing key
Closed, ResolvedPublic
Actions

Description

While testing T6330: Kleopatra: Additional Expiry handling, I got the message that a signing key I had selected wasn't suitable for signing. It turned out that this (test) key was a certify-encryption-authentication key, but not a signing key. Kleopatra still offered this key in the signing certificate drop-down of the Sign/Encrypt dialog.

Turns out that the root cause is a 19 years old workaround for a bug in an ancient version of gpgme.

Revisions and Commits

rLIBKLEO Libkleo
rLIBKLEO632057ae9c55 Use Key::canSign instead of Key::canReallySign with new gpgme++
rKLEOPATRA Kleopatra
rKLEOPATRA70c08d88a093 Use Key::canSign instead of Key::canReallySign with new gpgme++
rM GPGME
rMe80bf34bf86f Update NEWS
rM5bd84cfd3f09 cpp: Fix Key::canSign()

Related Objects

Event Timeline

ikloecker claimed this task.Apr 18 2023, 1:13 PM
ikloecker triaged this task as Normal priority.
ikloecker created this task.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker added a commit: rM5bd84cfd3f09: cpp: Fix Key::canSign().Apr 18 2023, 1:17 PM
ikloecker added a commit: rMe80bf34bf86f: Update NEWS.Apr 19 2023, 9:39 AM
ikloecker added a commit: rLIBKLEO632057ae9c55: Use Key::canSign instead of Key::canReallySign with new gpgme++.Apr 19 2023, 10:15 AM
ikloecker added a commit: rKLEOPATRA70c08d88a093: Use Key::canSign instead of Key::canReallySign with new gpgme++.Apr 19 2023, 10:18 AM
ikloecker changed the task status from Open to Testing.Apr 19 2023, 10:21 AM
ikloecker removed ikloecker as the assignee of this task.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.

Fixed.

To test this you need to create an OpenPGP key without signing capability.

ikloecker moved this task from Backlog to QA for next release on the gpgme board.Apr 19 2023, 10:21 AM
werner mentioned this in T6463: Release GPGME 1.20.0.Apr 20 2023, 4:40 PM
ikloecker mentioned this in T6569: unusable secret key selectable for crypto operations.Jun 30 2023, 6:31 PM
ebo merged a task: T6569: unusable secret key selectable for crypto operations.Jul 3 2023, 10:02 AM
ebo added a subscriber: ebo.
ebo closed this task as Resolved.Jul 3 2023, 10:58 AM
ebo claimed this task.
ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.

This works.

There is only a little cosmetic flaw in the UI if you try to do sign+encrypt:
Sign has a check marking it activated but as no key is selected the field behind it is empty and the action button at the end only shows "Encrypt" and of course does just that.

Ideally, as previously sign+encrypt was chosen, I would expect that the action button would get functional only if you removed the check mark before "Sign".
But as this case is pretty exotic, anyway, I won't open a ticket for that.

werner moved this task from QA for next release to gpgme 1.23.x on the gpgme board.Oct 25 2023, 10:40 AM
werner edited projects, added gpgme (gpgme 1.23.x); removed gpgme.