Page MenuHome GnuPG

Kleopatra: Offers encryption-only OpenPGP keys as signing key
Testing, NormalPublic

Description

While testing T6330: Kleopatra: Additional Expiry handling, I got the message that a signing key I had selected wasn't suitable for signing. It turned out that this (test) key was a certify-encryption-authentication key, but not a signing key. Kleopatra still offered this key in the signing certificate drop-down of the Sign/Encrypt dialog.

Turns out that the root cause is a 19 years old workaround for a bug in an ancient version of gpgme.

Event Timeline

ikloecker triaged this task as Normal priority.
ikloecker created this task.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker changed the task status from Open to Testing.Apr 19 2023, 10:21 AM
ikloecker removed ikloecker as the assignee of this task.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.

Fixed.

To test this you need to create an OpenPGP key without signing capability.