Page MenuHome GnuPG

Kleopatra: Increase warning for backup secret key - Especially in de-vs mode
Open, WishlistPublic

Description

As a background, it has often been mentioned that the case against "soft keys" is that users accidentally send them.
In my opinion with playing around with Kleopatra nearly the only thing that you can really do wrong is to send out your secret key with a weak password.

Now even though we call it "Backup Secret Key" we have multiple cases of German government officials whose job description is information security to send out this "Backup" to all their employes and even external communication partners. That is technically illegal as it violates need to know, endangers government secrets. But even for non VS-NfD users such behavior is very dangerous.

This is because that in the Chiasmus days that was somwhat the workflow, you had a keyfile and a password and needed both to decrypt data.

I have talked to the BSI and while they do not want to prevent the case that you share a secret key for example in a small team which all works on the same project with the same data. Sharing the same key for your whole organisation or externals is clearly wrong and they will try to find some wording in the update of our documentation to say that. They would like for us to discourage this in the User interface even further.

What I want is a UAC style Warning that feels different from all other warnings a red background would be my choice with that. https://developex.com/blog/system-modal-back/ this involves Windows System Programming so I guess it will be my task. For Linux just a very strong and large warning message that looks different from others should be OK.

The wording should be very clear in VS-NfD Mode. Large, Bold and with bullet points.:

  • This is not a Chiasmus Key file!
  • The resulting file is to be treated as at least VS-NfD and may not be sent without additional encryption.
  • You may only share a secret key with a small group of people working on the same documents.

Then link to documentation in the place of the OK button and a button "I know what I am doing".

Event Timeline

aheinecke triaged this task as Wishlist priority.Apr 24 2023, 3:27 PM
aheinecke created this task.

KWin has a script called "Dim screen for Administrator Mode" which mimics the windows behavior.