Page MenuHome GnuPG
Create Task
Maniphest T6472

Kleopatra: Switch smart card app back to openpgp after any operation
Closed, ResolvedPublic
Actions

Description

Some smart card tools assume that the openpgp app is active unless they have changed it themselves. To prevent confusing those tools, Kleopatra should switch the smart cards back to the openpgp app after any operation involving a different smart card app.

Revisions and Commits

rKLEOPATRA Kleopatra
rKLEOPATRA58bb942c20f2 Switch smart card back to openpgp after reading other app
rKLEOPATRAf9a3dd76a1e8 Switch smart card back to openpgp after any card command

Related Objects

Event Timeline

ikloecker triaged this task as High priority.Apr 25 2023, 11:45 AM
ikloecker created this task.

As discussed, this should be done before the next release.

ikloecker claimed this task.Apr 25 2023, 11:45 AM
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker added a commit: rKLEOPATRA58bb942c20f2: Switch smart card back to openpgp after reading other app.Apr 27 2023, 12:15 PM
ikloecker added a commit: rKLEOPATRAf9a3dd76a1e8: Switch smart card back to openpgp after any card command.
ikloecker added a comment.Apr 27 2023, 12:21 PM

Note that this change has the inconvenient consequence for the users that they will have to (re-)enter the PIV Authentication Key for each operation that requires authentication, e.g. for each write operation (generate key, write key, write certificate), because switching to openpgp seems to reset the PIV authentication.

ikloecker changed the task status from Open to Testing.Apr 28 2023, 10:43 AM
ikloecker removed ikloecker as the assignee of this task.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.

I have checked that we now switch back to openpgp (if necessary) after every use of ReaderStatus::startSimpleTransaction and ReaderStatus::startTransaction. The only uses of those functions outside of subclasses of CardCommand are by PGPCardWidget for which switching back to openpgp isn't needed.

This means that all code paths which switch the smart card app should be covered.

werner mentioned this in T6462: gpg --edit-card does not display openpgp info on connected card .Apr 28 2023, 10:49 AM
ebo closed this task as Resolved.Sep 29 2023, 10:44 AM
ebo claimed this task.
ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ebo added a subscriber: ebo.

works: After generating a PIV key

gpg --edit-card

nevertheless shows the OpenPGP keys. Tested with gpg4win 4.2.0.