Page MenuHome GnuPG
Create Task
Maniphest T6644

GnuPG: Allow non compliant signatures in compliance mode
Open, WishlistPublic
Actions

Description

This is a followup from FROSCON. So while Kleopatra and GpgOL are tasked with showing the user each time something is non compliant, for signing we don't have the option because while we can encrypt to non-compliant keys in compliance mode, we cannot sign.

This is propblematic if you have for example a compliant workstation but also want to use it to e.g. send out signed release announcements with a different key. Our system just does not allow it.

When discussed we were unsure if this was intentional or an accident in the implementation. maybe a bit related T6643

Related Objects

Event Timeline

aheinecke triaged this task as Wishlist priority.Aug 10 2023, 2:36 PM
aheinecke created this task.
aheinecke mentioned this in T6643: GnuPG: ERRSIG for non compliant signatures in de_vs mode.Aug 14 2023, 2:22 PM
ebo added a project: kleopatra.Oct 20 2023, 12:26 PM
ebo added a subscriber: ebo.

and it is also confusing that you can choose the key for signing in Kleopatra, it is displayed with a green check mark but then you run into an error:

If we do not want to allow it at all I would suggest greying out the "Sign" button and marking the offending key with a red X, if it can be chosen at all.

If we allow it, the key should be marked with the blue sign and we could add the info, that the signature is not compliant in the success message.

Allowing it would be my preference.