Page MenuHome GnuPG

Kleopatra: Forbid adding non-encryption keys to groups
Testing, NormalPublic

Description

Kleopatra should forbid adding sign-only keys to groups. And it should be made clear that groups are meant to be used for encryption by changing the wording from "groups" to "encryption groups" where appropriate. If a group with sign-only keys is imported, then the user shall be informed. Groups with sign-only keys shall be marked in the group dialog as invalid and it should not be possible to export such groups.

Rationale: Kleopatra's certificate groups are meant to be used for simplifying encrypting to a group of certificates. Currently, it's possible to add sign-only certificates to groups. This renders those groups unusable for encryption which is a usability problem. The users won't know why some group doesn't work as intended.

A secondary use case for groups is defining aliases for single keys. Forbidding sign-only keys in groups will prevent defining an alias for a sign-only key. We think this is acceptable because people can configure such an alias in their gpg.conf using gpg's group option.

Edit 2024-02-15: Changed "sign-only keys" to "non-encryption keys" in title because this applies to any keys that cannot be used for encryption.

Event Timeline

ikloecker mentioned this in Unknown Object (Maniphest Task).
aheinecke triaged this task as Normal priority.Sep 19 2023, 12:19 PM
aheinecke added projects: Restricted Project, kleopatra.
aheinecke added a subscriber: aheinecke.

Yes I think this makes sense and a little safeguard from weird situtations where users won't know how to resolve a problem. I think we should also check for that when ever a group is opened that it does not contain such keys. In case someone "revoked" there encryption key or more commonly the encryption subkey expired. In that case a message box might make sense telling the user which key / keys are not suitable for decryption.

ikloecker mentioned this in Unknown Object (Event).Nov 13 2023, 9:10 AM
ikloecker mentioned this in Unknown Object (Event).Nov 20 2023, 8:43 AM
ikloecker mentioned this in Unknown Object (Event).Dec 4 2023, 9:19 AM
TobiasFella moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Thu, Feb 15, 9:01 AM
ikloecker renamed this task from Kleopatra: Forbid adding sign-only keys to groups to Kleopatra: Forbid adding non-encryption keys to groups.Thu, Feb 15, 9:55 AM
ikloecker updated the task description. (Show Details)
TobiasFella mentioned this in Unknown Object (Event).Mon, Feb 19, 9:52 AM
TobiasFella changed the task status from Open to Testing.Wed, Feb 21, 2:17 PM
TobiasFella claimed this task.