Page MenuHome GnuPG

Kleopatra: Forbid adding non-encryption keys to groups
Closed, ResolvedPublic

Description

Kleopatra should forbid adding sign-only keys to groups. And it should be made clear that groups are meant to be used for encryption by changing the wording from "groups" to "encryption groups" where appropriate. If a group with sign-only keys is imported, then the user shall be informed. Groups with sign-only keys shall be marked in the group dialog as invalid and it should not be possible to export such groups.

Rationale: Kleopatra's certificate groups are meant to be used for simplifying encrypting to a group of certificates. Currently, it's possible to add sign-only certificates to groups. This renders those groups unusable for encryption which is a usability problem. The users won't know why some group doesn't work as intended.

A secondary use case for groups is defining aliases for single keys. Forbidding sign-only keys in groups will prevent defining an alias for a sign-only key. We think this is acceptable because people can configure such an alias in their gpg.conf using gpg's group option.

Edit 2024-02-15: Changed "sign-only keys" to "non-encryption keys" in title because this applies to any keys that cannot be used for encryption.

Event Timeline

ikloecker mentioned this in Unknown Object (Maniphest Task).
aheinecke added projects: Restricted Project, kleopatra.
aheinecke added a subscriber: aheinecke.

Yes I think this makes sense and a little safeguard from weird situtations where users won't know how to resolve a problem. I think we should also check for that when ever a group is opened that it does not contain such keys. In case someone "revoked" there encryption key or more commonly the encryption subkey expired. In that case a message box might make sense telling the user which key / keys are not suitable for decryption.

TobiasFella moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Feb 15 2024, 9:01 AM
ikloecker renamed this task from Kleopatra: Forbid adding sign-only keys to groups to Kleopatra: Forbid adding non-encryption keys to groups.Feb 15 2024, 9:55 AM
ikloecker updated the task description. (Show Details)
TobiasFella changed the task status from Open to Testing.Feb 21 2024, 2:17 PM
TobiasFella claimed this task.

checked with Gpg4win-4.3.2-beta41:

Selecting a single not suitable certificate and then clicking the "down" button does not result in any action. I do not like it that there is no feedback. But with the changes in T6966 unusable certificates will not be displayed by default, anyway, so I would accept this.

Another thing is that I can select several certificates in which case all the unusable certificated between valid ones can be chosen and and moved to the lower pane. I would judge this to be wrong but not very important.
The group can then be saved, too. And exported (with a warning). I personally would be ok with only the warning despite the task description. But please define somewhere clearly what has been implemented and possibly why the task was changed.

Another thing from the task description was to change the wording ""groups" to "encryption groups" where appropriate.". Where is it appropriate? I do not see any such change.

So now I do not know what to do with this ticket…

The implemented behavior at the moment is:

  • certificates that can't be used for encryption are can't be selected in the upper panel and thus not added to the group
  • When selecting multiple / all certificates and adding them to the group, the unsuitable certs are not added to the group. This works correctly in qt6 but requires a fix to work in qt5. The fix is part of https://invent.kde.org/pim/kleopatra/-/merge_requests/266 (not yet backported)
  • In the groups dialog, groups with unsuitable certs are shown with a warning symbol
  • When exporting an invalid group, a warning is shown, but the export is still done. (based on Ingo's suggestion)

The change from "Group" to "Encryption Group" has not been done anywhere.

The Down button should be disabled if no suitable certificates are selected. That may not be the case (in Qt 5) because Qt seems to add disabled rows to the selection and the work around is applied when the Down button is pressed.

Tested with VS-Desktop-3.2.93.33-Beta, where everything necessary is backported:

OK:

  • The upper panel has now a default filter only showing usable keys, which does not include expired keys.
  • Even If one changes the filter to "all certificates" those unusable are greyed out and can not be selected, not even with the trick to select all certificates.

Maybe OK:

  • The warning symbol is only shown if a group contains keys without an encryption key, not if included certificates are expired or revoked.
  • If I try to export my test group which already contained an expired and a revoked certificate, I only get a warning that not all certificates are certified exportably.

Is this as we want it?

The Down button should be disabled if no suitable certificates are selected. That may not be the case (in Qt 5)

yes, its not disabled, but as I can't select unusable certificates that's not an issue

ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Oct 1 2024, 3:55 PM
ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.

Test with gpg4win-Beta-50 shows the same as described in the last comment.

Setting to resolved, I made a follow up task T7321: Kleopatra: add warning symbol to all unusable groups

ebo edited projects, added vsd33 (vsd-3.3.0); removed vsd33.