Page MenuHome GnuPG

Inefficient and unobvious key certification (signing) process
Closed, InvalidPublic

Description

Importing key https://keys.openpgp.org/vks/v1/by-fingerprint/EB1DD5BF6F88820BBCF5356C8E94C9CD163E3FB0, I tried to "sign" (certify) the key non-exportable.
I was asked for the passphrase to unlock my private key, so I entered it (successfully, I assume). But surprisingly to me, I was asked for the passphrase again, and again, and again, so at some point I quit the process.

At this point it was not obvious why the passphrase was being asked for again. I suspect that the passphrase is being asked for once for each identity to sign. If that's the case, the passphrase dialog should at least indicate which identity is going to be signed by unlocking the private key! Preferably, entering the passphrase only once would be preferable.

Here are three screenshots (German, please forgive!):

Start of certification:

First passphrase:

Second passphrase:

(there were many more dialogs like that)

What you can see is that the subsequent passphrase dialog is looking just the same as the first one, leaving the user in a confused state ("What is going on here?"). Maybe the solution is as simple as to customize the popup-title ("pinentry-qt") to something more specific.

Details

Version
Gpg4win 4.2.0

Event Timeline

For me with Gpg4win 4.2.0 it works as expected, that is all UIDs which have a checkmark are certified in one go, entry of password only once. Used the key given in description for the test.

Maybe it's due to the fact that I used a non-admin installation? Actually I'm also surprised that it worked that way. What kind of debug logs could I supply?

Under Kleopatra -> Settings -> Configure Kleopatra -> GnuPG System -> In the Tab Secret Keys -> Is there either "Delete unused Passwords after N Seconds or Delete Passwords after N Seconds set to zero or the option "Do not use the password cache for signing" set? In this case this would be normal and expected behavior because it turns of the caching.