Page MenuHome GnuPG
Create Task
Maniphest T6738

Inefficient and unobvious key certification (signing) process
Closed, InvalidPublic
Actions

Description

Importing key https://keys.openpgp.org/vks/v1/by-fingerprint/EB1DD5BF6F88820BBCF5356C8E94C9CD163E3FB0, I tried to "sign" (certify) the key non-exportable.
I was asked for the passphrase to unlock my private key, so I entered it (successfully, I assume). But surprisingly to me, I was asked for the passphrase again, and again, and again, so at some point I quit the process.

At this point it was not obvious why the passphrase was being asked for again. I suspect that the passphrase is being asked for once for each identity to sign. If that's the case, the passphrase dialog should at least indicate which identity is going to be signed by unlocking the private key! Preferably, entering the passphrase only once would be preferable.

Here are three screenshots (German, please forgive!):

Start of certification:

First passphrase:

Second passphrase:

(there were many more dialogs like that)

What you can see is that the subsequent passphrase dialog is looking just the same as the first one, leaving the user in a confused state ("What is going on here?"). Maybe the solution is as simple as to customize the popup-title ("pinentry-qt") to something more specific.

Details

Version
Gpg4win 4.2.0

Event Timeline

uwi created this task.Sep 27 2023, 11:25 AM
uwi updated the task description. (Show Details)Sep 27 2023, 11:27 AM
ebo added a project: can't replicate.Sep 28 2023, 2:27 PM
ebo added a subscriber: ebo.Sep 28 2023, 2:38 PM

For me with Gpg4win 4.2.0 it works as expected, that is all UIDs which have a checkmark are certified in one go, entry of password only once. Used the key given in description for the test.

uwi added a comment.Sep 28 2023, 4:54 PM

Maybe it's due to the fact that I used a non-admin installation? Actually I'm also surprised that it worked that way. What kind of debug logs could I supply?

aheinecke added a subscriber: aheinecke.Sep 29 2023, 1:33 PM

Under Kleopatra -> Settings -> Configure Kleopatra -> GnuPG System -> In the Tab Secret Keys -> Is there either "Delete unused Passwords after N Seconds or Delete Passwords after N Seconds set to zero or the option "Do not use the password cache for signing" set? In this case this would be normal and expected behavior because it turns of the caching.

aheinecke closed this task as Invalid.Oct 4 2023, 11:41 AM
aheinecke removed a project: Bug Report.