Page MenuHome GnuPG
Create Task
Maniphest T6761

Kleopatra: Handle special keyserver value "none"
Closed, ResolvedPublic
Actions

Description

dirmngr supports the special value "none" for the key server to disable the fallback to the default key server (T6708). Kleopatra needs to handle this value in a few places to avoid confusing error messages.

Edit: WKD search related changes are tracked in T6868, including:

  • Search function: Using the "lookup on server" function with "none" set as keyserver causes a pop-up error window (but title is "Information") to appear which has to be recognized with OK before the results of the WKD search will be displayed. The message is "Suche auf Zertifikatsserver fehlgeschlagen. Die Fehlermeldung lautet: Kein Schlüsselserver verfügbar". (For wishes on improvements to the search dialog see T6493, too)

Cases to be fixed and tracked here:

  • Give error message in case:
    • Export OpenPGP key to key server
    • Search is used while keyserver is "none" and no S/MIME directory is configured

      - Refresh OpenPGP keys
  • Avoid changing value "none" to "hkps://none"

Details

Version
VS-Desktop-3.1.90.246-Beta

Revisions and Commits

rLIBKLEO Libkleo
rLIBKLEOe64562aed630 Support special keyserver value "none" in helper functions
rLIBKLEO51f9e1e64b2d Support special keyserver value "none" in helper functions
rKLEOPATRA Kleopatra
rKLEOPATRA404e0131737d Don't prefix special key server value "none" with hkps://
rKLEOPATRAa83efd539a1b Show an error if the usage of key servers has been disabled
rKLEOPATRAcb686b30396a Add a tooltip for OpenPGP keyserver config mentioning "none"
rKLEOPATRA05b9e0bc6986 Don't prefix special key server value "none" with hkps://
rKLEOPATRAf2d388ea2073 Show an error if the usage of key servers has been disabled

Related Objects
Search...

Event Timeline

ikloecker created this task.Oct 16 2023, 2:14 PM
ikloecker mentioned this in T6708: Allow to inhibit the use of a default PGP keyserver.
ebo updated the task description. (Show Details)Oct 16 2023, 3:02 PM
ebo set Version to VS-Desktop-3.1.90.246-Beta.
aheinecke triaged this task as Normal priority.Oct 18 2023, 8:57 AM
aheinecke added a subscriber: aheinecke.

This issue might be a bit to general, some things like avoiding bad error messages are more important then a fully nice solution. A nice solution IMO would make all the "publish on keyserver" actions / checkboxes invisible in that case. If a restart is required when the setting changes that is ok in my book because the way we use "none" is intended that our entry level packages have "none" defined in the global config. Of course if a user then manually enters a value when none is set we would also need to bring up a message box stating that a restart is required for the change to take effect.

aheinecke added a comment.Oct 18 2023, 8:58 AM

Mh, let us concentrate in here on error messages. I was thinking "but what about disable-dirmngr in the settings" then all publish / refresh / receive actions should be disabled or invisible. So that is better something for a different task.

ebo added a subscriber: ebo.Nov 23 2023, 10:26 AM
ikloecker mentioned this in T6866: Kleopatra: Remove fallback to keys.gnupg.net if no key server is configured.Dec 5 2023, 10:09 AM
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker added a commit: rKLEOPATRAf2d388ea2073: Show an error if the usage of key servers has been disabled.Dec 5 2023, 2:07 PM
ikloecker added a commit: rKLEOPATRA05b9e0bc6986: Don't prefix special key server value "none" with hkps://.
ikloecker claimed this task.Dec 5 2023, 5:34 PM
ikloecker added a commit: rLIBKLEO51f9e1e64b2d: Support special keyserver value "none" in helper functions.Dec 6 2023, 9:13 AM
ikloecker added a commit: rKLEOPATRAcb686b30396a: Add a tooltip for OpenPGP keyserver config mentioning "none".
ikloecker changed the task status from Open to Testing.Dec 6 2023, 9:30 AM

The following operations were changed:

  • Export OpenPGP key to key server now shows an error if key server is set to "none".
  • Refresh OpenPGP keys now shows an error if key server is set to "none".
  • If key server is set to "none" and no S/MIME directory servers are configured then you'll get an error when you try Lookup on Server.
  • Kleopatra no longer stores the special value "none" as "hkps://none".

Cross-check that the above operations still work if you either set no key server (so that the internal default is used) or a working key server.

ebo changed the task status from Testing to Open.Dec 6 2023, 10:21 AM

This is not as intended. When doing a search, we wanted No error message and only WKD search should be executed.

Likewise, refresh should then only search for WKD.

ikloecker added a comment.Dec 7 2023, 8:30 AM
In T6761#179919, @ebo wrote:

This is not as intended. When doing a search, we wanted No error message and only WKD search should be executed.

I haven't touched this code or the error message. All I did is make the function hasKeyserverConfigured() return false if the key server has been disabled explicitly with "none". This does now trigger the error message which wasn't triggered before because gpg always used the default key server if no key server was configured.

Likewise, refresh should then only search for WKD.

I was talking about "Refresh OpenPGP Keys". This functionality has always simply called gpg --refresh-keys which knows nothing about WKD.

ikloecker changed the task status from Open to Testing.Dec 7 2023, 8:42 AM

I had a quick look at "Lookup on Server" with regard to doing WKD even if no key servers (neither for OpenPGP nor for S/MIME) are configured. This requires more work because WKD lookup is only possible if an email address is entered while key server lookup also works for arbitrary search terms. The users have to be informed about this restriction which is out of scope of this ticket. I think this fits nicely into T6493.

aheinecke added a comment.Dec 7 2023, 9:59 AM

Yes, It was not my intention that WKD should not work when searching for keys, when keyserver is None. Although such a search could be handled by just entering the email address in the recipient dialog in the file encryption widget to trigger a locate key or in the case of GpgOL to enter the recipient mail but I think that feature is very hidden / not really discoverable for users. And yes an improvement for the search Window in that case would be to then switch to "Enter Email" and use an email validator on the input field for example. So let us handle this as part of T6493

ebo mentioned this in T6868: Kleopatra: Allow search of WKD in case of keyserver none.Dec 7 2023, 10:25 AM
ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Dec 7 2023, 10:27 AM
aheinecke added a comment.Jan 19 2024, 9:05 PM

@ebo Is this fixed now?

aheinecke mentioned this in T6950: Kleopatra: Usability improvements for directory services configuration.Jan 19 2024, 9:13 PM
ebo added a parent task: T6935: Kleopatra: Key search and refresh related improvements.Jan 22 2024, 1:26 PM
ebo updated the task description. (Show Details)Jan 22 2024, 2:08 PM
ebo added a comment.Jan 22 2024, 3:09 PM

@aheinecke For Gpg4win I do not have a suitable test version yet.

In VSD 3.2.0/3.2.1 the fixes from this ticket are not included

ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Jan 23 2024, 12:47 PM
ebo added a project: vsd32.EditedFeb 26 2024, 3:45 PM

For VSD there should at least no info message be shown - which has to be clicked away - when keyserver is set to "None"

ikloecker moved this task from Backlog to WiP on the vsd32 board.Mar 5 2024, 10:06 AM
ikloecker added a commit: rLIBKLEOe64562aed630: Support special keyserver value "none" in helper functions.Mar 5 2024, 11:50 AM
ikloecker added a commit: rKLEOPATRAa83efd539a1b: Show an error if the usage of key servers has been disabled.Mar 5 2024, 11:53 AM
ikloecker added a commit: rKLEOPATRA404e0131737d: Don't prefix special key server value "none" with hkps://.
ikloecker added a comment.Mar 5 2024, 11:59 AM

I have backported the relevant commits to gpg4win/23.10 for VSD 3.2. I left out the commit that adds a tooltip.

ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Mar 8 2024, 4:36 PM

with Version 3.2.2.231170+git~ (Gpg4win-4.3.1-beta12):

  • no error message any more with keyserver = none
  • correct error message when choosing "publish on server"

But in the case "Refresh OpenPGP keys" (in Kleopatras certificate Details) there is no error message but instead ~"the key is unchanged".

ikloecker added a comment.Mar 11 2024, 11:43 AM
In T6761#183780, @ebo wrote:

But in the case "Refresh OpenPGP keys" (in Kleopatras certificate Details) there is no error message but instead ~"the key is unchanged".

It seems that gpgme doesn't report an error if no keyserver is defined. -> T7036: gpgme: gpgme_op_receive_keys does not return an error if keyserver lookup is disabled

And that Kleopatra attempts a keyserver lookup for keyserver none is handled by T7037: Kleopatra: Handle disabled keyserver when updating a certificate.

ebo closed this task as Resolved.Mar 28 2024, 10:30 AM
ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.

ok, then I set this ticket to resolved, as it now works in version VS-Desktop-3.1.92.39-Beta as far as in Gpg4win.
That is only the "Refresh Keys" does not work yet. Which we now track in the above mentioned Tickets T7036 and T7037

ebo updated the task description. (Show Details)Mar 28 2024, 10:38 AM
ebo moved this task from WiP to vsd-3.2.0 on the vsd32 board.
ebo edited projects, added vsd32 (vsd-3.2.0); removed vsd32.
ebo added a comment.Mar 28 2024, 2:21 PM

Note to self: The error message that nothing was found on the keyserver will still come up if one is configured. That will be fixed with T6493.