Page MenuHome GnuPG

Kleopatra: Handle special keyserver value "none"
Testing, NormalPublic

Description

dirmngr supports the special value "none" for the key server to disable the fallback to the default key server (T6708). Kleopatra needs to handle this value in a few places to avoid confusing error messages.

Edit: WKD search related changes are tracked in T6868, including:

  • Search function: Using the "lookup on server" function with "none" set as keyserver causes a pop-up error window (but title is "Information") to appear which has to be recognized with OK before the results of the WKD search will be displayed. The message is "Suche auf Zertifikatsserver fehlgeschlagen. Die Fehlermeldung lautet: Kein Schlüsselserver verfügbar". (For wishes on improvements to the search dialog see T6493, too)

Cases to be fixed and tracked here:

  • Give error message in case:
    • Export OpenPGP key to key server
    • Refresh OpenPGP keys
    • Search is used while keyserver is "none" and no S/MIME directory is configured
  • Avoid changing value "none" to "hkps://none"

Details

Version
VS-Desktop-3.1.90.246-Beta

Event Timeline

ebo set Version to VS-Desktop-3.1.90.246-Beta.
aheinecke triaged this task as Normal priority.Oct 18 2023, 8:57 AM
aheinecke added a subscriber: aheinecke.

This issue might be a bit to general, some things like avoiding bad error messages are more important then a fully nice solution. A nice solution IMO would make all the "publish on keyserver" actions / checkboxes invisible in that case. If a restart is required when the setting changes that is ok in my book because the way we use "none" is intended that our entry level packages have "none" defined in the global config. Of course if a user then manually enters a value when none is set we would also need to bring up a message box stating that a restart is required for the change to take effect.

Mh, let us concentrate in here on error messages. I was thinking "but what about disable-dirmngr in the settings" then all publish / refresh / receive actions should be disabled or invisible. So that is better something for a different task.

ikloecker mentioned this in Unknown Object (Event).Nov 13 2023, 9:10 AM
ikloecker mentioned this in Unknown Object (Event).Nov 20 2023, 8:43 AM
ikloecker mentioned this in Unknown Object (Event).Dec 4 2023, 9:19 AM
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker changed the task status from Open to Testing.Dec 6 2023, 9:30 AM

The following operations were changed:

  • Export OpenPGP key to key server now shows an error if key server is set to "none".
  • Refresh OpenPGP keys now shows an error if key server is set to "none".
  • If key server is set to "none" and no S/MIME directory servers are configured then you'll get an error when you try Lookup on Server.
  • Kleopatra no longer stores the special value "none" as "hkps://none".

Cross-check that the above operations still work if you either set no key server (so that the internal default is used) or a working key server.

ebo changed the task status from Testing to Open.Dec 6 2023, 10:21 AM

This is not as intended. When doing a search, we wanted No error message and only WKD search should be executed.

Likewise, refresh should then only search for WKD.

In T6761#179919, @ebo wrote:

This is not as intended. When doing a search, we wanted No error message and only WKD search should be executed.

I haven't touched this code or the error message. All I did is make the function hasKeyserverConfigured() return false if the key server has been disabled explicitly with "none". This does now trigger the error message which wasn't triggered before because gpg always used the default key server if no key server was configured.

Likewise, refresh should then only search for WKD.

I was talking about "Refresh OpenPGP Keys". This functionality has always simply called gpg --refresh-keys which knows nothing about WKD.

ikloecker changed the task status from Open to Testing.Dec 7 2023, 8:42 AM

I had a quick look at "Lookup on Server" with regard to doing WKD even if no key servers (neither for OpenPGP nor for S/MIME) are configured. This requires more work because WKD lookup is only possible if an email address is entered while key server lookup also works for arbitrary search terms. The users have to be informed about this restriction which is out of scope of this ticket. I think this fits nicely into T6493.

Yes, It was not my intention that WKD should not work when searching for keys, when keyserver is None. Although such a search could be handled by just entering the email address in the recipient dialog in the file encryption widget to trigger a locate key or in the case of GpgOL to enter the recipient mail but I think that feature is very hidden / not really discoverable for users. And yes an improvement for the search Window in that case would be to then switch to "Enter Email" and use an email validator on the input field for example. So let us handle this as part of T6493

ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Dec 7 2023, 10:27 AM
ikloecker mentioned this in Unknown Object (Event).Dec 11 2023, 8:57 AM

@aheinecke For Gpg4win I do not have a suitable test version yet.

In VSD 3.2.0/3.2.1 the fixes from this ticket are not included

ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Jan 23 2024, 12:47 PM

For VSD there should at least no info message be shown - which has to be clicked away - when keyserver is set to "None"

ikloecker mentioned this in Unknown Object (Event).Mon, Mar 4, 8:32 AM