Page MenuHome GnuPG

Kleopatra: On export, inform user about uncertified user IDs
Closed, ResolvedPublic

Description

On export (of individual certificates), export all user IDs and inform the user if there were not certified user IDs.
On exporting a not/partially certified group, inform the user and ask if they want to certify the group now.

This is a follow-up task to T6469: Kleopatra: Certify a group.

Event Timeline

ikloecker triaged this task as Normal priority.Oct 17 2023, 10:58 AM
ikloecker created this task.

Questions:

  • What does "not certified" mean? Not certified by the user exporting the certificates (use case: I'm the "CA" for the exported group.)? Or not fully valid (i.e. not certified by a trusted certificate) (use case: I want to give some certificates to my co-workers and certification is centralized)?
  • What about expired, revoked, or otherwise invalid certificates?

Possible compromise:

  • If any of the certificates is certified by the user, then check if all certificates are certified by the user with an exportable certification.
  • If none of the certificates is certified by the user, then just check if all certificates are fully valid.
  • Always confirm export of invalid certificates.

On second thought, I think going for confirmation if not all certificates are certified by the user with an exportable certification is the sensible approach. I'll add a "Don't ask me again" option, so that users who don't care or don't understand what they are asked can disable the confirmation.

ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker changed the task status from Open to Testing.Oct 19 2023, 1:32 PM
ikloecker removed ikloecker as the assignee of this task.

I have added the confirmation to the following commands:

  • Export Certificate(s)
  • Publish on Server
  • Export Group

I haven't added the possibility to start a group certification directly from the confirmation message.

ikloecker mentioned this in Unknown Object (Event).Oct 23 2023, 9:29 AM

I haven't added the possibility to start a group certification directly from the confirmation message.

I think this is useful. Also with the other message regarding exportable certifycations. I think the next step for the user would be to certify them.

While you are at it. Please change "exportable" to something understandable for users like "certifications which others can see" or something like that.

I opened T6771 for this because this issue is done.

ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Oct 31 2023, 2:10 PM

VS-Desktop-3.1.90.258-Beta:

Works, the confirmation is asked in all 3 cases.

And the confirmation dialog can be turned of for each of the cases separately. Although that is not really obvious from the text.
But this decision can not be changed again, unfortunately. I would prefer if it was configurable in a config file...

Whether the confirmation dialogs are shown is configurable in the config file (just like any other "Don't show again" option, e.g. the question asked when you quit Kleopatra). Simply remove the corresponding entries in the [Notification Messages] section to make Kleopatra show the confirmation dialogs again.

On Windows, the notifications are currently configured in kleopatra.kmessagebox, or more accurately, the wish not to notify is configured there:

[General]
confirm-export-of-uncertified-keys=4
confirm-upload-of-uncertified-keys=4
confirm-export-of-uncertified-groups=4

See T6799, too

ebo claimed this task.
ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ebo added a project: vsd32.
ebo moved this task from Backlog to vsd-3.2.0 on the vsd32 board.
ebo edited projects, added vsd32 (vsd-3.2.0); removed vsd32.