Page MenuHome GnuPG
Create Task
Maniphest T6788

Kleopatra: Signing with expired signing subkey shouldn't be possible
Closed, ResolvedPublic
Actions

Description

Trying to sign with an expired signing subkey shouldn't be possible because it anyway fails with "Unusable secret key".

This is similar to T6742 except that it's about a single certificate and about signing.

Reproduce:

  • You need a valid certificate with certify-only primary (sub)key and expired signing subkey. (Hint: Use gpg --edit-key to add the signing subkey and specify seconds=5 as expiration to add an expired signing subkey.)
  • Set the fingerprint of this certificate as [SignEncryptKeys] SigningKey in kleopatrarc.
  • Start Kleopatra, open the notepad, and select the Recipients tab.
  • Uncheck "Encrypt for me". (This isn't really necessary but it avoids unrelated complications.)

Expected:

  • The signing certificate is marked with the error icon (red icon with X).
  • The Sign Notepad button is disabled.

Actual:

  • The signing certificate is marked with the green "all good" icon. -> Not OK
  • A message below the signing certificate reads "This certificate is expired." -> OK
  • The Sign Notepad button is enabled. -> Not OK
  • Trying to sign fails with Unusable secret key -> OK (but the user should be spared this error)

Revisions and Commits

rKLEOPATRA Kleopatra
rKLEOPATRA3be48c4eee10 Report incomplete input if invalid certificates are selected
rKLEOPATRA9185715217d1 Also use SignEncryptWidget::isComplete for the notepad
rKLEOPATRA912651eb871f Ensure proper icon for valid certs with invalid signing subkey
rKLEOPATRA35684c964fa8 Disable Sign button of Notepad if invalid signing cert is selected
rKLEOPATRA54382219eddd Also use SignEncryptWidget::isComplete for the notepad
rKLEOPATRAc9be9a0750d7 Disable Sign button of Notepad if invalid signing cert is selected
rKLEOPATRA1a4ca4ca436c Report incomplete input if invalid certificates are selected
rKLEOPATRA58de2eea61ca Ensure proper icon for valid certs with invalid signing subkey

Related Objects

Event Timeline

ikloecker claimed this task.Nov 2 2023, 10:46 AM
ikloecker triaged this task as Normal priority.
ikloecker created this task.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker added a commit: rKLEOPATRA58de2eea61ca: Ensure proper icon for valid certs with invalid signing subkey.Nov 2 2023, 2:01 PM
ikloecker added a commit: rKLEOPATRAc9be9a0750d7: Disable Sign button of Notepad if invalid signing cert is selected.
ikloecker added a commit: rKLEOPATRA1a4ca4ca436c: Report incomplete input if invalid certificates are selected.
ikloecker added a commit: rKLEOPATRA54382219eddd: Also use SignEncryptWidget::isComplete for the notepad.
ikloecker mentioned this in T6742: Kleopatra: Encryption to group with expired key fails with unexpected message.Nov 2 2023, 2:09 PM
ikloecker changed the task status from Open to Testing.Nov 2 2023, 2:11 PM
ikloecker removed ikloecker as the assignee of this task.

Fixed for Sign/Encrypt Files/Folders and Sign/Encrypt notepad.

  • An invalid signing certificate is now marked with the red error icon.
  • The Sign/Encrypt button is disabled if an invalid signing certificate has been selected.
  • Also works for valid certificates with invalid signing subkeys.
aheinecke added a project: vsd32.Nov 10 2023, 5:07 PM
aheinecke added a subscriber: aheinecke.

Since this is a bugfix and it was related to 6742 with some commits having overlap i decided to also pick this for the 32 release branch.

aheinecke added a commit: rKLEOPATRA35684c964fa8: Disable Sign button of Notepad if invalid signing cert is selected.Nov 10 2023, 5:15 PM
aheinecke added a commit: rKLEOPATRA912651eb871f: Ensure proper icon for valid certs with invalid signing subkey.
aheinecke added a commit: rKLEOPATRA9185715217d1: Also use SignEncryptWidget::isComplete for the notepad.
aheinecke added a commit: rKLEOPATRA3be48c4eee10: Report incomplete input if invalid certificates are selected.
aheinecke moved this task from Backlog to QA on the vsd32 board.Nov 10 2023, 7:02 PM
ebo closed this task as Resolved.Nov 14 2023, 3:54 PM
ebo claimed this task.
ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ebo added a subscriber: ebo.

works as advertised, VS-Desktop-3.1.90.277-Beta

ebo moved this task from QA to vsd-3.2.0 on the vsd32 board.Nov 14 2023, 3:54 PM
ebo edited projects, added vsd32 (vsd-3.2.0); removed vsd32.