Page MenuHome GnuPG
Create Task
Maniphest T6867

Kleopatra: Process for multiple detatched signatures of a file
Testing, HighPublic
Actions

Description

We should support the following usecase in Kleopatra:

A document has to be signed (OpenPGP) by two (or possibly more) different persons.
In order for a one-click verification by the recipient of the document we need one signature file with both signatures. And it needs to have only the expected document name in it's filename before the ".sig".

At the moment it is only possible to concatenate signature files on the cli, which is not very user friendly.

Edit (2024-06-17):
The concatenation is trivial, because the signatures are binary they can simply be concatenated.
Add an extra button "Append" in the overwrite dialog. Before concatenating it might be useful to first use gpgme_op_identify to assert that the first is really a signature. The validation of the first signature is not necessary at that point.

Old:
Would it be possible - if we find a signature already next to a document - to ask if we want to replace the signature or to add a new one in the same file?
For this we should check first, if the first signature is valid. If invalid we would offer replacement only.

Revisions and Commits

rKLEOPATRA Kleopatra
rKLEOPATRA2984622bff4f Offer appending new detached signature only to existing detached signatures
rKLEOPATRA3743f242b250 Return choice and file name when asking for overwrite/rename/etc.
rKLEOPATRA679932408ee1 Allow appending a new detached signature to an existing file
rKLEOPATRA39abf52be225 Allow appending a new detached signature to an existing file
rKLEOPATRA46fda9a531fe Offer appending new detached signature only to existing detached signatures
rKLEOPATRA36c5cbd4a30f Return choice and file name when asking for overwrite/rename/etc.
rM GPGME
rM7d5df0bf0d86 qt: Allow appending a detached signature to an existing file

Related Objects

Event Timeline

ebo created this task.Dec 5 2023, 2:21 PM
ikloecker added a subscriber: ikloecker.Dec 5 2023, 4:43 PM

What if the second signer cannot verify the first signature because they don't have the required public key?

ebo mentioned this in T6870: Kleopatra: Improve representation of signature verification result in case of multiple signatures.Dec 8 2023, 3:28 PM
aheinecke triaged this task as Normal priority.Dec 11 2023, 2:03 PM
aheinecke added a subscriber: aheinecke.
In T6867#179911, @ikloecker wrote:

What if the second signer cannot verify the first signature because they don't have the required public key?

In that case I would say we override. For a signature I would not even ask the user if it should be replaced. Since why would you sign something that is already signed other then updating / replacing the signature?
The usecase for concatenation here is to countersign a document and for that you need to validate the first signature IMO, too. But you also don't really want to do that in case of large files, say > 10mb in that case you might just want to ask, add or replace.

aheinecke lowered the priority of this task from Normal to Wishlist.Dec 11 2023, 2:04 PM

Wishlist as the other tasks realted to that are also wishlist and this would be a new feature.

ebo raised the priority of this task from Wishlist to High.Jun 17 2024, 3:23 PM
ebo added a project: vsd33.

After discussion we concluded that showing all signatures in one detached signature file is something we want soon.

Concatenation signatures is trivial, because binary they can simply be concatenated.

We want an extra button in the overwrite dialog. Before concatenating it might be useful to first use gpgme_op_identifiy to assert that the first is really a signature. The validation of the first signature is not necessary.

alexk added a subscriber: alexk.Jun 17 2024, 3:38 PM


Example.

ikloecker added a comment.Jun 17 2024, 3:56 PM
In T6867#187289, @ebo wrote:

After discussion we concluded that showing all signatures in one detached signature file is something we want soon.

Kleopatra does already show all signatures in a detached signature file.

Only the creation of detached signature files with multiple signatures is missing.

ebo added a comment.Jun 17 2024, 4:10 PM

sorry, imprecise phrasing … we want this to be used in practice, which includes making the creation of a combined signature file easier.

ebo updated the task description. (Show Details)Jun 17 2024, 5:24 PM
ikloecker claimed this task.Jun 18 2024, 9:15 AM
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker added a commit: rM7d5df0bf0d86: qt: Allow appending a detached signature to an existing file.Jun 18 2024, 4:38 PM
ikloecker added a commit: rKLEOPATRA36c5cbd4a30f: Return choice and file name when asking for overwrite/rename/etc..Jun 19 2024, 10:51 AM
ikloecker added a commit: rKLEOPATRA39abf52be225: Allow appending a new detached signature to an existing file.
ikloecker added a commit: rKLEOPATRA46fda9a531fe: Offer appending new detached signature only to existing detached signatures.
ikloecker added a commit: rKLEOPATRA679932408ee1: Allow appending a new detached signature to an existing file.Jun 19 2024, 11:06 AM
ikloecker added a commit: rKLEOPATRA3743f242b250: Return choice and file name when asking for overwrite/rename/etc..
ikloecker added a commit: rKLEOPATRA2984622bff4f: Offer appending new detached signature only to existing detached signatures.
ikloecker changed the task status from Open to Testing.Jun 19 2024, 11:07 AM
ikloecker moved this task from Backlog to WiP on the vsd33 board.

Ready for testing. Backported for VSD 3.3.