Page MenuHome GnuPG

Kleopatra: Process for multiple detatched signatures of a file
Testing, HighPublic

Description

We should support the following usecase in Kleopatra:

A document has to be signed (OpenPGP) by two (or possibly more) different persons.
In order for a one-click verification by the recipient of the document we need one signature file with both signatures. And it needs to have only the expected document name in it's filename before the ".sig".

At the moment it is only possible to concatenate signature files on the cli, which is not very user friendly.

Edit (2024-06-17):
The concatenation is trivial, because the signatures are binary they can simply be concatenated.
Add an extra button "Append" in the overwrite dialog. Before concatenating it might be useful to first use gpgme_op_identify to assert that the first is really a signature. The validation of the first signature is not necessary at that point.

Old:
Would it be possible - if we find a signature already next to a document - to ask if we want to replace the signature or to add a new one in the same file?
For this we should check first, if the first signature is valid. If invalid we would offer replacement only.

Event Timeline

What if the second signer cannot verify the first signature because they don't have the required public key?

aheinecke added a subscriber: aheinecke.

What if the second signer cannot verify the first signature because they don't have the required public key?

In that case I would say we override. For a signature I would not even ask the user if it should be replaced. Since why would you sign something that is already signed other then updating / replacing the signature?
The usecase for concatenation here is to countersign a document and for that you need to validate the first signature IMO, too. But you also don't really want to do that in case of large files, say > 10mb in that case you might just want to ask, add or replace.

aheinecke lowered the priority of this task from Normal to Wishlist.Dec 11 2023, 2:04 PM

Wishlist as the other tasks realted to that are also wishlist and this would be a new feature.

ebo raised the priority of this task from Wishlist to High.Mon, Jun 17, 3:23 PM
ebo added a project: vsd33.

After discussion we concluded that showing all signatures in one detached signature file is something we want soon.

Concatenation signatures is trivial, because binary they can simply be concatenated.

We want an extra button in the overwrite dialog. Before concatenating it might be useful to first use gpgme_op_identifiy to assert that the first is really a signature. The validation of the first signature is not necessary.

In T6867#187289, @ebo wrote:

After discussion we concluded that showing all signatures in one detached signature file is something we want soon.

Kleopatra does already show all signatures in a detached signature file.

Only the creation of detached signature files with multiple signatures is missing.

sorry, imprecise phrasing … we want this to be used in practice, which includes making the creation of a combined signature file easier.

ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker changed the task status from Open to Testing.Wed, Jun 19, 11:07 AM
ikloecker moved this task from Backlog to WiP on the vsd33 board.

Ready for testing. Backported for VSD 3.3.