Kleopatra: Improve verification results messages (esp. for invalid signature and multiple signatures)
Open, NormalPublic
Actions

Assigned To

Authored By

	• ebo
	Dec 8 2023, 3:02 PM

Description

This is the validation result if you sign a file and after that change its content:

I think the wording could be improved. We should at least add some more information, as IMHO for a user the combination of "The signature is VS-NfD compliant" and "The signature is invalid: Invalid Signature" is contradictory. As well as linguistically ugly with the doubling of "invalid".

Edit (2024-06-18):

We decided to overhaul the message completely, not only for invalid signatures, but for the valid ones, too and combined decrypt/verify.

Edit (2024-09-16):
Todo:

remove the summary for all signatures as a whole
font color should always be black
remove the import / search buttons, instead make the fingerprints link to either search window or the certificate details
we need a substructure for the signatures in order to
- color the background of every verification result separately: green, red, white (maybe only a colored bar in front of the result instead or additionally)
- put an icon in front of the verification result
show no text "not VS-NfD compliant" for invalid signatures
keep the text for the results easy to comprehend even if read by screen reader (important info first etc)
possibly sort the signatures in some way

Note (not only) for testing: Check out

single signatures valid/invalid
multiple signatures with combinations of valid/invalid

Revisions and Commits

rLIBKLEO Libkleo
	rLIBKLEO5f1c9a633065 Formatting::prettySignature: Linkify unknown certificates
	rLIBKLEOb173008115cb Formatting::prettySignature: Linkify unknown certificates
	rLIBKLEOac483c7d9516 Formatting::prettySignature: Linkify unknown certificates
	rLIBKLEO689d05699bb4 Formatting::prettySignature: Linkify unknown certificates
	rLIBKLEO4b6d20817375 FileNameRequester: Add API for setting the button's tooltip
	rLIBKLEO8c4492b93f47 Formatting::prettySignature: Linkify unknown certificates
	rLIBKLEO556d332f99c4 FileNameRequester: Add API for setting the button's tooltip
	rLIBKLEO5d1256c6ae04 Formatting::prettySignature: Linkify unknown certificates
	rLIBKLEO85b104793306 FileNameRequester: Add API for setting the button's tooltip
	rLIBKLEO40b725ddc9b9 FileNameRequester: Add API for setting the button's tooltip
	rLIBKLEOdeeb33a26a52 Only show compliance info for signatures that are valid
	rLIBKLEO0a8c1ce5b52a Only show compliance info for signatures that are valid
rKLEOPATRA Kleopatra
	rKLEOPATRA09d1d72b8323 Use custom texts for the notepad's result messages
	rKLEOPATRA6063fe1bef1a Use custom texts for the notepad's result messages
	rKLEOPATRA70ff366f6bce Use custom texts for the notepad's result messages
	rKLEOPATRA5082069855f9 Use custom texts for the notepad's result messages
	rKLEOPATRA0c652f7facb2 Overhaul labels for encryption & signing / decrpytion & verification results
	rKLEOPATRA829387e978fa Overhaul labels for encryption & signing / decrpytion & verification results
	rKLEOPATRAc8c6920d2f61 Overhaul labels for encryption & signing / decrpytion & verification results
	rKLEOPATRA009cf47f2bb4 Overhaul labels for encryption & signing / decrpytion & verification results
	rKLEOPATRA05681946fefb Overhaul labels for encryption & signing / decrpytion & verification results
	rKLEOPATRAeb4f8101f465 Remove Task::icon and related functions
	rKLEOPATRAd2496ed929db Remove Task::icon and related functions

Related Objects
Search...

		Status	Assigned	Task
		Open	• TobiasFella	T6869 Kleopatra: Improve verification results messages (esp. for invalid signature and multiple signatures)
		Open	• TobiasFella	T7341 Kleopatra: Improve notepad result messages

Event Timeline

• ebo triaged this task as Wishlist priority.Dec 8 2023, 3:02 PM

• ebo created this task.

• ebo mentioned this in T6870: Kleopatra: Improve representation of signature verification result in case of multiple signatures.Dec 8 2023, 3:28 PM

The part after the colon in "The signature is invalid: Invalid Signature" is the error returned by gpg that's responsible for the invalid signature. It could potentially be some other reason. Of course, we can simply not show the error anymore. Obviously, this would remove some details, but maybe that's okay. People could still look at the audit protocol for further information.

I don't really think it's a good idea to speculate about the reason for the invalid signature. An invalid signature has to raise a red flag. Always. If people start to ignore invalid signatures then all hope is lost.

It is trivial append a bogus signature and would thuns inhibit to check the expected signature.

In reply to Ingo:
Ok, I can live with that but I still would like this message to be improved.
Looking at it some more I noticed some other details which bother me:

a) In contrast to in a "Valid Signature" message (which seems to be always on a new line), there is no line break before "Invalid Signature"
b) The text continues in the new paragraph with "With certificate:". But there is no line "Signature created on $DATE" before that which makes the meaning unclear. Could we print that line here, too? And only prepend it with "Invalid" to not cause confusion? -> "Invalid signature created on $DATE"
c) Red text on a red tinted background is not really good for a11y …

A minimal fix would be:

Line break before the "Invalid Signature" (so it's the same formatting as with valid signatures)
Then after the space a line "Invalid Signature with the certificate:"
Delete the lines below the certificate.

But we decided to wait and completely rework those messages (invalid and valid) and make them better to grasp at a glance.
To be continued…

• ebo renamed this task from Kleopatra: Improve information in case of invalid signature to Draft: Kleopatra: Improve verification results messages (especially in case of invalid signature).Jun 18 2024, 2:46 PM

• ebo updated the task description. (Show Details)

• ebo added a subscriber: • alexk.

• ikloecker mentioned this in T5846: Kleopatra: File operation resultlistwidget accessibility.Jun 20 2024, 2:11 PM

current plan after discussion today is as follows:

remove the summary for all signatures as a whole
font color should always be black
remove the import / search buttons, instead make the fingerprints link to either search window or the certificate details
we need a substructure for the signatures in order to
- color the background of every verification result separately: green, red, white (maybe only a colored bar in front of the result instead or additionally)
- put an icon in front of the verification result
show no text "not VS-NfD compliant" for invalid signatures
keep the text for the results easy to comprehend even if read by screen reader (important info first etc)
possibly sort the signatures in some way

• ebo renamed this task from Draft: Kleopatra: Improve verification results messages (especially in case of invalid signature) to Kleopatra: Improve verification results messages (esp. for invalid signature and multiple signatures).Sep 16 2024, 12:38 PM

• ebo raised the priority of this task from Wishlist to Normal.

• ebo updated the task description. (Show Details)

• TobiasFella added a commit: rLIBKLEO0a8c1ce5b52a: Only show compliance info for signatures that are valid.Sep 17 2024, 10:46 AM

• TobiasFella added a commit: rLIBKLEOdeeb33a26a52: Only show compliance info for signatures that are valid.Sep 18 2024, 9:33 AM