Page MenuHome GnuPG
Create Task
Maniphest T6870

Kleopatra: Improve representation of signature verification result in case of multiple signatures
Open, NormalPublic
Actions

Description

Related to T6869 and to T6867

It is possible to combine two signatures in a .sig file. But the representation of the results is not good if one or both signatures are invalid.

If the first signature in a file is invalid, only the result for that one is displayed:

If the first one is valid, both results are shown, but you have to look closely to see which signature was invalid:

Ideally, one would always be presented with both results and see at a glance which signature is valid and which not.

Related Objects

Event Timeline

ebo triaged this task as Wishlist priority.Dec 8 2023, 3:28 PM
ebo created this task.
ikloecker added a subscriber: ikloecker.Dec 8 2023, 5:38 PM

gpg's output indicates that gpg exits on the first invalid signature. This cannot be changed by Kleopatra. And I think it's irrelevant whether there are valid signatures if one signature is invalid. If you have a contract signed by multiple people then the contract won't be valid because two of three signatures are valid.

werner raised the priority of this task from Wishlist to Normal.Jun 17 2024, 3:45 PM
ikloecker added a comment.Jun 17 2024, 4:39 PM

I checked who eats the second valid signature after the first invalid one. It's gpg in batch mode.

gpg (2.4.6-beta) with batch mode:

$ gpg --batch --status-fd 2 --exit-on-status-write-error --verify verify-me.txt.sig verify-me.txt
[GNUPG:] NEWSIG
gpg: Signature made Mo 17 Jun 2024 16:21:28 CEST
gpg:                using RSA key 5F4C389C9265ABDE08B21CEA41FAC215ADE1CB46
[GNUPG:] KEY_CONSIDERED 5F4C389C9265ABDE08B21CEA41FAC215ADE1CB46 0
[GNUPG:] KEY_CONSIDERED 5F4C389C9265ABDE08B21CEA41FAC215ADE1CB46 0
[GNUPG:] BADSIG 41FAC215ADE1CB46 Ted Tester <ted.tester@demo.gnupg.com>
gpg: BAD signature from "Ted Tester <ted.tester@demo.gnupg.com>" [unknown]
[GNUPG:] FAILURE gpg-exit 33554433

gpg without batch mode:

$ gpg --status-fd 2 --exit-on-status-write-error --verify verify-me.txt.sig verify-me.txt
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
[GNUPG:] NEWSIG
gpg: Signature made Mo 17 Jun 2024 16:21:28 CEST
gpg:                using RSA key 5F4C389C9265ABDE08B21CEA41FAC215ADE1CB46
[GNUPG:] KEY_CONSIDERED 5F4C389C9265ABDE08B21CEA41FAC215ADE1CB46 0
[GNUPG:] KEY_CONSIDERED 5F4C389C9265ABDE08B21CEA41FAC215ADE1CB46 0
[GNUPG:] BADSIG 41FAC215ADE1CB46 Ted Tester <ted.tester@demo.gnupg.com>
gpg: BAD signature from "Ted Tester <ted.tester@demo.gnupg.com>" [unknown]
[GNUPG:] NEWSIG
gpg: Signature made Mo 17 Jun 2024 15:52:13 CEST
gpg:                using RSA key 8EB9CBACA389D28CAA3CA15C1F5C8972CE8BFED7
[GNUPG:] KEY_CONSIDERED 8EB9CBACA389D28CAA3CA15C1F5C8972CE8BFED7 0
[GNUPG:] SIG_ID gsL8M7fTg6K9VLxI49P1Kir/qm8 2024-06-17 1718632333
[GNUPG:] KEY_CONSIDERED 8EB9CBACA389D28CAA3CA15C1F5C8972CE8BFED7 0
[GNUPG:] GOODSIG 1F5C8972CE8BFED7 edward.tester@demo.gnupg.com
gpg: Good signature from "edward.tester@demo.gnupg.com" [ultimate]
[GNUPG:] VALIDSIG 8EB9CBACA389D28CAA3CA15C1F5C8972CE8BFED7 2024-06-17 1718632333 0 4 0 1 8 00 8EB9CBACA389D28CAA3CA15C1F5C8972CE8BFED7
[GNUPG:] TRUST_ULTIMATE 0 pgp
[GNUPG:] FAILURE gpg-exit 33554433
ikloecker mentioned this in T5846: Kleopatra: File operation resultlistwidget accessibility.Jun 20 2024, 2:09 PM