Page MenuHome GnuPG
Create Task
Maniphest T6870

Kleopatra: Improve representation of signature verification result in case of multiple signatures
Closed, ResolvedPublic
Actions

Description

Related to T6869 and to T6867

It is possible to combine two signatures in a .sig file. But the representation of the results is not good if one or both signatures are invalid.

If the first signature in a file is invalid, only the result for that one is displayed:

If the first one is valid, both results are shown, but you have to look closely to see which signature was invalid:

Ideally, one would always be presented with both results and see at a glance which signature is valid and which not.

Related Objects
Search...

Event Timeline

ebo triaged this task as Wishlist priority.Dec 8 2023, 3:28 PM
ebo created this task.
ikloecker added a subscriber: ikloecker.Dec 8 2023, 5:38 PM

gpg's output indicates that gpg exits on the first invalid signature. This cannot be changed by Kleopatra. And I think it's irrelevant whether there are valid signatures if one signature is invalid. If you have a contract signed by multiple people then the contract won't be valid because two of three signatures are valid.

werner raised the priority of this task from Wishlist to Normal.Jun 17 2024, 3:45 PM
ikloecker added a comment.Jun 17 2024, 4:39 PM

I checked who eats the second valid signature after the first invalid one. It's gpg in batch mode.

gpg (2.4.6-beta) with batch mode:

$ gpg --batch --status-fd 2 --exit-on-status-write-error --verify verify-me.txt.sig verify-me.txt
[GNUPG:] NEWSIG
gpg: Signature made Mo 17 Jun 2024 16:21:28 CEST
gpg:                using RSA key 5F4C389C9265ABDE08B21CEA41FAC215ADE1CB46
[GNUPG:] KEY_CONSIDERED 5F4C389C9265ABDE08B21CEA41FAC215ADE1CB46 0
[GNUPG:] KEY_CONSIDERED 5F4C389C9265ABDE08B21CEA41FAC215ADE1CB46 0
[GNUPG:] BADSIG 41FAC215ADE1CB46 Ted Tester <ted.tester@demo.gnupg.com>
gpg: BAD signature from "Ted Tester <ted.tester@demo.gnupg.com>" [unknown]
[GNUPG:] FAILURE gpg-exit 33554433

gpg without batch mode:

$ gpg --status-fd 2 --exit-on-status-write-error --verify verify-me.txt.sig verify-me.txt
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
[GNUPG:] NEWSIG
gpg: Signature made Mo 17 Jun 2024 16:21:28 CEST
gpg:                using RSA key 5F4C389C9265ABDE08B21CEA41FAC215ADE1CB46
[GNUPG:] KEY_CONSIDERED 5F4C389C9265ABDE08B21CEA41FAC215ADE1CB46 0
[GNUPG:] KEY_CONSIDERED 5F4C389C9265ABDE08B21CEA41FAC215ADE1CB46 0
[GNUPG:] BADSIG 41FAC215ADE1CB46 Ted Tester <ted.tester@demo.gnupg.com>
gpg: BAD signature from "Ted Tester <ted.tester@demo.gnupg.com>" [unknown]
[GNUPG:] NEWSIG
gpg: Signature made Mo 17 Jun 2024 15:52:13 CEST
gpg:                using RSA key 8EB9CBACA389D28CAA3CA15C1F5C8972CE8BFED7
[GNUPG:] KEY_CONSIDERED 8EB9CBACA389D28CAA3CA15C1F5C8972CE8BFED7 0
[GNUPG:] SIG_ID gsL8M7fTg6K9VLxI49P1Kir/qm8 2024-06-17 1718632333
[GNUPG:] KEY_CONSIDERED 8EB9CBACA389D28CAA3CA15C1F5C8972CE8BFED7 0
[GNUPG:] GOODSIG 1F5C8972CE8BFED7 edward.tester@demo.gnupg.com
gpg: Good signature from "edward.tester@demo.gnupg.com" [ultimate]
[GNUPG:] VALIDSIG 8EB9CBACA389D28CAA3CA15C1F5C8972CE8BFED7 2024-06-17 1718632333 0 4 0 1 8 00 8EB9CBACA389D28CAA3CA15C1F5C8972CE8BFED7
[GNUPG:] TRUST_ULTIMATE 0 pgp
[GNUPG:] FAILURE gpg-exit 33554433
ikloecker mentioned this in T5846: Kleopatra: File operation resultlistwidget accessibility.Jun 20 2024, 2:09 PM
werner mentioned this in T7261: Option to process all signatures in --batch mode.Aug 20 2024, 4:37 PM
werner closed subtask T7261: Option to process all signatures in --batch mode as Resolved.Aug 23 2024, 11:51 AM
ikloecker claimed this task.Aug 26 2024, 9:34 AM
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Aug 26 2024, 10:40 AM
ikloecker added a commit: rKLEOPATRA8956f3bbf676: Enable checking of all data signatures.Aug 26 2024, 4:48 PM
ikloecker mentioned this in T7273: Kleopatra: Always show the verfication results of all signatures even if some signatures are bad.Aug 26 2024, 4:59 PM
ikloecker added a commit: rM409e31458227: qt: Add support for new context flag "proc-all-sigs".Aug 26 2024, 4:59 PM
ikloecker removed ikloecker as the assignee of this task.Aug 26 2024, 5:00 PM
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.

I have created subtask T7273 for fixing the problem that sometimes not all verification results are shown.

ikloecker removed commits: rM409e31458227: qt: Add support for new context flag "proc-all-sigs", rKLEOPATRA8956f3bbf676: Enable checking of all data signatures.Aug 26 2024, 5:01 PM
ikloecker changed the status of subtask T7273: Kleopatra: Always show the verfication results of all signatures even if some signatures are bad from Open to Testing.
ebo closed this task as Resolved.Sep 16 2024, 12:42 PM
ebo claimed this task.
ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.

Closing this ticket as what remains open is practically a duplicate of T6869

ikloecker mentioned this in T7395: Prepare Release Notes for Gpg4win 4.4.0 for Kleopatra.Nov 14 2024, 9:23 AM