Page MenuHome GnuPG

Kleopatra: Improve representation of signature verification result in case of multiple signatures
Closed, ResolvedPublic

Description

Related to T6869 and to T6867

It is possible to combine two signatures in a .sig file. But the representation of the results is not good if one or both signatures are invalid.

If the first signature in a file is invalid, only the result for that one is displayed:

If the first one is valid, both results are shown, but you have to look closely to see which signature was invalid:

Ideally, one would always be presented with both results and see at a glance which signature is valid and which not.

Event Timeline

ebo triaged this task as Wishlist priority.Dec 8 2023, 3:28 PM
ebo created this task.

gpg's output indicates that gpg exits on the first invalid signature. This cannot be changed by Kleopatra. And I think it's irrelevant whether there are valid signatures if one signature is invalid. If you have a contract signed by multiple people then the contract won't be valid because two of three signatures are valid.

werner raised the priority of this task from Wishlist to Normal.Jun 17 2024, 3:45 PM

I checked who eats the second valid signature after the first invalid one. It's gpg in batch mode.

gpg (2.4.6-beta) with batch mode:

$ gpg --batch --status-fd 2 --exit-on-status-write-error --verify verify-me.txt.sig verify-me.txt
[GNUPG:] NEWSIG
gpg: Signature made Mo 17 Jun 2024 16:21:28 CEST
gpg:                using RSA key 5F4C389C9265ABDE08B21CEA41FAC215ADE1CB46
[GNUPG:] KEY_CONSIDERED 5F4C389C9265ABDE08B21CEA41FAC215ADE1CB46 0
[GNUPG:] KEY_CONSIDERED 5F4C389C9265ABDE08B21CEA41FAC215ADE1CB46 0
[GNUPG:] BADSIG 41FAC215ADE1CB46 Ted Tester <ted.tester@demo.gnupg.com>
gpg: BAD signature from "Ted Tester <ted.tester@demo.gnupg.com>" [unknown]
[GNUPG:] FAILURE gpg-exit 33554433

gpg without batch mode:

$ gpg --status-fd 2 --exit-on-status-write-error --verify verify-me.txt.sig verify-me.txt
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
[GNUPG:] NEWSIG
gpg: Signature made Mo 17 Jun 2024 16:21:28 CEST
gpg:                using RSA key 5F4C389C9265ABDE08B21CEA41FAC215ADE1CB46
[GNUPG:] KEY_CONSIDERED 5F4C389C9265ABDE08B21CEA41FAC215ADE1CB46 0
[GNUPG:] KEY_CONSIDERED 5F4C389C9265ABDE08B21CEA41FAC215ADE1CB46 0
[GNUPG:] BADSIG 41FAC215ADE1CB46 Ted Tester <ted.tester@demo.gnupg.com>
gpg: BAD signature from "Ted Tester <ted.tester@demo.gnupg.com>" [unknown]
[GNUPG:] NEWSIG
gpg: Signature made Mo 17 Jun 2024 15:52:13 CEST
gpg:                using RSA key 8EB9CBACA389D28CAA3CA15C1F5C8972CE8BFED7
[GNUPG:] KEY_CONSIDERED 8EB9CBACA389D28CAA3CA15C1F5C8972CE8BFED7 0
[GNUPG:] SIG_ID gsL8M7fTg6K9VLxI49P1Kir/qm8 2024-06-17 1718632333
[GNUPG:] KEY_CONSIDERED 8EB9CBACA389D28CAA3CA15C1F5C8972CE8BFED7 0
[GNUPG:] GOODSIG 1F5C8972CE8BFED7 edward.tester@demo.gnupg.com
gpg: Good signature from "edward.tester@demo.gnupg.com" [ultimate]
[GNUPG:] VALIDSIG 8EB9CBACA389D28CAA3CA15C1F5C8972CE8BFED7 2024-06-17 1718632333 0 4 0 1 8 00 8EB9CBACA389D28CAA3CA15C1F5C8972CE8BFED7
[GNUPG:] TRUST_ULTIMATE 0 pgp
[GNUPG:] FAILURE gpg-exit 33554433
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Aug 26 2024, 10:40 AM
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.

I have created subtask T7273 for fixing the problem that sometimes not all verification results are shown.

ebo claimed this task.
ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.

Closing this ticket as what remains open is practically a duplicate of T6869