Page MenuHome GnuPG
Create Task
Maniphest T6879

Kleopatra: Add support for adding an ADSK
Testing, NormalPublic
Actions

Description

So we now have deployed the ADSK feature in 3.2 https://gnupg.org/blog/20230321-adsk.html so we can assume that for 3.3 a lot of clients will have support for that.

In Kleopatra the UI needs to be different from just adding a General subkey though, you basically need a certificate line edit to select a public certificate which should be used as ADSK and clearly indicate "Warning: Every client with support for this will additionally encrypt to this certificate. This means that every message you will receive can also be decrypted by "$Key".

Details

External Link
https://invent.kde.org/pim/kleopatra/-/merge_requests/88

Revisions and Commits

rKLEOPATRA Kleopatra
rKLEOPATRA1066d4fa811b Show ADSK action for gpg > 2.4.5
rKLEOPATRA8cacef0344cd Only show ADSK action when an ADSK is configured in gpg
rKLEOPATRA5b1e1c9daffc Show ADSK action for gpg > 2.4.5
rKLEOPATRAc9c7e631a617 Show ADSK action for gpg > 2.4.5
rKLEOPATRAed5a68f51063 Only show ADSK action when an ADSK is configured in gpg
rKLEOPATRAf2fd3bfffb4e Implementing adding ADSKs

Related Objects
Search...

Event Timeline

aheinecke triaged this task as Normal priority.Dec 12 2023, 9:15 AM
aheinecke created this task.
aheinecke added a parent task: T6874: Kleopatra subkey management improvements.
aheinecke mentioned this in T6882: Make ADSK configurable for new keys.Dec 12 2023, 9:29 AM
TobiasFella moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Jan 3 2024, 2:29 PM
TobiasFella moved this task from Backlog to WiP on the vsd33 board.Feb 15 2024, 8:56 AM
werner moved this task from WiP to Backlog on the vsd33 board.Apr 30 2024, 2:47 PM
ikloecker set External Link to https://invent.kde.org/pim/kleopatra/-/merge_requests/88.May 8 2024, 10:12 AM
werner added a subscriber: werner.Jun 4 2024, 10:29 AM

Let us drop the option to select the ADSK and instead take them from the gpg.conf configured ADSK for new keys. Thus a simple dialog with a confirmation will be sufficient. We add some magic to gpgme to allow this with the adsk API. This solves the use-case to add ADSK to alread-existsing keys in the same way as they are added to new keys.

alexk added a subscriber: alexk.Jun 4 2024, 11:10 AM
alexk added a parent task: T6882: Make ADSK configurable for new keys.Jun 4 2024, 11:13 AM
ikloecker removed a parent task: T6882: Make ADSK configurable for new keys.Jun 4 2024, 1:40 PM
ikloecker added a subtask: T6882: Make ADSK configurable for new keys.
ikloecker added a subscriber: ikloecker.Jun 4 2024, 1:51 PM

Makes sense. Then default-new-key-adsk needs to be exported by gpgconf, so that gpgme/Kleopatra can use/show it.

ikloecker changed the status of subtask T6880: GPGME (++/qt): Add support for --quick-add-adsk from Open to Testing.Jun 7 2024, 2:47 PM
ikloecker mentioned this in T6880: GPGME (++/qt): Add support for --quick-add-adsk.
ebo added a subscriber: ebo.Jun 11 2024, 1:13 PM

Noticed when looking at the MR that there seems to be no error handling for the case that no ADSK is configured (or something is wrong with the configuration). At least I did not see any strings informing the user about an error.

Of course it would be much better to not display the "Add ADSK" action if there is no ADSK configured.
But Ingo said that Kleopatra does not know this, as gpgconf --list-options gpg does not provide this info.

Would it be possible to add this?
In that case we would only need to cover errors if the ADSK was not configured correctly (I assume gpg would return an appropriate error for this) or the configured certificate is not available. And we would not have to explain the action in more depth.

TobiasFella changed the task status from Open to Testing.Jun 24 2024, 9:50 AM
ikloecker changed the task status from Testing to Open.Mon, Jul 1, 7:53 PM
ikloecker added a commit: rKLEOPATRAf2fd3bfffb4e: Implementing adding ADSKs.

The option "default-new-key-adsk" of gpg can now be read with Kleo::getCryptoConfigEntry, so that we can check if an ADSK is actually configured to decide whether it makes sense to offer the "Add ADSK" action.

@TobiasFella Please add such a check.

TobiasFella added a commit: rKLEOPATRAed5a68f51063: Only show ADSK action when an ADSK is configured in gpg.Tue, Jul 2, 10:30 AM
TobiasFella added a commit: rKLEOPATRAc9c7e631a617: Show ADSK action for gpg > 2.4.5.
TobiasFella added a commit: rKLEOPATRA5b1e1c9daffc: Show ADSK action for gpg > 2.4.5.Tue, Jul 2, 10:34 AM
TobiasFella added a commit: rKLEOPATRA8cacef0344cd: Only show ADSK action when an ADSK is configured in gpg.Tue, Jul 2, 10:38 AM
TobiasFella added a commit: rKLEOPATRA1066d4fa811b: Show ADSK action for gpg > 2.4.5.
TobiasFella changed the task status from Open to Testing.Tue, Jul 2, 11:37 AM

Done: https://invent.kde.org/pim/kleopatra/-/merge_requests/236