Page MenuHome GnuPG

Kleopatra: Make designated revoker configurable for new keys
Closed, WontfixPublic


An Administrator in an organisation should be able through the registry (kleopatrarc registry config mechanism) to set a key as a designated revoker for all newly created keys. This will mean adding support for ‐‐add‐desig‐revoker to GPGME.

Event Timeline

aheinecke created this task.
TobiasFella moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Jan 23 2024, 11:42 AM
TobiasFella changed the task status from Open to Testing.Feb 15 2024, 9:05 AM

this has been implemented since february 2023 in all gnupg versions

werner changed the task status from Testing to Open.May 22 2024, 6:23 PM
werner added a project: gnupg22.
werner added a subscriber: werner.

Although it is implemented in gnupg-2.2 we should add another feature: Iff this option is configured, gpg shall try to load the requested key from LDAP in the same manner as it does for a trusted-key.

I think it would be cleaner to create a separate ticket for making gpg fetch the requested key from LDAP.

ebo removed projects: gnupg22, Restricted Project, vsd33.
ebo added a subscriber: ebo.

I've moved the gpg task to a new ticket, T7133: Add feature to load designated revoker from LDAP
The Kleopatra task is obsolete, as it was noticed that the proposed option is already in gpg and should not be implemented twice.