Page MenuHome GnuPG
Create Task
Maniphest T6882

Make ADSK configurable for new keys
Closed, ResolvedPublic
Actions

Description

The usecase for ADSK is mostly that in an organisation the Admistration will set an ADSK throgh the Windows registry for new keys. So T6879: Kleopatra: Add support for adding an ADSK is more of a fallback for existing keys. We should read that from the config when generating a new key, Similar to T6881: Kleopatra: Make designated revoker configurable for new keys and automatically add such a subkey for newly generated keys if it is configured.

Revisions and Commits

rG GnuPG
rG1123be6ad659 gpg: Change the ADSK key binding time to the current time.
rG6c58694a885b gpg: Allow the use of an ADSK subkey as ADSK subkey.
rG794950ec755e gpg: Allow the use of an ADSK subkey as ADSK subkey.
rGd30e34569244 gpg: Allow the use of an ADSK subkey as ADSK subkey.
rGf1e1cb0767a1 gpgconf: Allow listing of some new options
rGecda4b1e1694 gpg: Add magic parameter "default" to --quick-add-adsk.
rGeafe17532069 gpg: New option --default-new-key-adsk and "addadsk" for edit-key.
rG4d901904d7f6 gpgconf: Allow listing of some new options
rGdf977729ff38 gpgconf: Allow listing of some new options
rGce75af47eba8 gpg: Add magic parameter "default" to --quick-add-adsk.
rGc6cecbd89a76 gpg: New option --default-new-key-adsk.
rG77afc9ee1c75 gpg: Add magic parameter "default" to --quick-add-adsk.
rGed118e2ed521 gpg: New option --default-new-key-adsk.

Related Objects
Search...

Event Timeline

aheinecke triaged this task as Normal priority.Dec 12 2023, 9:29 AM
aheinecke created this task.
aheinecke added a subtask: T6880: GPGME (++/qt): Add support for --quick-add-adsk.
TobiasFella moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Jan 23 2024, 11:42 AM
TobiasFella moved this task from Backlog to WiP on the vsd33 board.Feb 15 2024, 8:56 AM
werner moved this task from WiP to Backlog on the vsd33 board.Apr 30 2024, 2:47 PM
ikloecker set External Link to https://invent.kde.org/pim/kleopatra/-/merge_requests/94.May 8 2024, 10:15 AM
werner renamed this task from Kleopatra: Make ADSK configurgurable for new keys to Make ADSK configurgurable for new keys.May 22 2024, 6:18 PM
werner removed TobiasFella as the assignee of this task.
werner edited projects, added gnupg22; removed kleopatra.
werner added a subscriber: TobiasFella.
werner added a subscriber: werner.

This should not be configured in Kleopatra but an option to gpg because this is a core crypto functionality. Thus is now a gpg task.

ikloecker removed External Link.May 22 2024, 9:23 PM
werner added a comment.Jun 3 2024, 6:52 PM

Done for 2.6.

werner added a commit: rGed118e2ed521: gpg: New option --default-new-key-adsk..Jun 3 2024, 7:08 PM
alexk added a subtask: T6879: Kleopatra: Add support for adding an ADSK.Jun 4 2024, 11:13 AM
ikloecker removed subtasks: T6879: Kleopatra: Add support for adding an ADSK, T6880: GPGME (++/qt): Add support for --quick-add-adsk.Jun 4 2024, 1:40 PM
ikloecker added a parent task: T6879: Kleopatra: Add support for adding an ADSK.
werner added a commit: rG77afc9ee1c75: gpg: Add magic parameter "default" to --quick-add-adsk..Jun 5 2024, 5:03 PM
werner added a comment.Jun 5 2024, 5:04 PM

Now also with support for --quick-add-adsk in 2.6. This will work also for gpgme without further changes.

ikloecker renamed this task from Make ADSK configurgurable for new keys to Make ADSK configurable for new keys.Jun 7 2024, 2:49 PM
ikloecker added a subscriber: ikloecker.Jun 17 2024, 10:25 AM

It would be helpful if gpgconf --list-options gpg listed the default-new-key-adsk option so that Kleopatra knows whether the option is set.

werner added a commit: rGc6cecbd89a76: gpg: New option --default-new-key-adsk..Jul 1 2024, 3:13 PM
werner added a commit: rGce75af47eba8: gpg: Add magic parameter "default" to --quick-add-adsk..
werner added a commit: rGdf977729ff38: gpgconf: Allow listing of some new options.Jul 1 2024, 3:46 PM
werner added a commit: rG4d901904d7f6: gpgconf: Allow listing of some new options.
werner added a comment.Jul 1 2024, 3:47 PM

Backported to 2.4. Options are now listed with gpgconf.

werner mentioned this in T7189: Release GnuPG 2.5.0.Jul 5 2024, 2:42 PM
ebo added a project: gnupg24.Aug 2 2024, 10:35 AM
ebo moved this task from Backlog to WiP on the gnupg24 board.
ebo changed the task status from Open to Testing.Aug 2 2024, 10:37 AM
ebo added a subscriber: ebo.

Status is testing for 2.4, no backport yet for 2.2, so there it stays in the backlog column

werner moved this task from Backlog to WiP on the gnupg22 board.Sep 26 2024, 11:05 AM

Backported to 2.2

werner added a commit: rGeafe17532069: gpg: New option --default-new-key-adsk and "addadsk" for edit-key..Sep 26 2024, 11:06 AM
werner added a commit: rGecda4b1e1694: gpg: Add magic parameter "default" to --quick-add-adsk..
ebo moved this task from WiP to QA on the gnupg22 board.Sep 26 2024, 4:04 PM
ikloecker added a comment.Sep 26 2024, 4:14 PM

werner: Can you also backport listing of "default-new-key-adsk" with gpgconf so that Kleopatra can check whether a default ADSK is set?

werner added a comment.Sep 27 2024, 11:39 AM

Will do.

werner added a commit: rGf1e1cb0767a1: gpgconf: Allow listing of some new options.Oct 1 2024, 10:01 AM
werner added a comment.Oct 1 2024, 10:05 AM

Done for 2.2. It is already in 2.4.

While testing this I noticed that only the last adsk or trusted key is listed. Thus several assurances of this options are not properly represented. See T7313

ikloecker added a comment.Oct 1 2024, 1:33 PM
In T6882#191854, @werner wrote:

While testing this I noticed that only the last adsk or trusted key is listed. Thus several assurances of this options are not properly represented. See T7313

For our use case in Kleopatra we only need to know if any ADSK is configured or not.

werner mentioned this in T7255: Release GnuPG 2.2.45.Oct 1 2024, 1:59 PM
werner removed a project: vsd33.Oct 4 2024, 11:34 AM
werner removed a project: Restricted Project.
werner moved this task from QA to gnupg-2.2.45 on the gnupg22 board.
werner edited projects, added gnupg22 (gnupg-2.2.45); removed gnupg22.
ebo added a subtask: T7322: Kleopatra: General error if ADSK is not configured correctly.Oct 4 2024, 4:35 PM
ebo added a comment.Oct 4 2024, 4:42 PM

Tested with VS-Desktop-3.2.94.2-Beta.
Works as expected on the cli.

werner mentioned this in T7030: Release GnuPG 2.4.6.Oct 21 2024, 3:29 PM
werner closed this task as Resolved.Oct 29 2024, 12:54 PM
werner claimed this task.
werner moved this task from WiP to 2.4.6 on the gnupg24 board.
werner edited projects, added gnupg24 (2.4.6); removed gnupg24.
werner added a commit: rGd30e34569244: gpg: Allow the use of an ADSK subkey as ADSK subkey..Oct 31 2024, 3:11 PM
werner added a commit: rG794950ec755e: gpg: Allow the use of an ADSK subkey as ADSK subkey..
werner added a commit: rG6c58694a885b: gpg: Allow the use of an ADSK subkey as ADSK subkey..Oct 31 2024, 3:29 PM
ebo changed the status of subtask T7322: Kleopatra: General error if ADSK is not configured correctly from Open to Testing.Nov 4 2024, 10:42 AM
werner mentioned this in T7353: Release GnuPG 2.4.7.Nov 25 2024, 12:27 PM
werner mentioned this in T7289: Release GnuPG 2.5.2.Dec 5 2024, 11:47 AM
werner mentioned this in T7314: Release GnuPG 2.2.46.Jan 7 2025, 10:37 AM
ebo closed subtask T7322: Kleopatra: General error if ADSK is not configured correctly as Resolved.Feb 11 2025, 4:21 PM
werner added a comment.Wed, Aug 27, 4:01 PM

We should change the key binding time from the ADSK creation time to the current time or the time the other self-signatures use.

werner added a commit: rG1123be6ad659: gpg: Change the ADSK key binding time to the current time..Wed, Aug 27, 4:02 PM
werner mentioned this in T7756: Release GnuPG 2.5.12.Tue, Sep 2, 2:55 PM