Page MenuHome GnuPG
Create Task
Maniphest T6886

gpgpass: First start user experience improvements
Open, NormalPublic
Actions

Description

So in Kleopatra we moved away from Wizards for some time now. Still have them a bit but then reduced. Since the setup basically asks two questions:
a) Where should the folder tree live
b) To which certificates it should be encrypted

I think that this can be either reduced to a single page or skipped altogether. No one needs welcome or finish pages ;). Where we at the top you select the dir and below that the key. For the key I would suggest linking in libkleo and use the certificatecombobox. We probably need that, anyway if we want to support group keys.
If there is only one secret, valid key available I would skip that page altogether and just use that key. That should be the most common case.

The problem with adding libkleo widgets is that is that this then involves the keycache of Kleopatra which will also list S/MIME certificates and that can take a while.

Regarding the folder. I would suggest to just use the homedir/password-store on windows and homedir/.password-store on linux. On windows we should drop the . in the beginning as it just looks weird to the unknown user and to users that understand Linux it looks like "they wanted to create a hidden folder but did not do it". I guess .password-store is chosen for compatibility with qtpass default? Otherwise I would make it more verbose like "gnupg-password-store" to make it more clear that this belongs to the "GnuPG Password Manager".

For adding a folder I would use the standard Qt Folder selection dialog (which is the windows folder select dialog on windows), this allows you to create a new folder. And this will make it clear where it lives in the filesystem. It does not make much sense to me to have subfolders below your personal homedir password-store. To me it makes most sense to have a personal store that is encrypted only to your key in your Homedir and then some other folders encrypted for others, too in other dirs.

When I think of different folders I think more of different access groups for the folders and then it makes sense to use some shared filesystem location for them. This would also make it easy for users to add a common, existing folder. Also the new folder dialog says "New File" in the title.

For me on Windows adding a password did not work, works fine on linux I need to check the debug output why though.

This was just some first impression test.

Event Timeline

aheinecke triaged this task as Normal priority.Dec 12 2023, 5:02 PM
aheinecke created this task.
svuorela added a comment.Dec 13 2023, 12:03 PM

There is lot of separate things in here. I'll do a couple of different comments per thing

Password store
It should default to $home/.password-store/ on linux and no dot on linux
https://dev.gnupg.org/source/gpgpass/browse/master/src/util.cpp$23

This code is inherited from QtPass and is also chosen by both me and QtPass to be compatible with pass(1) (https://www.passwordstore.org/)

I do also think it makes likely sense to have ~/.password-store/ only encrypted to your private key(s) and shared stores elsewhere (profiles)

svuorela added a comment.Dec 13 2023, 12:17 PM

First start wizard

QtPass had a first start wizard, just made of random QMessageBox'es, and the code was kind of geared to wanting to be setup.

It also looks like you haven't noticed the first data input page; that's only shown if number of secret keys is 0 and offers you to create a key.

Some of my later restructuring does work with a uninitialized password store and offers to initialize with specific keys, so the "select keys" part of the wizard could at least be dropped.

If we hardcode the initial password store to the "suggested one", I guess that one could also be dropped and people could go to profiles to modify it and add shared bits.

I do think we do need some kind of annoyance popup if number of secret keys is zero during first start, and somehow guide the user to key creation.

svuorela added a comment.Dec 13 2023, 12:22 PM

File dialogs
Code does use the standard Qt File dialog, but I_think I should redo it to use the static methods instead because that let the backend take over.