Page MenuHome GnuPG

gpgpass: First start user experience improvements
Closed, ResolvedPublic

Description

So in Kleopatra we moved away from Wizards for some time now. Still have them a bit but then reduced. Since the setup basically asks two questions:
a) Where should the folder tree live
b) To which certificates it should be encrypted

I think that this can be either reduced to a single page or skipped altogether. No one needs welcome or finish pages ;). Where we at the top you select the dir and below that the key. For the key I would suggest linking in libkleo and use the certificatecombobox. We probably need that, anyway if we want to support group keys.
If there is only one secret, valid key available I would skip that page altogether and just use that key. That should be the most common case.

The problem with adding libkleo widgets is that is that this then involves the keycache of Kleopatra which will also list S/MIME certificates and that can take a while.

Regarding the folder. I would suggest to just use the homedir/password-store on windows and homedir/.password-store on linux. On windows we should drop the . in the beginning as it just looks weird to the unknown user and to users that understand Linux it looks like "they wanted to create a hidden folder but did not do it". I guess .password-store is chosen for compatibility with qtpass default? Otherwise I would make it more verbose like "gnupg-password-store" to make it more clear that this belongs to the "GnuPG Password Manager".

For adding a folder I would use the standard Qt Folder selection dialog (which is the windows folder select dialog on windows), this allows you to create a new folder. And this will make it clear where it lives in the filesystem. It does not make much sense to me to have subfolders below your personal homedir password-store. To me it makes most sense to have a personal store that is encrypted only to your key in your Homedir and then some other folders encrypted for others, too in other dirs.

When I think of different folders I think more of different access groups for the folders and then it makes sense to use some shared filesystem location for them. This would also make it easy for users to add a common, existing folder. Also the new folder dialog says "New File" in the title.

For me on Windows adding a password did not work, works fine on linux I need to check the debug output why though.

This was just some first impression test.

Event Timeline

aheinecke created this task.

There is lot of separate things in here. I'll do a couple of different comments per thing

Password store
It should default to $home/.password-store/ on linux and no dot on linux
https://dev.gnupg.org/source/gpgpass/browse/master/src/util.cpp$23

This code is inherited from QtPass and is also chosen by both me and QtPass to be compatible with pass(1) (https://www.passwordstore.org/)

I do also think it makes likely sense to have ~/.password-store/ only encrypted to your private key(s) and shared stores elsewhere (profiles)

First start wizard

QtPass had a first start wizard, just made of random QMessageBox'es, and the code was kind of geared to wanting to be setup.

It also looks like you haven't noticed the first data input page; that's only shown if number of secret keys is 0 and offers you to create a key.

Some of my later restructuring does work with a uninitialized password store and offers to initialize with specific keys, so the "select keys" part of the wizard could at least be dropped.

If we hardcode the initial password store to the "suggested one", I guess that one could also be dropped and people could go to profiles to modify it and add shared bits.

I do think we do need some kind of annoyance popup if number of secret keys is zero during first start, and somehow guide the user to key creation.

File dialogs
Code does use the standard Qt File dialog, but I_think I should redo it to use the static methods instead because that let the backend take over.

Yeah this task is a bit bad as it does not really split this up into actionable tasks. But I found it obviously "ugly" (Since QWizards are ugly) and from a user experience standpoint outdated that I thought a general task would be enough to say that this must be changed and improved. The first start is the most important one and to be greeted by a wizard which I still am apparently where I don't really understand what the software wants from me is strange.

"Don't make me think." Imagine a very non technical person opening this for the first time. Does not know what a certificate is, does not know what a key is, does not have a private key pair themselfs.

They are used to double clicking a file and entering the password for the file. Or to Right click a file and enter the passphrase to encrypt it again. That is the persona we want this software to help in the first place. So we cannot use any expert terminology and have to do as much automatically as possible.
And at least in my opinion all wizards should die! Forward and back and then partially with only a single line input on on one page (this is just meant in general). Qt also managed to style them very uglyly on Windows and afaik according to Ingo they do not work well for accessibility.

@Carl Since you are at it and also have a Windows build available could you take a look at it not only on the technical level but also from a user experience standpoint. I mean of course in the end I would rather just have a "Store in gpgpass" option in pinentry to save a password but for now we can probably check fast and easy it is to solve a common usecase.

Like you get a file encrypted by mail.
And a password printed on a sheet of paper.
And your collegue says to you that you are allowed to use gpgpass to store that password.

And of course you don't have an asymmetric key yet. I am mostly commenting here since that was the ticket I had created regarding gpgpass and since carl currently is tasked to go over it some more, which is a bit unlucky regarding the timing since you are on leave right now. I wanted to update and clarify my comments.

If you want to use gpgpass without a secret key, the most I would offer, if at all, is the option to use a symmetric key instead.
Maybe like this:

GPGPass is designed to be used with a secret GPG key. 
You can generate one using Kleopatra and come back when you generated one.

Alternatively you can use a password (symmetric encryption).

Enter password: _________________________

Keep this password save!

IMHO, everything else will become to complicated.
When using a public key based password manager, you should have a basic idea of what you are doing.

No I don't think we should support that. I just meant that at first start we have to expect that the user does not have a secret key yet. And offer an easy way out of this by generating one.

Currently the software basically says: "Now go and generate a key with kleopatra and come back when you have done this"

IMO Gpgpass should link to libkleo for this, since that way we avoid most dialog / translation / code duplication.

I and most users don't read what software says and just click where I think I reach my goal fastest. If there are only instructions to do something I am unable to continue.

I created a merge request here https://invent.kde.org/carlschwan/gpgpass/-/merge_requests/3

The first start widget only displays two fields now: the storage location (pre-filled with ~/.password-store on linux and ~/password-store on Windows) and a "User Certificate:" field (prefilled with the "default-key" from gpg.conf) and allow to create a new key directly from gpgpass using the same certificate creation dialog as Kleopatra. In the usual case, the user should just have to click on save to get started.

CarlSchwan changed the task status from Open to Testing.Aug 14 2024, 12:06 PM
CarlSchwan moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.

This is now implemented