Page MenuHome GnuPG

Kleopatra: Show which certificates in a group are not usable for encryption
Testing, NormalPublic


If encryption to a group fails (or even when creating a group) we need to make it easy for the users to check why the can not encrypt to a group. They need to see which key is to blame.

The "Edit Group" window would be a good place for that. Problems would become visible immediately on creation of the group. If a key in the group expires later and encryption to the group does not work any more, the user could then check the group menu.

Lets add a column "encryption possible" (name could be shorter, I admit) "usable" (tooltip "usable for encryption") on the left side with the icons "checkmark" (green, VSD compliant encryption possible), "!" (blue, possible but not compliant) and "X" (red, no encryption possible).
For not VSD versions only the green icon should be used for "encryption possible" and not the blue one.

We could then still allow to put all kinds of keys in the group, even revoked or sign-only keys. And T6722 would no longer be needed IMHO. To clarify that groups can only be used for encryption if no key has an X in the first column, we should add a short sentence near the top of the "edit group" window ~"If the group is to be used for encryption, no certificate with the icon X in the first column can be included." I'd like that info in fat print, to be more noticeable.

Event Timeline

aheinecke added a subscriber: aheinecke.

I don't think that we need to show which keys are compliant or not because that is already shown by the VS-NfD compliance status. And then we only have left the case where the keys are expired / revoked so a user could sort by validity to find out which ones are those.

Alternatively I would rather grey out the "save" button and say somewhere in the widget:
The following certificates cannot be used for encryption:
Please refresh them or remove them from the groups.

I don't think another column makes much sense since the validity column already contains the required information. I tend to give this low prio because at least in my opinion everything is already there to quickly find the offending certificates.

ebo raised the priority of this task from Low to Normal.Feb 15 2024, 9:49 AM

The validity column does not contain that information in case only the encryption subkey has expired.
As is the case if people extended an expired keypair via Kleopatra with VSD up to 3.1.26.

Additionally the expiry date does not jump out at you, a column with icons does.
As column title we would like "usable" with tooltip text "usable for encryption".

TobiasFella changed the task status from Open to Testing.Feb 21 2024, 2:17 PM
TobiasFella claimed this task.
TobiasFella moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.