Page MenuHome GnuPG

Kleopatra: Hide non-matching keygroups when using a key filter
Closed, ResolvedPublic

Description

Currently, all key filters always show all key groups, even when none of their keys matches the filter.

I'm not sure whether a group should be considered "matching" when some of the keys match (but not all), but the current behavior feels broken.

Event Timeline

ebo renamed this task from Hide non-matching keygroups when using a key filter to Kleopatra: Hide non-matching keygroups when using a key filter.Feb 6 2024, 10:45 AM
ebo added a project: Restricted Project.
aheinecke added a subscriber: aheinecke.

Yes I think that some keys must match, e.g. if you filter for S/MIME you only want to see groups where at least one S/MIME certificate is part of the group. Or for expired to see if there are groups with expired certificates in them.

I'm wondering whether we didn't do this for a reason. Currently, groups are only used in the certificate line edit. Didn't we want to show all groups to give the user the chance to notice a group containing an unsuitable key? If we filter out the group then the user will have a much harder time to find out why the group isn't offered. Things may be different for the key selection combo box which is primarily (or exclusively?) used for the user's own keys without even offering groups.

Update: I checked the code. We currently only check for expiry, but we don't seem to check if a group is actually usable for encryption so the user will probably only notice that there's a problem when they try to encrypt.

I think I haven't been clear enough about the issue for this ticket, sorry about that. My main concern here is that in Kleopatra's Certificate Selection Dialog, the key filters don't filter the keygroups at all, i.e., if i select the "OpenPGP Certificates" filter, a group containing only SMIME keys is still visible.

Update: I checked the code. We currently only check for expiry, but we don't seem to check if a group is actually usable for encryption so the user will probably only notice that there's a problem when they try to encrypt.

Is also an excellent point

In the Certificate Selection Dialog where the user controls the filter it makes sense to apply them also to key groups. The only question is how, i.e. with all_of or with any_of? I'm leaning towards any_of, e.g. if "OpenPGP Certificates" is selected then all key groups are shown that contain at least one OpenPGP certificate. This would also address my concern that key groups could be hidden if they contain an unsuitable key because they would only be hidden if all keys are unsuitable.

TobiasFella moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Feb 15 2024, 8:59 AM
TobiasFella changed the task status from Open to Testing.Feb 15 2024, 9:03 AM
ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Oct 1 2024, 3:55 PM
ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Nov 12 2024, 11:02 AM

Gpg4win-Beta-75:
Works. The filters are also applied to groups now and match groups even if not all certificates in them conform to the filter rule.
Tested with OpenPGP ans S/MIME filters.