Page MenuHome GnuPG
Create Task
Maniphest T6986

Refresh/update OpenPGP keys should check WKD
Open, HighPublic
Actions

Description

The "Refresh" button in the key details should always check on WKD if there are UIDs with mail addresses.
Edit 2025-02-05: The button in question is now labeled "Update", the same action available in the context menu now is named "Update certificates".

Therefore the call to gpg --refresh-keys needs to be replaced by something else.

The WKD search should be done even if origin is "unknown" and not "WKD". And regardless of whether a keyserver is configured or not.

Related Objects
Search...

Event Timeline

ebo created this task.Feb 9 2024, 3:11 PM
ebo added a parent task: T6935: Kleopatra: Key search and refresh related improvements.
aheinecke triaged this task as Low priority.Feb 14 2024, 10:29 AM
aheinecke added a subscriber: aheinecke.

Giving this the same priority as the parent task.

werner claimed this task.Feb 15 2024, 9:25 AM
werner added a project: gnupg24.Feb 19 2024, 5:02 PM

I need to come up with a better strategy here. --refresh-keys is a very useful command and it should do what the user expects. Maybe we can adjust the behaviour iff we detect that there is an LDAP keyserver.

werner renamed this task from Kleopatra: Refresh OpenPGP keys should check WKD to Refresh OpenPGP keys should check WKD.Feb 19 2024, 5:02 PM
werner raised the priority of this task from Low to Normal.
werner added projects: Feature Request, Bug Report.
thesamesam added a subscriber: thesamesam.Feb 20 2024, 6:45 AM
alexk added a subscriber: alexk.Dec 10 2024, 3:50 PM
ebo edited projects, added gpd5x; removed Restricted Project.Feb 5 2025, 10:11 AM
ebo updated the task description. (Show Details)Feb 5 2025, 10:27 AM

changed the workboard to gpd5x as this is still the case in Gpg4win 5.0-Beta versions.

ebo renamed this task from Refresh OpenPGP keys should check WKD to Refresh/update OpenPGP keys should check WKD.Feb 5 2025, 10:30 AM
ikloecker added a subscriber: ikloecker.Feb 5 2025, 4:30 PM

I think there's some confusion.

The Update button in the Certificate Details uses gpg --recv-keys FPR for updating the key from the keyserver (if a keyserver is configured) and it uses gpg --locate-external-key EMAIL for updating the key/user ID via WKD.

gpg --refresh-keys is used when the user uses Tools->Refresh OpenPGP Certificates. I don't think that gpg --refresh-keys has anything to do with this ticket.

Moreover, I thought that we had agreed that Update only looks for email addresses on WKD that were originally retrieved from WKD unless the user enables the option "Query certificate directories of providers for all user IDs".

werner raised the priority of this task from Normal to High.Sun, Mar 22, 6:20 PM
werner edited projects, added gnupg26; removed gnupg24.
ebo added a project: needs discussion.Mon, Mar 23, 8:41 AM
pl13 added a subscriber: pl13.Mon, Mar 23, 8:57 AM
ikloecker removed projects: gpd5x, kleopatra.Mon, Mar 23, 9:05 AM

Removing kleopatra tag since Kleopatra already does what's requested.

ebo removed a project: needs discussion.Mon, Mar 23, 9:53 AM

To clarify, the state in Kleopatra Ingo described a year ago has changed, with T7579: Kleopatra: improve menu items the refresh option in the Tools menu was removed. Both actions to update certificates - in the context menu and in the details - are/work the same.

(Be aware that one has to enable the option "Query certificate directories of providers for all user IDs" in Kleopatra if all keys should be updated via WKD. Otherwise, only keys that were originally retrieved via WKD are updated via WKD.)