Page MenuHome GnuPG
Create Task
Maniphest T7078

Kleopatra: Add automatic offer of revocation certificate export to the revocation process
Testing, NormalPublic
Actions

Description

We could improve UX for revocation by making the revocation related additional tasks more self-explanatory.

After optionally (if a keyserver is configured) offer to upload the revocation, we should then offer to export the certificate. In that dialog window we should explain very shortly what is to be done. like e.g. "Do you want to export the certificate? The exported certificate can then be send to communication partners to inform them about the revocation."

We could possibly only offer the export if no keyserver is configured. Or do it in all cases; maybe a company only uses an LDAP internally and external people get send a file.

See also T7076: Kleopatra: Improvements in the "Revoke Key" window

Details

External Link
https://invent.kde.org/pim/kleopatra/-/merge_requests/172
Version
gpg4win 4.3.1 / vsd 3.2.1

Revisions and Commits

rKLEOPATRA Kleopatra
rKLEOPATRA839efebc6567 Improve revocation dialog
rKLEOPATRA2d863f1a06cd Improve revocation dialog
rKLEOPATRAcefbe98a4487 Automatically export certificate after revocation and ask the user to publish it
rKLEOPATRA86dfd0998876 Automatically export certificate after revocation and ask the user to publish it
rKLEOPATRA1d5d64acc38d Automatically export certificate after revocation and ask the user to publish it
rKLEOPATRA569e1ef7601d Automatically export certificate after revocation and ask the user to publish it
rKLEOPATRAf9474597ff2e Automatically export certificate after revocation and ask the user to publish it
rKLEOPATRA51e5f9cb8e39 Automatically export certificate after revocation and ask the user to publish it
rKLEOPATRA76d874c487b7 Automatically export certificate after revocation and ask the user to publish it
rKLEOPATRA56f6b5ba6479 Ask the user to publish and/or export the certificate after revocation

Related Objects
Search...

Event Timeline

ebo created this task.Apr 8 2024, 3:39 PM
TobiasFella added a commit: rKLEOPATRA56f6b5ba6479: Ask the user to publish and/or export the certificate after revocation.Apr 10 2024, 2:09 PM
TobiasFella claimed this task.Apr 10 2024, 2:11 PM
TobiasFella moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker added a comment.Apr 10 2024, 2:42 PM

I just want to point out that we have explicitly decided to remove confronting the user with five different "What next" options in the certificate creation workflow. One reason is that the choice overwhelms the users because some think they need to do everything. Another reason is that many options were completely wrong for some of our customers. Such workflows are much better documented in company-specific SOPs (standard operation procedures).

I think it's ironic (and wrong) that we now re-introduce confronting the user with exactly the same "helpful suggestions" (publish, export) in another workflow.

Publishing should happen either automatically or via the standard workflow. Same for export, e.g. Kleopatra could automatically export the revoked certificate to a file and tell the user the location.

werner added a subscriber: werner.Apr 11 2024, 11:15 AM

Revocations are an exceptional task and rarely needed. In this case ("help, help , my key is compromised, what shall I do now?") an extra dialog to help the user is imho appropriate. This different for the key generation process, becuase this needs to be done by every user at least once and thus should be UI-wise as simple as possible.

ebo added a comment.EditedApr 11 2024, 11:36 AM

That said I think we should then strive to use only one "next" window.

Edit: what I deleted was wrong, we do not offer a keyserver upload currently.

werner added a subtask: T7083: Show revocation reasons also with a standard -k listing.Apr 11 2024, 11:42 AM
ebo added a comment.Apr 11 2024, 3:22 PM

Alexander suggested that we could avoid another window by putting check boxes in the revocation window for automatically uploading to the configured keyserver and creating a public key export with the revocation. That could then be configurable via the registry on windows, so that companies could adapt that according to their SOP.

ikloecker added a comment.Apr 15 2024, 1:45 PM

I like the suggestion to add a checkbox for the upload. That's also in line with certification which is very similar to revocation.

Regarding the public key export I still think that we should just do it and tell the user the location of the file (I think the Documents folder is suitable) in the success message. It's one decision less for the user to make. In any case we should perform a minimal export.

TobiasFella added a comment.Apr 16 2024, 10:03 AM

I'd propose that we could:

  • Always export the certificate and tell the user in the success dialog
  • Have an extra button in the success dialog allowing the user to upload the certificate.

That way, we don't have any extra dialogs. The user might still click through all dialogs without reading anything, but I'm not sure how we could prevent that

ikloecker added a comment.Apr 16 2024, 10:24 AM

+1 for Tobias proposal

TobiasFella added a commit: rKLEOPATRA76d874c487b7: Automatically export certificate after revocation and ask the user to publish it.Apr 18 2024, 11:03 AM
alexk added a subscriber: alexk.Apr 18 2024, 5:41 PM
ebo added a project: vsd33.May 2 2024, 4:51 PM
ebo added a comment.EditedMay 2 2024, 4:59 PM

We decided to go with Tobias' proposal.

The export should be to a standard (not hidden) location, like $XDG_DATA_HOME. Does that exist on Windows, too?

In case of LDAP keyserver, upload should be the preselected default

ebo added a comment.May 3 2024, 9:05 AM

Was mentioned before, but not written here:

The reasons should be in a fold-out section (like the Advanced choices elsewhere) with the always readable title "Reason for revocation (optional)". This way, the window will be less of a wall of text and concentrate on the important parts.

ebo triaged this task as Normal priority.May 3 2024, 9:05 AM
ebo set External Link to https://invent.kde.org/pim/kleopatra/-/merge_requests/172.May 3 2024, 12:59 PM
TobiasFella added a commit: rKLEOPATRA51e5f9cb8e39: Automatically export certificate after revocation and ask the user to publish it.May 10 2024, 12:20 PM
TobiasFella added a commit: rKLEOPATRAf9474597ff2e: Automatically export certificate after revocation and ask the user to publish it.May 13 2024, 11:55 AM
TobiasFella added a commit: rKLEOPATRA569e1ef7601d: Automatically export certificate after revocation and ask the user to publish it.May 15 2024, 9:27 AM
TobiasFella added a commit: rKLEOPATRA1d5d64acc38d: Automatically export certificate after revocation and ask the user to publish it.May 21 2024, 10:07 AM
TobiasFella added a commit: rKLEOPATRA86dfd0998876: Automatically export certificate after revocation and ask the user to publish it.May 22 2024, 4:16 PM
TobiasFella added a commit: rKLEOPATRAcefbe98a4487: Automatically export certificate after revocation and ask the user to publish it.May 23 2024, 4:25 PM
TobiasFella added a commit: rKLEOPATRA2d863f1a06cd: Improve revocation dialog.May 28 2024, 12:18 PM
ikloecker changed the task status from Open to Testing.Jun 7 2024, 2:36 PM
ikloecker moved this task from Backlog to WiP on the vsd33 board.

backported

ikloecker added a commit: rKLEOPATRA839efebc6567: Improve revocation dialog.Jun 7 2024, 3:12 PM
ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Oct 1 2024, 3:55 PM
ikloecker mentioned this in T7395: Prepare Release Notes for Gpg4win 4.4.0 for Kleopatra.Wed, Nov 13, 5:04 PM