Page MenuHome GnuPG

Kleopatra: wrong protocol certificates not deselected after protocoll switch in notepad
Open, LowPublic


If you en-/decrypt the notepad using S/MIME for yourself and for others and then change the protocol to OpenPGP, you will get an error "No matching certificates or groups found" for the "encrypt to others" line:

The same if you do the switch from S/MIME to OpenPGP.

Looks like in the "encrypt to me" line the pre-selected certificates are changed, but not in the "encrypt to others" line.



Event Timeline

For your own certificates Kleopatra knows what to look for when you switch the protocol: Some suitable certificate with the correct protocol belonging to the user. In fact, Kleopatra remembers the last used own sign and encrypt certificates for both protocols.

I'm not sure what you expect to happen for the certificates of others. Should Kleopatra guess a matching certificate based on the email address? What if there's no email address? And who is liable if Kleopatra makes a wrong guess?

I recommend to leave this as-is. The users should select the right protocol before selecting any recipients. How many people switch protocols anyway?

Well I expect to not get an error if I click on something which might be an unusual use case but is a valid operation.
I do not want Kleopatra to select an appropriate certificate, I expect it to not suggest any certificate for the recipients.

I admit that it's more of an annoyance than a "real" error, but IMHO we want our software to look professional which includes avoiding general errors and other unnecessary errors.

So you want the other recipients to be cleared? What shall happen if the user switches the protocol again? Shall the previously selected other recipients be restored?

I think it would be the most logical solution to always clear the recipients after a switch of protocol. No restoration for other recipients necessary from my point of view.

No, if you then find out that you cant reach anyone in the protocol you should be able to get back.

But can't we just ignore the Certificates of the wrong type if we have S/MIME selected it should only use the SMIME certs of course.

aheinecke lowered the priority of this task from Normal to Low.Apr 16 2024, 9:31 AM