Page MenuHome GnuPG
Create Task
Maniphest T7089

Kleopatra: Integrate "disabled" feature from gpg
Open, NormalPublic
Actions

Description

There is a long available feature to "disable" keys in GnuPG. This deactivates the local certificate for regular use. Kleopatra should respect this as well:

  • In certificate view show "disabled" (de: "inaktiv") in the "User-IDs" column.
  • In certificate view add "disable" or "enable" in the context menu.
  • In "Details" view add "disabled" in bold next to "Valid until" in case it is disabled.
  • When searching for certificates in "Encrypt for" fields, don't show disabled keys in the drop-down menu.
  • A (context) menu entry to "disable certificate" (or "enable certificate").

And either:

  • make a filter showing "disabled certificates".
  • don't show disabled certificates in any of the others filters.

or

  • make a toggle to show/hide "disabled certificates" everywhere

Info: The "disabled" status is stored in the trust-DB. It can be changed with "gpg -edit-key" and "disable".

Revisions and Commits

rLIBKLEO Libkleo
rLIBKLEO8899415e3a55 Fix showing keys as disabled / revoked / invalid
rLIBKLEOd4f2dcec5b55 Fix showing keys as disabled / revoked / invalid
rG GnuPG
rG967678d9728c gpg: New command --quick-set-ownertrust.
rKLEOPATRA Kleopatra
rKLEOPATRA33f4faa8625c Don't show disabled certificates in signencryptwidget
rKLEOPATRA568cca2bcce7 Don't show disabled certificates in signencryptwidget
rKLEOPATRAee1537e7a880 Show certificate status in CertificateDetailsDialog
rKLEOPATRAc946372dd2c0 Don't show disabled certificates in signencryptwidget
rKLEOPATRA579a73ee616e Show certificate status in CertificateDetailsDialog

Related Objects

Event Timeline

alexk triaged this task as Normal priority.Tue, Apr 16, 4:47 PM
alexk created this task.
alexk mentioned this in T6666: Kleopatra: revise certificate list filters.Tue, Apr 16, 4:51 PM
ikloecker added a subscriber: ikloecker.Tue, Apr 16, 5:14 PM

Note for devs: In most places we can probably use Key::isBad() which excludes all kinds of keys that are not valid for use (revoked, expired, disabled, ...).

ebo added a subscriber: ebo.Wed, Apr 17, 8:42 AM
werner added a subscriber: werner.Wed, Apr 17, 1:01 PM

gpgme has a disabled flag (only set on the primary key) and taken from the --wwth-colon listing where it is the 'D' in the usage.

GnuPG 2.4.6 will have a new command --quick-set-ownertrust which can be sued to enable/disable a key. We should support this in gpgme and make the interface general enough to also set the ownertrust. The latter is IMHO not needed in Kleopatra, though.

werner added projects: gpgme, Feature Request.Wed, Apr 17, 1:01 PM
werner added a commit: rG967678d9728c: gpg: New command --quick-set-ownertrust..
alexk added a comment.Wed, Apr 17, 1:32 PM

Of course, it should be possible to toggle "disabled" in Kleopatra.
A (context) menu entry "disable certificate" (or "enable certificate") should be sufficient.

alexk updated the task description. (Show Details)Wed, Apr 17, 1:36 PM
TobiasFella added a commit: rLIBKLEOd4f2dcec5b55: Fix showing keys as disabled / revoked / invalid.Wed, Apr 17, 2:54 PM
TobiasFella added a commit: rKLEOPATRA579a73ee616e: Show certificate status in CertificateDetailsDialog.Wed, Apr 17, 3:45 PM
TobiasFella added a commit: rKLEOPATRAc946372dd2c0: Don't show disabled certificates in signencryptwidget.Wed, Apr 17, 4:14 PM
TobiasFella added a commit: rKLEOPATRAee1537e7a880: Show certificate status in CertificateDetailsDialog.Thu, Apr 18, 9:29 AM
TobiasFella added a commit: rKLEOPATRA568cca2bcce7: Don't show disabled certificates in signencryptwidget.Thu, Apr 18, 9:36 AM
TobiasFella added a commit: rKLEOPATRA33f4faa8625c: Don't show disabled certificates in signencryptwidget.Thu, Apr 18, 9:41 AM
TobiasFella added a commit: rLIBKLEO8899415e3a55: Fix showing keys as disabled / revoked / invalid.Thu, Apr 25, 2:52 PM