Page MenuHome GnuPG
Create Task
Maniphest T7089

Kleopatra: show "disabled" status
Testing, NormalPublic
Actions

Description

(Edit 2024-07-24: Adapt ticket to implemented reality… See T7216: Kleopatra: Integrate "disabled" feature from gpg for original task description)

  • In certificate view show "disabled" in the "User-IDs" column.
  • In "Details" view add "disabled", possibly in bold in case the certificate is disabled to the "Status" line
  • When searching for certificates in "Encrypt for" fields, don't show disabled keys in the drop-down menu.
  • Where a key status is shown, "disabled" has a higher precedence than "revoked", "expired", "certified"/"not certified"/others

Revisions and Commits

rLIBKLEO Libkleo
rLIBKLEO3fbe76f0ca84 Prioritize "disabled" over "revoked", "expired", "certified" for key status
rLIBKLEOf44fb8a69cb4 KeyListSortFilterProxyModel: Allow filtering out disabled keys
rLIBKLEO3c34e8dcfefb Prioritize "disabled" over "revoked", "expired", "certified" for key status
rLIBKLEO359d448dc255 Align precedence order of key status: Disable > Revoked > Expired >…
rLIBKLEO39127a11dd2f Fix showing keys as disabled / revoked / invalid
rLIBKLEO8899415e3a55 Fix showing keys as disabled / revoked / invalid
rLIBKLEOd4f2dcec5b55 Fix showing keys as disabled / revoked / invalid
rG GnuPG
rG967678d9728c gpg: New command --quick-set-ownertrust.
rKLEOPATRA Kleopatra
rKLEOPATRAe6268caa7e08 Add off-by-default option to show disabled keys in key list
rKLEOPATRA4a1006f64de0 Show certificate status in CertificateDetailsDialog
rKLEOPATRAcb4d1c3257e4 Don't show disabled certificates in signencryptwidget
rKLEOPATRA33f4faa8625c Don't show disabled certificates in signencryptwidget
rKLEOPATRA568cca2bcce7 Don't show disabled certificates in signencryptwidget
rKLEOPATRAee1537e7a880 Show certificate status in CertificateDetailsDialog
rKLEOPATRAc946372dd2c0 Don't show disabled certificates in signencryptwidget
rKLEOPATRA579a73ee616e Show certificate status in CertificateDetailsDialog

Related Objects
Search...

Event Timeline

alexk triaged this task as Normal priority.Apr 16 2024, 4:47 PM
alexk created this task.
alexk mentioned this in T6666: Kleopatra: revise certificate list filters.Apr 16 2024, 4:51 PM
ikloecker added a subscriber: ikloecker.Apr 16 2024, 5:14 PM

Note for devs: In most places we can probably use Key::isBad() which excludes all kinds of keys that are not valid for use (revoked, expired, disabled, ...).

ebo added a subscriber: ebo.Apr 17 2024, 8:42 AM
werner added a subscriber: werner.Apr 17 2024, 1:01 PM

gpgme has a disabled flag (only set on the primary key) and taken from the --wwth-colon listing where it is the 'D' in the usage.

GnuPG 2.4.6 will have a new command --quick-set-ownertrust which can be sued to enable/disable a key. We should support this in gpgme and make the interface general enough to also set the ownertrust. The latter is IMHO not needed in Kleopatra, though.

werner added projects: gpgme, Feature Request.Apr 17 2024, 1:01 PM
werner added a commit: rG967678d9728c: gpg: New command --quick-set-ownertrust..
alexk added a comment.Apr 17 2024, 1:32 PM

Of course, it should be possible to toggle "disabled" in Kleopatra.
A (context) menu entry "disable certificate" (or "enable certificate") should be sufficient.

alexk updated the task description. (Show Details)Apr 17 2024, 1:36 PM
TobiasFella added a commit: rLIBKLEOd4f2dcec5b55: Fix showing keys as disabled / revoked / invalid.Apr 17 2024, 2:54 PM
TobiasFella added a commit: rKLEOPATRA579a73ee616e: Show certificate status in CertificateDetailsDialog.Apr 17 2024, 3:45 PM
TobiasFella added a commit: rKLEOPATRAc946372dd2c0: Don't show disabled certificates in signencryptwidget.Apr 17 2024, 4:14 PM
TobiasFella added a commit: rKLEOPATRAee1537e7a880: Show certificate status in CertificateDetailsDialog.Apr 18 2024, 9:29 AM
TobiasFella added a commit: rKLEOPATRA568cca2bcce7: Don't show disabled certificates in signencryptwidget.Apr 18 2024, 9:36 AM
TobiasFella added a commit: rKLEOPATRA33f4faa8625c: Don't show disabled certificates in signencryptwidget.Apr 18 2024, 9:41 AM
TobiasFella added a commit: rLIBKLEO8899415e3a55: Fix showing keys as disabled / revoked / invalid.Apr 25 2024, 2:52 PM
werner removed a project: vsd33.Apr 30 2024, 3:01 PM
ikloecker added a commit: rKLEOPATRAcb4d1c3257e4: Don't show disabled certificates in signencryptwidget.May 6 2024, 5:08 PM
ikloecker added a commit: rKLEOPATRA4a1006f64de0: Show certificate status in CertificateDetailsDialog.
ikloecker assigned this task to TobiasFella.May 7 2024, 11:28 AM
ikloecker edited projects, added vsd33; removed gpgme.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker added a comment.May 8 2024, 10:20 AM

I think Kleopatra now respects the "disabled" state of OpenPGP certificates. I don't remember the outcome of our discussion about allowing to disable OpenPGP certificates from Kleopatra, but I think this should be split out of this ticket.

ebo added a comment.May 8 2024, 10:36 AM

Go ahead and split it of, then. And setting a key to disabled in Kleopatra itself is not that urgent that it has to be in vsd33.

ikloecker changed the task status from Open to Testing.Jun 7 2024, 2:41 PM
ikloecker moved this task from Backlog to WiP on the vsd33 board.

backported

respecting the "disabled" state is ready for testing; the rest won't be done on this ticket

ikloecker added a commit: rLIBKLEO39127a11dd2f: Fix showing keys as disabled / revoked / invalid.Jun 7 2024, 2:50 PM
ebo added a comment.Tue, Jul 23, 3:08 PM

with Version 3.2.2.2405000+git~ (Gpg4win-4.3.2-beta41):

What I see is: If the status of a certificate is "certified" or "not certified" before disabling it, then Kleo shows "disabled" in the User-ID column. If it was "revoked" or "expired", those are not changed. The same is true for the "Status" info in the details.
Is this distinction on purpose? What is the reason?

And I do not see any possibility to hide those disabled certificates. In my opinion respecting the state includes to not show such a certificate.

ikloecker added a comment.EditedTue, Jul 23, 5:56 PM
In T7089#188733, @ebo wrote:

What I see is: If the status of a certificate is "certified" or "not certified" before disabling it, then Kleo shows "disabled" in the User-ID column. If it was "revoked" or "expired", those are not changed. The same is true for the "Status" info in the details.
Is this distinction on purpose? What is the reason?

The order of states is "expired", "revoked", "disabled", "invalid", "certified", "not certified". Since we show only one state we need to define an order. I guess it would make sense to give "disabled" the highest priority. (I also think that "revoked" should have higher priority than "expired".)

And I do not see any possibility to hide those disabled certificates. In my opinion respecting the state includes to not show such a certificate.

Alex made different suggestions (which were not implemented yet). I think I'd prefer a configuration option to show disabled certificates (which defaults to hiding them). The suggestion to add a special filter showing just the disabled keys and to hide disabled keys for all other filters conflicts with the "All" filter. "All" should always be the superset of all filters.

ebo added a comment.Wed, Jul 24, 8:41 AM

The order of states is "expired", "revoked", "disabled", "invalid", "certified", "not certified". Since we show only one state we need to define an order. I guess it would make sense to give "disabled" the highest priority. (I also think that "revoked" should have higher priority than "expired".)

Ok, I agree on all points. Make it so ;-)

Alex made different suggestions (which were not implemented yet).

I believe that the ticket should have been made a parent ticket with the implementation tasks as child tickets. Like it is it is difficult to test and set a status to the ticket. As all the commits for the first task are on this ticket, I would make a new parent ticket with the original description and then change the description here according to the actually implemented part.

The discussion regarding the filters will go in another child ticket.

ebo mentioned this in T7216: Kleopatra: Integrate "disabled" feature from gpg.Wed, Jul 24, 8:52 AM
ebo added a parent task: T7216: Kleopatra: Integrate "disabled" feature from gpg.
ebo renamed this task from Kleopatra: Integrate "disabled" feature from gpg to Kleopatra: show "disabled" status.Wed, Jul 24, 9:50 AM
ebo updated the task description. (Show Details)
TobiasFella added a commit: rLIBKLEO359d448dc255: Align precedence order of key status: Disable > Revoked > Expired >….Wed, Jul 24, 10:13 AM
TobiasFella added a commit: rLIBKLEO3c34e8dcfefb: Prioritize "disabled" over "revoked", "expired", "certified" for key status.
TobiasFella added a commit: rKLEOPATRAe6268caa7e08: Add off-by-default option to show disabled keys in key list.Wed, Jul 24, 11:48 AM
TobiasFella added a commit: rLIBKLEOf44fb8a69cb4: KeyListSortFilterProxyModel: Allow filtering out disabled keys.
TobiasFella updated the task description. (Show Details)Wed, Jul 24, 12:04 PM
ebo moved this task from WiP to Backlog on the vsd33 board.Wed, Jul 24, 12:34 PM
ikloecker added a commit: rLIBKLEO3fbe76f0ca84: Prioritize "disabled" over "revoked", "expired", "certified" for key status.Wed, Jul 24, 2:32 PM
ikloecker moved this task from Backlog to WiP on the vsd33 board.Wed, Jul 24, 2:34 PM

The latest changes have been backported for VSD 3.3.