Page MenuHome GnuPG

Kleopatra: Integrate "disabled" feature from gpg
Testing, NormalPublic


There is a long available feature to "disable" keys in GnuPG. This deactivates the local certificate for regular use. Kleopatra should respect this as well:

  • In certificate view show "disabled" (de: "inaktiv") in the "User-IDs" column.
  • In certificate view add "disable" or "enable" in the context menu.
  • In "Details" view add "disabled" in bold next to "Valid until" in case it is disabled.
  • When searching for certificates in "Encrypt for" fields, don't show disabled keys in the drop-down menu.
  • A (context) menu entry to "disable certificate" (or "enable certificate").

And either:

  • make a filter showing "disabled certificates".
  • don't show disabled certificates in any of the others filters.


  • make a toggle to show/hide "disabled certificates" everywhere

Info: The "disabled" status is stored in the trust-DB. It can be changed with "gpg -edit-key" and "disable".

Event Timeline

alexk triaged this task as Normal priority.Apr 16 2024, 4:47 PM
alexk created this task.

Note for devs: In most places we can probably use Key::isBad() which excludes all kinds of keys that are not valid for use (revoked, expired, disabled, ...).

gpgme has a disabled flag (only set on the primary key) and taken from the --wwth-colon listing where it is the 'D' in the usage.

GnuPG 2.4.6 will have a new command --quick-set-ownertrust which can be sued to enable/disable a key. We should support this in gpgme and make the interface general enough to also set the ownertrust. The latter is IMHO not needed in Kleopatra, though.

Of course, it should be possible to toggle "disabled" in Kleopatra.
A (context) menu entry "disable certificate" (or "enable certificate") should be sufficient.

ikloecker edited projects, added vsd33; removed gpgme.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.

I think Kleopatra now respects the "disabled" state of OpenPGP certificates. I don't remember the outcome of our discussion about allowing to disable OpenPGP certificates from Kleopatra, but I think this should be split out of this ticket.

Go ahead and split it of, then. And setting a key to disabled in Kleopatra itself is not that urgent that it has to be in vsd33.

ikloecker changed the task status from Open to Testing.Fri, Jun 7, 2:41 PM
ikloecker moved this task from Backlog to WiP on the vsd33 board.


respecting the "disabled" state is ready for testing; the rest won't be done on this ticket