Page MenuHome GnuPG
Create Task
Maniphest T7091

Kleopatra: Simple copy key to card
Open, NormalPublic
Actions

Description

In the certificate view add an function to copy a chosen key to a smartcard, via context menu or "Certificates" menu.

Below is an example of a possible dialog screen for discussion. Text in {brackets} are comments.

# Simple transfer of an OpenPGP key to a smartcard

Only suitable for standard keys.

{The following information might be behind an info button or something}
Info on preconditions:
- The primary key is suitable for signatures and certifications.
- There is exactly one subkey for encryption.
- Optionally, there is exactly one additional subkey for authentication. This is also transferred to the card.
- An OpenPGP-compatible smartcard is connected and the corresponding slots are empty.
{information end}

Your chosen Key
Fingerprint:     XXXXXXX
Primary User-ID: Xxxxx <xxx@xxxx.xx>

{Error Block start, only shown in case of a problem}
The following condition(s) are not met: {Only the missing conditions are displayed, but all misses on the first three}.

- The primary key does not have the Sign and Certify properties.
- There is no subkey for encryption.
- There are too many other subkeys.

- No smartcard was recognized.
- The OpenPGP slots on the smartcard are not empty.

/\ An automatic transfer is not possible.                    {this /\ is an alert symbol}

[OK]
{error block end}
{alternative postive continuation}

All conditions are met.

To proceed choose one of the following options:
( ) Delete key from disk.
    ( ) Make a backup of the secret key to file.  
    ( ) Make a print backup. (Paperkey)
    ( ) I already have a backup of the secret key.
( ) Keep key on disk.

[Apply]    [Cancel]

By default there is no option preselected.
But there should be a configuration parameter in the config file or registry to preselect an option and make it unchangeable.

Related Objects
Search...

Event Timeline

alexk triaged this task as Normal priority.Wed, Apr 17, 11:41 AM
alexk created this task.
alexk added a parent task: T6785: Kleopatra: Improvements related to smart cards.
ebo added a subscriber: ebo.Wed, Apr 17, 11:49 AM
ikloecker added a subscriber: ikloecker.Wed, Apr 17, 10:43 PM

You forget that multiple OpenPGP smart cards might be plugged in. Although it's probably not likely that multiple empty cards are plugged in. (For comparison: The subkey action to move a key to a card allows the user to choose a suitable slot. I think it also offers non-empty slots, but I agree that for the "simple copy" it's better to offer only empty cards to prevent a disaster.)

ikloecker added a comment.Wed, Apr 17, 10:49 PM

Regarding the requirements for a key: The action shouldn't be enabled for keys not meeting the requirements. (Just like most other actions are only enabled for a suitable selection of keys.) The info which keys are suitable belongs into the manual and not as wall of text into Kleopatra.

alexk added a comment.Thu, Apr 18, 2:48 PM

The action shouldn't be enabled for keys not meeting the requirements.

This sounds good.
Will this checks be done on opening the context menu for a private key?

Regarding the smartcards: Should be checked if there is exactly one empty smartcard plugged and don't care about other non empty ones?

ikloecker added a comment.Thu, Apr 18, 3:53 PM

The check happens whenever the user selects or deselects one (or more) certificates. All actions that require conditions not met by the selected certificates are disabled. Some conditions are too complex/slow/special to check, e.g. the check if an empty smart card is inserted should happen when the user triggered the action.

Regarding the smartcards: Should be checked if there is exactly one empty smartcard plugged and don't care about other non empty ones?

If multiple empty OpenPGP cards are plugged in then I would simply take the first that's found. Obviously, the dialog should tell the user which smart card will be written to.

The key should be displayed as in most dialogs with the summary. Nobody knows their key by the fingerprint and the user ID is often ambiguous if one has multiple keys.

alexk added a comment.Thu, Apr 18, 5:39 PM
This comment was removed by alexk.
alexk added a comment.Mon, Apr 22, 9:41 AM

With Ingo's suggestions it could look like this.

Smartcard error case:

== Simple transfer of an OpenPGP key to a smartcard ==

/\ An automatic transfer is not possible.                    {this /\ is an alert symbol}

- No smartcard was recognized.                               {Only one of these messages will apply.}
- No smartcard with empty OpenPGP slots was found.

[OK]

Normal case:

== Simple transfer of an OpenPGP key to a smartcard ==

Your selected Key:  {key summary}
Selected SmartCard: {smarcard summary}

To proceed choose one of the following options:
( ) Delete key from disk.
    ( ) Make a backup of the secret key to file.  
    ( ) Make a print backup. (Paperkey)
    ( ) I already have a backup of the secret key.
( ) Keep key on disk.

[Apply]    [Cancel]
alexk added a project: gpd.Tue, Apr 30, 4:57 PM