Page MenuHome GnuPG
Create Task
Maniphest T7183

Kleopatra: Reduce certificates offered in Sign/Enyrypt dialog
Testing, NormalPublic
Actions

Description

In the sign/encrypt dialog there are currently offered all UIDs of a certificate for signing as well as encryption. This includes revoked UIDs. (This is a recent "feature", in VSD 3.2.2 this was not the case.)

Todo:
Edit 2024-07-11:
# Revoked UIDs should not be offered either for encryption or signing
# For signing all valid UIDs of a private key should be offered
# For encryption only the primary user-ID of a certificate should be offered. Add a tooltip with the information that additional user ids exist. Or maybe list the other valid UIDs in the tooltip.

  1. show all valid (not revoked and not expired) User-Ids in the existing drop down lists
  2. add a button on the right side of the drop down to choose from the certificate list (with filter "only with secret" set)
  3. in case a revoked or expired certificate is selected, give a better error: "Error: The selected certificate is not valid" (for both public and secret keys, although in the latter case it should probably better be "The selected key is not valid")

Details

Version
Version 3.2.2.2405000+git~ (Gpg4win-4.3.2-beta25)

Revisions and Commits

rLIBKLEO Libkleo
rLIBKLEObbe1eb281d90 Add certificate selection button to UserIDSelectionCombo
rLIBKLEO41836c1ce76a Fix key list filtering for models based on user ids
rLIBKLEOede846d7609e Add certificate selection button to UserIDSelectionCombo
rLIBKLEO4619a49016c0 Add certificate selection button to UserIDSelectionCombo
rLIBKLEOc9fe15ff270e Add certificate selection button to UserIDSelectionCombo
rLIBKLEO85dabc8ccc28 Add certificate selection button to UserIDSelectionCombo
rLIBKLEO440a42ad87c8 Add certificate selection button to UserIDSelectionCombo
rLIBKLEO7f33d297552a Fix key list filtering for models based on user ids
rLIBKLEOda7da8f8039d Fix key list filtering for models based on user ids
rKLEOPATRA Kleopatra
rKLEOPATRAf38523c0ffaa Show better error messages for invalid certificates in certificatelineedit
rKLEOPATRAd95fd12ef65e Improve user id selection in signencryptwidget
rKLEOPATRA678e29059e6b Improve user id selection in signencryptwidget
rKLEOPATRA91856657a925 Show better error messages for invalid certificates in certificatelineedit
rKLEOPATRA02b04ca391af Improve user id selection in signencryptwidget
rKLEOPATRAda4b4848bee7 Improve user id selection in signencryptwidget
rKLEOPATRA9119e31de13a Improve user id selection in signencryptwidget
rKLEOPATRA17d6115e6b5c Improve user id selection in signencryptwidget
rKLEOPATRA9a09370cd935 Show better error messages for invalid certificates in certificatelineedit

Related Objects

Event Timeline

ebo created this task.Jul 2 2024, 2:35 PM
werner added a project: Feature Request.Jul 2 2024, 10:50 PM
ikloecker added a comment.Jul 3 2024, 10:37 AM

Re 2.:

  • I think expired user IDs should also be offered. Otherwise, people who forgot to extend the validity of their certificate won't find their certificate. Usability-wise it's better to offer the certificate and show a notice that the selected certificate has expired. I wouldn't differentiate between primary and additional user IDs.

Re 3.:

  • I'm not sure if we are talking about the Encrypt-to-self drop-down or the Encrypt for others input fields. On the other hand, I see little reason to treat both differently.
  • For me user IDs are aliases. I think the notion of "primary user ID" is misleading. Often all user IDs are equally "important". And depending on context one of the non-primary user IDs may be more relevant (e.g. when receiving a signed email the user ID matching the sender address is the most relevant one). If I want to select an encryption key for encrypting something for ada@example.net then I don't want to remember that I have to look for the key lovelace@example.com. For my own keys I may be able to remember this, but not for other keys.
  • "Hiding" the information about additional user IDs in a tool tip isn't a good solution because tool tips have very bad accessibility:
    • People who are not using a mouse never see tool tips, e.g. people with mobility impairments or people using a touch device.
    • People using screen readers may have turned those off by default.
    • People with cognitive and intellectual disabilities will have problems making use of the information in tool tips.
  • I fail to see a reason why the selection of the key for signing is different from the selection of the key for encryption (to self). It will be very confusing if I can select my secondary user ID in the signing drop-down but cannot find it in the encryption drop-down.
  • Last but not least, I don't see any disadvantages of offering all not revoked user IDs while I see many advantages for usability and accessibility.
werner added a subscriber: werner.Jul 4 2024, 10:10 AM

rere 2: I agree as long as the expired certs are order behind regular certs.

rere 3: Selecting the signer key by userid allows gpg to put the Signer's UID into the signature. However, given how Kleopatra work, the signer is always specified by fingerprint and thus this does not work in this case. I am not sure whether kleopatra uses gpgme_set_sender to explicitly set the user ID. At least GpgOL should do that.

The primary user ID is important becuase if you specify a key not by fingerprint the primary user ID is used to select the preferences. The preferences may differ by user id.

I agree to the accessibility thing.

TobiasFella added a subscriber: TobiasFella.Jul 10 2024, 2:17 PM

I agree with Ingo and Werner here. In summary

  • Hide revoked user ids
  • Show expired certs
  • Sort expired certs behind regular certs

I am not sure whether kleopatra uses gpgme_set_sender to explicitly set the user ID.

Sounds like something we should do; but material for a different task

ebo added a comment.Jul 10 2024, 3:22 PM

I'm not sure if we are talking about the Encrypt-to-self drop-down or the Encrypt for others input fields. On the other hand, I see little reason to treat both differently.

At the moment they are treated differently. In the dropdown for encrypt-to-self no expired certificates are listed. encrypt-to-others does not have a dropdown. You are not able to find an expired Certificate by typing the name. But you can open the certificate list to chose from, where expired certificates are shown and selectable. But when you select an expired certificate, you won't be able to select Sign/Enrypt: "Error: No matching certificates or groups found"

TobiasFella added a comment.Jul 10 2024, 3:32 PM
In T7183#188348, @ebo wrote:

I'm not sure if we are talking about the Encrypt-to-self drop-down or the Encrypt for others input fields. On the other hand, I see little reason to treat both differently.

At the moment they are treated differently. In the dropdown for encrypt-to-self no expired certificates are listed. encrypt-to-others does not have a dropdown. You are not able to find an expired Certificate by typing the name. But you can open the certificate list to chose from, where expired certificates are shown and selectable.

FWIW, I don't think that difference in behavior is intended.

ikloecker added a comment.Jul 10 2024, 6:14 PM

This behavior of the encrypt-to-others input field is intended. It avoids "Multiple matching certificates or groups found" errors if there is one current (good) certificate and one (or more) old expired certificates for an email address. There's a button to open a dialog listing all certificates so that the user can find a certificate they are missing in the input list's completion list. I think this is an acceptable compromise between making all certificates discoverable (even expired or revoked ones) and offering not too many irrelevant certificates. When the user selects a bad certificate in the selection dialog we should probably show a note that this certificate cannot be used instead of showing "Error: No matching certificates or groups found".

We could use the same approach for the drop-down boxes, i.e. offer only good keys/user IDs and add a button to open a dialog listing all signing/encryption keys/user IDs of the user.

ebo added a subscriber: aheinecke.Jul 11 2024, 9:11 AM

ok, I like your proposal. To recap:

  • show all valid (not revoked and not expired) User-Ids in the existing drop down lists
  • add a button on the right side of the drop down to choose from the certificate list
  • in case a revoked or expired certificate is selected, give a better error

For the latter I propose "Error: The selected certificate is not valid"

aheinecke triaged this task as Normal priority.Jul 11 2024, 3:04 PM

Yes sounds good to me. Since we have the ability even in the full list view to filter for "only with secret" certificates. Regarding gpgme_set_sender. Only GpgOL uses this, we only really need it for TOFU I think. To leave that discussion / point out of this issue I created T7199: KMail / Kleopatra: Use gpgme_set_sender to add a hint which UserID was selected for a signature

ebo renamed this task from Draft: Kleopatra: Reduce certificates offered in Sign/Enyrypt dialog to Kleopatra: Reduce certificates offered in Sign/Enyrypt dialog.Jul 11 2024, 3:46 PM
ebo updated the task description. (Show Details)
ebo added a project: vsd33.Jul 15 2024, 10:05 AM
TobiasFella added a commit: rLIBKLEOda7da8f8039d: Fix key list filtering for models based on user ids.Jul 16 2024, 1:18 PM
TobiasFella added a commit: rLIBKLEO7f33d297552a: Fix key list filtering for models based on user ids.Jul 17 2024, 2:20 PM
TobiasFella added a commit: rLIBKLEO440a42ad87c8: Add certificate selection button to UserIDSelectionCombo.Jul 18 2024, 10:47 AM
TobiasFella added a commit: rKLEOPATRA9a09370cd935: Show better error messages for invalid certificates in certificatelineedit.Jul 18 2024, 11:21 AM
TobiasFella added a commit: rKLEOPATRA17d6115e6b5c: Improve user id selection in signencryptwidget.
TobiasFella moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Jul 18 2024, 11:35 AM
TobiasFella added a commit: rLIBKLEO85dabc8ccc28: Add certificate selection button to UserIDSelectionCombo.Jul 18 2024, 2:22 PM
TobiasFella added a commit: rKLEOPATRA9119e31de13a: Improve user id selection in signencryptwidget.Jul 18 2024, 2:25 PM
TobiasFella added a commit: rKLEOPATRAda4b4848bee7: Improve user id selection in signencryptwidget.Jul 18 2024, 2:42 PM
TobiasFella added a commit: rLIBKLEOc9fe15ff270e: Add certificate selection button to UserIDSelectionCombo.Jul 18 2024, 4:19 PM
TobiasFella added a commit: rKLEOPATRA02b04ca391af: Improve user id selection in signencryptwidget.
TobiasFella added a commit: rLIBKLEO4619a49016c0: Add certificate selection button to UserIDSelectionCombo.Jul 18 2024, 4:23 PM
TobiasFella added a commit: rLIBKLEOede846d7609e: Add certificate selection button to UserIDSelectionCombo.Jul 19 2024, 12:40 PM
TobiasFella added a commit: rKLEOPATRA91856657a925: Show better error messages for invalid certificates in certificatelineedit.Jul 19 2024, 12:51 PM
TobiasFella added a commit: rKLEOPATRA678e29059e6b: Improve user id selection in signencryptwidget.
TobiasFella changed the task status from Open to Testing.Aug 1 2024, 10:23 AM
ikloecker added a commit: rLIBKLEO41836c1ce76a: Fix key list filtering for models based on user ids.Aug 7 2024, 5:33 PM
ikloecker added a commit: rLIBKLEObbe1eb281d90: Add certificate selection button to UserIDSelectionCombo.
ikloecker added a commit: rKLEOPATRAd95fd12ef65e: Improve user id selection in signencryptwidget.Aug 7 2024, 5:37 PM
ikloecker added a commit: rKLEOPATRAf38523c0ffaa: Show better error messages for invalid certificates in certificatelineedit.
ikloecker moved this task from Backlog to WiP on the vsd33 board.Aug 8 2024, 10:08 AM

Backported for VSD 3.3

ikloecker assigned this task to TobiasFella.Aug 8 2024, 10:29 AM