Page MenuHome GnuPG

Kleopatra: Integrate "disabled" feature from gpg
Open, NormalPublic

Description

(Task originally authored by alexk, see https://dev.gnupg.org/T7089#188791 for reason to recreate it)

There is a long available feature to "disable" keys in GnuPG. This deactivates the local certificate for regular use. Kleopatra should respect this as well:

  • In certificate view show "disabled" (de: "inaktiv") in the "User-IDs" column.
  • In certificate view add "disable" or "enable" in the context menu.
  • In "Details" view add "disabled" in bold next to "Valid until" in case it is disabled.
  • When searching for certificates in "Encrypt for" fields, don't show disabled keys in the drop-down menu.
  • A (context) menu entry to "disable certificate" (or "enable certificate").

And either:

  • make a filter showing "disabled certificates".
  • don't show disabled certificates in any of the others filters.

or

  • make a toggle to show/hide "disabled certificates" everywhere

Info: The "disabled" status is stored in the trust-DB. It can be changed with "gpg -edit-key" and "disable".

Event Timeline

ebo triaged this task as Normal priority.Jul 24 2024, 8:52 AM
ebo created this task.
aheinecke raised the priority of this task from Normal to Needs Triage.Jul 24 2024, 11:07 AM
aheinecke added a subscriber: aheinecke.

Kleopatra of course respects the disabled status because GnuPG does so. But what is the usecase for further extending this?

Before I understande the use case I cannot Triage this. For me disabled is only ever useful in case you have auto imports and for some reason whatsoever do not want or cannot locally sign a certificate. In that case you have two untrusted certificates and can disable one of them to ensure that the other untrusted certificate is used.
This is rare.

But I am not ruling out that there is a Use-Case I do not yet see or understand.

werner added a project: Feature Request.
werner added a subscriber: werner.

BTW, gpgme does not yet use --quick-set-ownertrust which can also be used to set the disabled flag. We should replace the interactor by the new command. See rG21f7ad563d for the new command.