Page MenuHome GnuPG

Kleopatra: Integrate "disabled" feature from gpg
Testing, NormalPublic

Description

(Task originally authored by alexk, see https://dev.gnupg.org/T7089#188791 for reason to recreate it)

There is a long available feature to "disable" keys in GnuPG. This deactivates the local certificate for regular use. Kleopatra should respect this as well:

  • In certificate view show "disabled" (de: "inaktiv") in the "User-IDs" column.
  • In certificate view add "disable" or "enable" in the context menu.
  • In "Details" view add "disabled" in bold next to "Valid until" in case it is disabled.
  • When searching for certificates in "Encrypt for" fields, don't show disabled keys in the drop-down menu.
  • A (context) menu entry to "disable certificate" (or "enable certificate").

And either:

  • make a filter showing "disabled certificates".
  • don't show disabled certificates in any of the others filters.

or

  • make a toggle to show/hide "disabled certificates" everywhere

Info: The "disabled" status is stored in the trust-DB. It can be changed with "gpg -edit-key" and "disable".

Event Timeline

ebo triaged this task as Normal priority.Jul 24 2024, 8:52 AM
ebo created this task.
aheinecke raised the priority of this task from Normal to Needs Triage.Jul 24 2024, 11:07 AM
aheinecke added a subscriber: aheinecke.

Kleopatra of course respects the disabled status because GnuPG does so. But what is the usecase for further extending this?

Before I understande the use case I cannot Triage this. For me disabled is only ever useful in case you have auto imports and for some reason whatsoever do not want or cannot locally sign a certificate. In that case you have two untrusted certificates and can disable one of them to ensure that the other untrusted certificate is used.
This is rare.

But I am not ruling out that there is a Use-Case I do not yet see or understand.

werner added a project: Feature Request.
werner added a subscriber: werner.

BTW, gpgme does not yet use --quick-set-ownertrust which can also be used to set the disabled flag. We should replace the interactor by the new command. See rG21f7ad563d for the new command.

ikloecker changed the task status from Open to Testing.Sep 18 2024, 2:51 PM
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.

Setting to Testing and WiP to reflect status of the subtasks and to get it removed from the Open Tasks list.