Page MenuHome GnuPG
Create Task
Maniphest T7216

Kleopatra: Integrate "disabled" feature from gpg
Testing, NormalPublic
Actions

Description

(Task originally authored by alexk, see https://dev.gnupg.org/T7089#188791 for reason to recreate it)

There is a long available feature to "disable" keys in GnuPG. This deactivates the local certificate for regular use. Kleopatra should respect this as well:

  • In certificate view show "disabled" (de: "inaktiv") in the "User-IDs" column.
  • In certificate view add "disable" or "enable" in the context menu.
  • In "Details" view add "disabled" in bold next to "Valid until" in case it is disabled.
  • When searching for certificates in "Encrypt for" fields, don't show disabled keys in the drop-down menu.
  • A (context) menu entry to "disable certificate" (or "enable certificate").

And either:

  • make a filter showing "disabled certificates".
  • don't show disabled certificates in any of the others filters.

or

  • make a toggle to show/hide "disabled certificates" everywhere

Info: The "disabled" status is stored in the trust-DB. It can be changed with "gpg -edit-key" and "disable".

Related Objects
Search...

Event Timeline

ebo triaged this task as Normal priority.Jul 24 2024, 8:52 AM
ebo created this task.
ebo added a subtask: T7089: Kleopatra: show "disabled" status.
ebo mentioned this in T7089: Kleopatra: show "disabled" status.Jul 24 2024, 9:50 AM
ebo updated the task description. (Show Details)Jul 24 2024, 10:11 AM
aheinecke closed subtask T7217: Kleopatra: Create an appearance filter for the "disabled" status as Wontfix.Jul 24 2024, 11:04 AM
aheinecke raised the priority of this task from Normal to Needs Triage.Jul 24 2024, 11:07 AM
aheinecke added a subscriber: aheinecke.

Kleopatra of course respects the disabled status because GnuPG does so. But what is the usecase for further extending this?

Before I understande the use case I cannot Triage this. For me disabled is only ever useful in case you have auto imports and for some reason whatsoever do not want or cannot locally sign a certificate. In that case you have two untrusted certificates and can disable one of them to ensure that the other untrusted certificate is used.
This is rare.

But I am not ruling out that there is a Use-Case I do not yet see or understand.

werner triaged this task as Normal priority.Jul 25 2024, 10:52 AM
werner added a project: Feature Request.
werner added a subscriber: werner.

BTW, gpgme does not yet use --quick-set-ownertrust which can also be used to set the disabled flag. We should replace the interactor by the new command. See rG21f7ad563d for the new command.

ebo reopened subtask T7217: Kleopatra: Create an appearance filter for the "disabled" status as Open.Jul 31 2024, 4:04 PM
TobiasFella changed the status of subtask T7217: Kleopatra: Create an appearance filter for the "disabled" status from Open to Testing.Aug 5 2024, 11:40 AM
TobiasFella changed the status of subtask T7234: Kleopatra: add disable/enable certificate in context menu from Open to Testing.Aug 12 2024, 1:51 PM
ikloecker changed the task status from Open to Testing.Wed, Sep 18, 2:51 PM
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.

Setting to Testing and WiP to reflect status of the subtasks and to get it removed from the Open Tasks list.

TobiasFella changed the status of subtask T7296: Kleopatra: Change filters "All certificates" etc. so that they do not include disabled ones from Open to Testing.Thu, Sep 26, 11:16 AM