Page MenuHome GnuPG

Kleopatra: Look up missing OpenPGP certificates for card keys
Testing, NormalPublic

Description

Kleopatra should automatically look up missing OpenPGP certificates for card keys.

We do this already for PKCS#15 cards. The lookup is done unconditionally if an LDAP keyserver is configured. The lookup can be enabled for all types of keyservers.

The same logic should be applied for OpenPGP cards.

Event Timeline

werner triaged this task as Normal priority.Sep 2 2024, 5:05 PM
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Wed, Sep 4, 2:49 PM
ikloecker changed the task status from Open to Testing.Thu, Sep 5, 5:15 PM

Done.

Additionally to performing the lookup also for OpenPGP cards the status messages that are emitted during the lookup are now shown in the status bar instead of with a label above the key list.

How to test:

  • Enable the lookup either by setting an LDAP server as OpenPGP key server (i.e. something starting with "ldap") or add the lines
[Smartcard]
AlwaysSearchCardOnKeyserver=true

to your kleopatrarc.

  • Create a new card key for the Signature Key card slot.
  • Close the Smart Card window.
  • Open the Smart Card window.
  • You should see something like "No matching certificate was found in directory service." in the status bar when the OpenPGP card tab is shown.

If you can somehow put a certificate created for OpenPGP card keys on a test LDAP server then you can also test the happy path (i.e. the actual retrieval of the certificate) after you have deleted the public key.