Page MenuHome GnuPG
Create Task
Maniphest T7272

Kleopatra: Look up missing OpenPGP certificates for card keys
Testing, NormalPublic
Actions

Description

Kleopatra should automatically look up missing OpenPGP certificates for card keys.

We do this already for PKCS#15 cards. The lookup is done unconditionally if an LDAP keyserver is configured. The lookup can be enabled for all types of keyservers.

The same logic should be applied for OpenPGP cards.

Revisions and Commits

rKLEOPATRA Kleopatra
rKLEOPATRAc9fd513f412a Show status messages for certificate retrieval in status bar
rKLEOPATRA0e5647ca6ef3 Use StatusMessage class for the smart card window
rKLEOPATRAd96189c9343b Add a simple class for managing status messages with context
rKLEOPATRAdab96467a147 Look up OpenPGP certificate for card keys also for OpenPGP cards

Event Timeline

ikloecker created this task.Aug 26 2024, 9:32 AM
werner added a subscriber: werner.Aug 26 2024, 10:19 AM
werner triaged this task as Normal priority.Sep 2 2024, 5:05 PM
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Sep 4 2024, 2:49 PM
ikloecker added a commit: rKLEOPATRAdab96467a147: Look up OpenPGP certificate for card keys also for OpenPGP cards.Sep 5 2024, 5:01 PM
ikloecker added a commit: rKLEOPATRAd96189c9343b: Add a simple class for managing status messages with context.
ikloecker added a commit: rKLEOPATRA0e5647ca6ef3: Use StatusMessage class for the smart card window.
ikloecker added a commit: rKLEOPATRAc9fd513f412a: Show status messages for certificate retrieval in status bar.
ikloecker changed the task status from Open to Testing.Sep 5 2024, 5:15 PM

Done.

Additionally to performing the lookup also for OpenPGP cards the status messages that are emitted during the lookup are now shown in the status bar instead of with a label above the key list.

How to test:

  • Enable the lookup either by setting an LDAP server as OpenPGP key server (i.e. something starting with "ldap") or add the lines
[Smartcard]
AlwaysSearchCardOnKeyserver=true

to your kleopatrarc.

  • Create a new card key for the Signature Key card slot.
  • Close the Smart Card window.
  • Open the Smart Card window.
  • You should see something like "No matching certificate was found in directory service." in the status bar when the OpenPGP card tab is shown.

If you can somehow put a certificate created for OpenPGP card keys on a test LDAP server then you can also test the happy path (i.e. the actual retrieval of the certificate) after you have deleted the public key.