Page MenuHome GnuPG

Kleopatra: Add explanation for message "no secret key"
Testing, HighPublic

Description

When one tries to decrypt a file which is not encrypted to any of the keys in their keyring, they get the message:

"Decryption failed: No secret key" and on the next line e.t. "One unknown recipient" or "Recipient: Some UID":

The Audit log shows:

gpg: verschlüsselt mit RSA Schlüssel, ID CD573B2B0736643A
gpg: Entschlüsselung fehlgeschlagen: Kein geheimer Schlüssel

Edited on 2024-09-24:

As some users seem not to understand this, we want to add some text in a new line on the condition that the error message is "No secret key":

"This means that the data you want to decrypt was not encrypted to any of your secret keys."

And then be a bit more verbose on the recipient line, too.
Replace "Unknown recipient" with "The data is encrypted to: unknown recipient." or "The data is encrypted to an unknown recipient."
Choose the possibility here which works best in all cases/is easier to implement.
(I'm not sure what other possibilities have to be kept in mind here, I assume the "unknown recipient" is a variable and there are various other possible values.)

Event Timeline

werner added a subscriber: werner.

I'd write: "This means that the data you want to decrypt was not encrypted to any of your private keys."

ebo renamed this task from Draft: Kleopatra: Add explanation for message "no secret key" to Kleopatra: Add explanation for message "no secret key".Sep 24 2024, 9:00 AM
ebo updated the task description. (Show Details)
ebo added a project: vsd33.

Okay, okay: s/private key/secret key/

ebo updated the task description. (Show Details)
TobiasFella set External Link to https://invent.kde.org/pim/kleopatra/-/merge_requests/283.Sep 25 2024, 11:19 AM
TobiasFella moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.

Ingo suggested additional changes and due to the helpful screenshot in the MR I've got some, too.

  1. As we already have a condition for the gpg-error "No secret key.", we could change "Decryption failed: No secret key." to "Decryption not possible: No secret key."
  1. Change "This means that the data you want to decrypt was not encrypted to any of your secret keys." to: "This means that the data you want to decrypt was not encrypted to any of the locally available secret keys." This would cover the user story of a deleted or "not yet copied to new device" key.
  1. Get rid of the italics (I think it is only for unknown recipients, known ones have standard font).
  1. Spacing. There should be another newline before the "The data is encrypted to an unknown recipient." line. But we could remove the empty line after "No secret key." as the following sentence explains it, so no new paragraph is needed there.

For the "unknown recipients" there was the good suggestion to not show that line at all. As it has no additional information which is not included in the new explanation. I like that, but only in the case that there are no known recipients at all, as it would be confusing to list only e.g. one known recipients and then not mention the 5 unkown ones, IMHO.

Some screenshots for the current look, so that we all have a picture of what is the starting point:



TobiasFella changed the task status from Open to Testing.Oct 1 2024, 10:51 AM

Backported for VSD 3.3

ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Thu, Oct 17, 9:28 AM