Page MenuHome GnuPG
Create Task
Maniphest T7578

gpgpass: test feedback collection
Open, Needs TriagePublic
Actions

Description

Tested: linux / en / 20.03.25

Setup

Select My Certificate

  • ui/enhancement/minor Remove Option No certificate? Choosing it results in an error anyway. Maybe needed, if no certificates are available?
  • ui/feature Tooltips with selectable text (e.g. to copy the fingerprint for bug reports) Not feasible

Input Path

  • bug Adding an existing store will overwrite the root .gpg-id file regardless of the differences (but not reencrypt). Maybe add a warning dialog with an explanation, a diff of the ids and resolution options (e.g. keep, overwrite, overwrite and reencrypt)
  • config/bug Three slahes at the beginning autocompletes working directory
  • config/minor Maybe normalize generated path: /home/user/////////kde/.password-store-test4/////// results in Path[$e]=$HOME/////////kde/.password-store-test4///////. This path will be visible for the user e.g. on creation of new folders and accidentally using // could be problematic in other programs/contexts.

Dialog Generate a new OpenPGP certificate

  • config/minor resulting .gpg-id has no newline, which differs from pass init. Might result in copy & paste errors, if the gpg id is copied from terminal (e.g. 78982DB8B11C0B15#).
  • bug/minor Leaving the wizard open for some (very long) time, another window with the same wizard will appear - maybe a timeout?
  • ui/minor Input fields slightly cut, to reproduce
    1. open Section Advanced Options -> Field Name/Email cut on the right
    2. check Checkbox Protect -> Field Name/Email cut on the left
  • ui/minor Dialog window keeps height after expansion and collapse of the Section Advanced options
  • feature Creation of certs possible, but not the deletion?
  • comprehesion The (between X and Y) dates in the description of Valid until can be misleading. It took a while to understand, that it's not about the resulting valid period, but rather the min/max of the until value. Maybe choose between, or move the description into the datetime widget or just remove it completely? The datetime widget prevents the choice anyway, which should be intuitive.
  • comprehesion/minor Tooltip Text unrecoverable in Checkbox Protect: Understandable for the users? Maybe expand to a sentence, that the passphrase needs to be kept save and secrets are lost without it.
  • comprehesion/enhancement Mark the recommended algorithm in Section Advanced options? e.g. curve25519 (recommended) as Label? If users are playing around with it, they might end up generating keys with deviating algorithm.
  • comprehesion/minor Dialog description name and/or email: Do users understand the implications of choosing both/between?

Main

  • keyboard/bug: Using shortcut Ctrl-Q triggers a warning, that this sequence is ambiguous and should be resolved in the Shortcut Settings. In these Settings I see, that this Shortcut is only mapped to gpgpass/Quit. Might be my config?
  • note Currently multiple gpgpass instances are allowed, which probably could lead to inconsistencies. Maybe restrict to one per configuration file?

Menus

  • ui/enhancement/minor Better choice of icons possible? Mix of colored / blue / black without semantical meaning. edit has the same icon as configure. Configuration icon not optimal in my opinion, at least for the toolbar (the bottom line matches visually with the Shortcut underscore and looks a bit broken in my opinion).
  • {note} Handbuch and Was ist das?: disfunctional, probably placeholder?
  • {note} Probleme oder Wünsche berichten: reports with user account only?

Search

  • bug RegEx special chars should better be handled in search. stdout:
QString(View)::contains(): called on an invalid QRegularExpression object (pattern is '*')
QString(View)::contains(): called on an invalid QRegularExpression object (pattern is '?')
QString(View)::contains(): called on an invalid QRegularExpression object (pattern is '\')
  • bug/minor Unescaped regex special chars (e.g. wertpasdg.-) as first search term char (1 char only?) will be interpreted as regex, which might get unexpected results.
  • ui/bug Folders in results closed by default, if previous search result found no results
  • ui/security/minor All Folders briefly open on search, which might leak information (over-the-shoulder)

Password Tree

Folders

  • ui/bug .password-store folder is shown. To recreate
    1. Enter some chars in Input Search and press Enter
    2. Remove all chars and wait
  • ui/idea If the password store root folder would be included in the tree, it would be possible to show all configured stores simultanously (e.g. with an additional name attribute in the store configuration). On the other hand, a conscious decision to switch the profile might be preferable to prevent user mistakes and over-the-shoulder information leaks.

Navigation

  • ui/bug Entry is not viewed after de- and reselect. clipboard cleared displayed on bottom. The same happens, when the content panel is automatically closed (if enabled in settings). To reproduce:
    1. Select an entry (shown)
    2. Unselect the entry (via click on the item)
    3. Select the entry again
  • ui/enhancement Disable deselection of the currently active entry.
    • It feels unexpected and I can't think of any usecase. This could break toolbar Add (no way to add in root folder, if folder cannot be deselected).
    • In edit mode, the changes are lost on deselection.
  • ui/enhancement Accessing the edit view feels uncomfortable. I know, it's in the toolbar, but choosing the right button from global context needs attention. Suggestions (preferably all of them):
    • Edit entry on doubleclick
    • Add edit button in the tree item row (e.g. floating right)
    • Add edit button on Show entry view (e.g. on title row left of copy button)
  • ui/enhancement Deep folder structures in searches might be confusing
    • contents of matched folders are included in the search, which makes sense
    • parents of matched folders might be unneccessary, maybe it's worth a try to omit them, if possible
    • maybe highlight matched folders/entries
    • maybe close all folders in matched folders
  • keyboard/enhancement Add Copy/Paste Shortcuts ctrl + c/v
  • keyboard/enhancement After opening an entry, keyboard up/down navigates the tree. Maybe display the selected entry then (e.g. after timeout with reset on further keypresses)
  • ui/feature Allow multiselect (e.g. to delete multiple items at once)
  • ui/feature/minor Add copy entry action. In my password manager I use this often to ensure the same name "syntax" optimized for search.
  • ui/feature/minor Display/Copy path to password file, e.g. in Context Menu

Moving

  • ui/bug Moving an item over another triggers the overwrite dialog. Old item will be kept, the new item will be moved to $(pwd)/.gpg Maybe just deactivate overwriting as it's not much useful?
  • ui/bug/minor Moving an item visually suggests, that a custom order is possible

Renaming

  • config/bug/minor Folder/Entry names might conflict (e.g. entry name, folder name.gpg). Not very likely, but maybe should be better handled.
    • If an entry name does exist, adding a new folder name.gpg won't do anything.
    • New folders name.gpg will result in filesystem folder name.gpg, but are shown as name in the tree.
    • Given a (filesystem) folder name.gpg, adding a new entry name will result in an error Filename refers to a directory (which is good).
  • ui/bug Renaming an entry entry to an already existing folder folder will result in unexpected behaviour: the folder is kept, the entry is moved into that folder, the tree might or might not be updated. Given a folder name and an entry name, the same happens, if the entry is renamed without changing the name (rename -> just click OK).
  • ui/enhancement Renaming an entry to an already existing entry does not work (which makes sense) but should probably trigger a warning/error.

Entry View

New Entry

  • bug Creating a new entry with the name of an existing entry will override the existing entry without warning.
  • bug / in entry names are interpreted as separator
    • / at start will be interpreted as absolute path, e.g. /path/to/other/.password-store/entryname will work, although the dialog explicitly states, where the file will be created
    • / in the middle
      • non exisiting paths display a user error: Could not read encryption key to use, .gpg-id file missing or invalid.
      • notapath/../works works
    • ~ is not expanded
    • If this path behaviour is intended or kept
      • Display an error after path confirmation instead of checking on save only
      • Only paths within the configured store path should be allowed
  • bug names starting with .
    • resulting files are hidden on linux, what might be a source of user errors, if files are copied manually
    • entries are displayed in the tree after creation, but hidden after restart.
    • folders are hidden in the tree after creation
    • .gpg-id is a valid folder name, which conflicts with the pass file. In the userlist, no users are selected. save does not work: Unable to open "/home/kaleidos/kde/.password-store/override/.gpg-id"
    • .gpg-id.sig should also be prevented, as it conflicts with the detached signature created when using PASSWORD_STORE_SIGNING_KEY
    • .git should better also be prevented
  • keyboard/bug Enter will close the form without saving. To reproduce
    1. Add new entry
    2. Enter password
    3. Press Enter
  • keyboard/enhancement On a new entry, the Input Password should have focus

Show Entry

  • ui/security Don't leak the number of chars in the password field, which heavily reduces the search space in brute force attacks
  • ui/idea Does the show entry view add any value compared to the edit view? The buttons for copy to clipboard and show qr code could also be added on the edit view. Having only one view would simplify the interface quite a bit.
  • security/feature Protect more than password? Other fields might contain sensitive data, too. Probably would need a setting (list of keys).
  • ui/enhancement Long words/urls in description expand the view beyond viewport. Buttons for qrcode/copy are out of reach, probably wrap lines. Setting Ignore Line Wrapping suggests, that it should be set, but does not change behaviour.
  • ui/enhancement/minor Long keys expand the view beyond viewport. Maybe truncate with ... prefix and add a Tooltip with full content.
  • ui/bug Clicking on fields centers content both vertically/horizontally. Centering happens on text selection, too (e.g. to copy & paste). Should be deactivated.
  • ui/enhancement For multiple key/value pairs the buttons for qrcode/copy are hard to match. Maybe add e.g.
    • separator lines
    • alternating odd/even backgrounds
    • highlight of row on mouseover
  • ui/bug/minor Problems with QR-Code for long passwords/values: QR code probably gets too small at around 1000 chars and is empty at about 2954 chars
  • ui/security/minor Binary data in entries is displayed/interpreted (file might be added/changed by someone else)
    • does not break, but some control chars seem to work (e.g. rtl). many errors on stdout: `qt.text.font.db: OpenType support missing for "[...]", script 66´
    • qr code works, but adds new contexts (e.g. qr code reader on smartphones), in which the data might be interpreted

Edit Entry

  • ui/bug deleting the search term during edit closes the edit view (without saving)

Templates (auto)

  • config/enhancement Maybe split templated key/values on first : (with space) instead of :, e.g. for key:with:colons: value
  • config/enhancement lines with empty values are deleted on save, probably as intended. Might be problematic for existing stores with non-conforming entries (e.g. managed via pass). Suggestion: Visually mark fields to be deleted in edit form.
  • config/enhancement/minor Maybe handle empty key, e.g. :empty

Templates (fixed)

  • config/minor Login with capital L in default template (like capital Password, URL)

Settings

  • ui/enhancement/minor Change of Use template and Show all fields templated could rerender entry view. Probably only on view entry, not on edit entry.