Tested: linux / en / 20.03.25
Setup
- ui/bug/minor Entering a Name in store configuration (via Configure GPGPass) during setup crashes the application:
- ui/enhancement We should also look into improving this page in general for the case where there's no password store yet
Select My Certificate
- ui/enhancement/minor Remove Option No certificate? Choosing it results in an error anyway. Maybe needed, if no certificates are available?
- ui/bug Generate certificate not selectable anymore without other certs available
- Maybe add a button instead of directly opening the cert gen dialog? Or would it be possible to make the former "No cert" option unselectable?
- ui/feature
Tooltips with selectable text (e.g. to copy the fingerprint for bug reports)Not feasible - ui/bug First certificate should be usable (unusable don't make sense, entries cannot be saved afterwards). Not disabled/untrusted. To reproduce, open and choose
- alice.disabled.1
- disabled keys are still selectable
- alice.trust*
- alice.disabled.1
- ui/bug/minor choosing Generate Certificate displays an error in the background
- ui/enhancement/minor maybe also show expired certs (users might wonder, what happened to their cert)
- comprehension/minor Tooltip text could be more precise, e.g.:
- Revuserids: 5 userids not certified -> 5 userids revoked / 5 userids certified (the other ones)
- TrustX: 1 userid not certified: -> all userids not certified / no userid certified / key not trusted
- As "certified" means "valid", why not just use "valid"?
Input Path
- bug Adding an existing store will overwrite the root .gpg-id file regardless of the differences (but not reencrypt). Maybe add a warning dialog with an explanation, a diff of the ids and resolution options (e.g. keep, overwrite, overwrite and reencrypt). Or probably better just replace the cert selection field with some user feedback, that a store is detected (has .gpg-id) and just import it without changes.
- app/enhancement Adding existing stores might be a valid usecase (e.g. reinstall from backup). An option to just import without overwriting the gpg-id file would be nice.
- config/bug Three slahes at the beginning autocompletes working directory
- config/minor Maybe normalize generated path: /home/user/////////kde/.password-store-test4/////// results in Path[$e]=$HOME/////////kde/.password-store-test4///////. This path will be visible for the user e.g. on creation of new folders and accidentally using // could be problematic in other programs/contexts.
Dialog Generate a new OpenPGP certificate
- config/minor Resulting .gpg-id has no newline, which differs from pass init. Might result in copy & paste errors, if the gpg id is copied from terminal (e.g. 78982DB8B11C0B15#).
- still no newline, e.g. in add an entry, change cert, save, check .gpg-id
- bug/minor Leaving the wizard open for some (very long) time, another window with the same wizard will appear - maybe a timeout?
- feature Creation of certs possible, but not the deletion?
- comprehesion The (between X and Y) dates in the description of Valid until can be misleading. It took a while to understand, that it's not about the resulting valid period, but rather the min/max of the until value. 2106 also looks very arbitrary. Maybe choose between, or move the description into the datetime widget or just remove it completely? The datetime widget prevents the choice anyway, which should be intuitive.
- comprehesion/minor Tooltip Text unrecoverable in Checkbox Protect: Understandable for the users? Maybe expand to a sentence, that the passphrase needs to be kept save and secrets are lost without it.
- comprehesion/enhancement Mark the recommended algorithm in Section Advanced options? e.g. curve25519 (recommended) as Label? If users are playing around with it, they might end up generating keys with deviating algorithm.
- comprehesion/minor Dialog description name and/or email: Do users understand the implications of choosing both/between?
Main
- keyboard/bug Using shortcut Ctrl-Q triggers a warning, that this sequence is ambiguous and should be resolved in the Shortcut Settings. In these Settings I see, that this Shortcut is only mapped to gpgpass/Quit. Might be my config?
- note Currently multiple gpgpass instances are allowed, which probably could lead to inconsistencies. Maybe restrict to one per configuration file?
- app/enhancement Use gpg for randomness
- ui Show VS conform
- app/feature now no multiple instances are allowed, one per config (.gpgpassrc path) would be better
- users might want to separate passwords process wise, and/or use a different gnupghome
- multiuser live tests don't work anymore (still can be somehow tested with manual pass operations though)
- app/feature Sign .gpg-id file (env var PASSWORD_STORE_SIGNING_KEY) Check signature on show/edit entries, warn on mismatch.
- app/feature Support TOTP extension
- app/feature Support yubico / FIDO TOTP
- app/feature Support for tray icon password and TOTP picker like plasma-pass (von meik)
- app/bug/minor What's this shortcut should also be removed (after deletion from menu).
Menus
- bug Über GPGPass and SDPSX-License-Identifier in gpgpassui.rc links GPL2, README references GPL3
- ui/enhancement/minor Better choice of icons possible? Mix of colored / blue / black without semantical meaning. edit has the same icon as configure. Configuration icon not optimal in my opinion, at least for the toolbar (the bottom line matches visually with the Shortcut underscore and looks a bit broken in my opinion).
- ui/enhancement/minor Users has no icon.
- language en_US chosen, but many German translations present, e.g.
- GPGPass einrichten ...
- Einstellungen
- Hilfe
- etc.
- note Handbuch
and Was ist das?: disfunctional, probably placeholder? - note Probleme oder Wünsche berichten: reports with user account only?
Search
- ui/bug Searches have different results, e.g. for current testdata
- start gpgpass
- repeated search
- search for entry
- delete search term and wait for tree to rerender
- ui/enhancement Deep folder structures in searches might be confusing
- contents of matched folders are included in the search, which makes sense
- parents of matched folders might be unneccessary, maybe it's worth a try to omit them, if possible
- open matched folders with many entries will also possibly push the next matches out of view
- maybe highlight matched substring in folders/entries
- maybe close matched (sub-)folders
- bug RegEx special chars should better be handled in search. stdout:
QString(View)::contains(): called on an invalid QRegularExpression object (pattern is '*') QString(View)::contains(): called on an invalid QRegularExpression object (pattern is '?') QString(View)::contains(): called on an invalid QRegularExpression object (pattern is '\')
- bug/minor Unescaped regex special chars (e.g. wertpasdg.-) as first search term char (1 char only?) will be interpreted as regex, which might get unexpected results.
- ui/bug Folders in results closed by default, if previous search result found no results. to reproduce with current testdata,
- search for empty -> folder is open
- search for asdf -> no passwords found
- search for empty -> all folders closed
- ui/security/minor All Folders briefly open on search, which might leak information (over-the-shoulder)
- well, now all folders are open by default :P
Password Tree
Folders
- ui/bug .password-store folder is shown. To recreate
- Enter some chars in Input Search and press Enter
- Remove all chars and wait
- ui/idea
If the password store root folder would be included in the tree, it would be possible to show all configured stores simultanously (e.g. with an additional name attribute in the store configuration). On the other hand, a conscious decision to switch the profile might be preferable to prevent user mistakes and over-the-shoulder information leaks.already done - ui/enhancement/minor If the password store is changed on filesystem, the tree might be updated only partially. Looks like this happens only, if the root folder was deleted and recreated, so this is probably ok.
- ui/bug If the first of multiple (non-empty) stores is empty, the "No Passwords Found" overlay is shown. Maybe just deactivate this overlay for multistores, as it is only useful as first step aid.
- bug File monitoring (via inotify) cannot handle reentry/recursion. To reproduce: in any store, add a symlink ln -s . recursion (commented out in testdata right now) and watch the CPU: pass is handling this:
- security/enhancement Entries/Folders outside of the store root (via symlink) should better be ignored (although passhas no such a restriction). Testdata example is /tmp/gpgpass , but could also be /etc or some other folder, which should better not be touched.
- If this behaviour should be kept, File monitoring should add those files outside of store root, too (currently adding an entry in won't show up in
- ui/enhancement Sort entries alphabetically but case insensitive
- ui/bug Own .gpg-ids are applied to symlinked folders. Those folders might have none or a different .gpg-id file. Maybe disable symlinks in general, but this would not be pass compliant. Or check symlinks for real parent .gpg-ids.
- ui/enhancement/minor Beautify tooltip with userlist
- Remove default html style bullet top/left margin
- Maybe more width, so common userid sizes fit into it
- Maybe remove details (certified/created)
Navigation
- ui/bug Entry is not viewed after de- and reselect. clipboard cleared displayed on bottom. The same happens, when the content panel is automatically closed (if enabled in settings). To reproduce:
- Select an entry (shown)
- Unselect the entry (via click on the item)
- Select the entry again
- ui/enhancement Maybe disable deselection of the currently active entry, if possible. Probably not easily possible, as currently this would it make impossible in singlestores to add a root entry.
- ui/bug In edit mode, the changes are lost, if an item is deselected.
- ui/enhancement Accessing the edit view feels uncomfortable. I know, it's in the toolbar, but choosing the right button from global context needs attention. Suggestions (preferably all of them):
- Edit entry on doubleclick
- Add edit button in the tree item row (e.g. floating right)
- Add edit button on Show entry view (e.g. on title row left of copy button)
- keyboard/bug The edit shortcut does not work in edit entry mode, which is unexpected. To reproduce:
- set edit shortcut
- navigate (arrows) to some entry and press the edit shortcut -> edit view
- navigate (arrows) to another entry and press the edit shortcut again -> show view
- keyboard/enhancement Maybe add edit shortcut preset: ctrl + enter?
- keyboard/enhancement Add "Copy Password to Clipboard" Shortcut ctrl + c
- keyboard/enhancement After opening an entry, keyboard up/down navigates the tree. Maybe display the selected entry then (e.g. after timeout with reset on further keypresses)
- ui/feature Allow multiselect (e.g. to delete multiple items at once)
- ui/feature/minor Add copy entry action. In my password manager I use this often to ensure the same name "syntax" optimized for search.
- ui/feature/minor Display/Copy path to password file, e.g. in Context Menu
- keyboard/enhancement On edit shortcut, the focus should switch to the entry form, right now one has to tab through all toolbar items to reach it.
- keyboard/enhancement Newly created folders should have focus to create entries within afterwards
- ui/bug The open tree behaviour has several issues:
- Adding an entry/folder resets the tree (to reproduce: collapse some folders and all stores, add an entry, all stores open again). The tree state should be kept
- Happens also via inotify, if others add an entry (to reproduce: open , close all stores, on any store execute echo "password" | pass insert -ef test)
- Searching resets the tree. If possible, save and restore the former state on ESC
- Suggestion for open folders:
- on start (both single/multistore): closed (maybe 1st level open, if < ~5 items)
- on search: one level of matches open
- custom state should be kept, if possible. on abort of search, the former state could be restored + open path to selected entry
- ui/enhancement/minor Add open/close all subfolders (1 level) in context menu
- keyboard/bug Keyboard edit/delete does not work on first navigation (to reproduce: start , tab to tree, move with arrows to first entry, try delete/edit shortcut)
- ui/enhancement/minor Stores could be visually slightly different (e.g. bold, icon, background)
Moving
- ui/bug Moving an item over another triggers the overwrite dialog. Old item will be kept, the new item will be moved to $(pwd)/.gpg Maybe just deactivate overwriting as it's not much useful?
- ui/bug/minor Moving an item visually suggests, that a custom order is possible
Renaming
- config/bug/minor Folder/Entry names might conflict (e.g. entry name, folder name.gpg). Not very likely, but maybe should be better handled.
- If an entry name does exist, adding a new folder name.gpg won't do anything.
- New folders name.gpg will result in filesystem folder name.gpg, but are shown as name in the tree.
- Given a (filesystem) folder name.gpg, adding a new entry name will result in an error Filename refers to a directory (which is good).
- ui/bug Renaming an entry entry to an already existing folder folder will result in unexpected behaviour: the folder is kept, the entry is moved into that folder, the tree might or might not be updated. Given a folder name and an entry name, the same happens, if the entry is renamed without changing the name (rename -> just click OK).
- ui/enhancement Renaming an entry to an already existing entry does not work (which makes sense) but should probably trigger a warning/error.
Entry View
New Entry
- bug Creating a new entry with the name of an existing entry will override the existing entry without warning.
- bug / in entry names are interpreted as separator
- / at start will be interpreted as absolute path, e.g. /path/to/other/.password-store/entryname will work, although the dialog explicitly states, where the file will be created
- / in the middle
- non exisiting paths display a user error: Could not read encryption key to use, .gpg-id file missing or invalid.
- notapath/../works works
- ~ is not expanded
- If this path behaviour is intended or kept
- Display an error after path confirmation instead of checking on save only
- Only paths within the configured store path should be allowed
- bug Names starting with .
- resulting files are hidden on linux, what might be a source of user errors, if files are copied manually
- entries are displayed in the tree after creation, but hidden after restart.
- folders are hidden in the tree after creation
- maybe just disallow all . files, or at least: .gpg-id, .gpg-id.sig, .git
- keyboard/bug Enter will close the form without saving. To reproduce
- Add new entry
- Enter password
- Press Enter
- keyboard/enhancement On a new entry, the Input Password should have focus
Show Entry
- ui/security Don't leak the number of chars in the password field, which heavily reduces the search space in brute force attacks
- ui/idea Does the show entry view add any value compared to the edit view? The buttons for copy to clipboard and show qr code could also be added on the edit view. Having only one view would simplify the interface quite a bit.
- security/feature Protect more than password? Other fields might contain sensitive data, too. Probably would need a setting (list of keys).
- ui/bug Long words / urls in description expand the view beyond viewport. Buttons for qrcode/copy are out of reach, probably wrap lines. Setting Ignore Line Wrapping suggests, that it should be set, but does not change behaviour.
- ui/bug Clicking on fields centers content both vertically/horizontally. Centering happens on text selection, too (e.g. to copy & paste). Should be deactivated.
- ui/bug/minor Problems with QR-Code for long passwords/values : QR code probably gets too small at around 1000 chars and is empty at about 2954 chars. Maybe keep pixel size constant and resize the window instead and/or display a user error if the string length exceeds a threshold.
- ui/security/minor Binary data in entries is displayed/interpreted (file might be added/changed by someone else, e.g. if the store is shared among team members; without signature checks, it could be encrypted for the user by anyone)
- does not break, but some control chars seem to work (e.g. rtl). many errors on stdout: `qt.text.font.db: OpenType support missing for "[...]", script 66´
- qr code works, but adds new contexts (e.g. qr code reader on smartphones), in which the data might be interpreted
- error/comprehension If pinentry-curses is used (or a fallback occurs), the error message is misleading: "No such file or directory" (to reproduce: force curses pinentry via echo "pinentry-program /usr/bin/pinentry-curses" > envs/main/alice/gpg-agent.conf && killall gpg-agent and open )
Edit Entry
- ui/bug Deleting the search term during edit closes the edit view (without saving)
- app/feature Enable user to "raw" edit entries
Delete Entry
- ui/enhancement/minor Show path relative to store root. Maybe show the tree path instead of the file path (for entries without .gpg) Path/Extension is more like an implementation detail from perspective of a gui user
- ui/bug deleting a file in a symlinked folder does not remove the symlink in tree. to reproduce
- delete
- is removed in tree, but is still shown
- ui/bug Deleting a store in a multistore tree deletes the folder on filesystem, not in tree, nor in config. Maybe deactivate deletion of a store root folder in tree.
- keyboard/enhancement Refocus tree after deletion
- ui/bug/minor Deleting a folder during creation/edit of an entry in that folder should close the entry.
Templates
- config/enhancement Maybe split templated key/values on first : (with space) instead of :, e.g. for key:with:colons: value
- config/enhancement Lines with empty values are deleted on save, probably as intended. Might be problematic for existing stores with non-conforming entries (e.g. managed via pass). Suggestion: Visually mark fields to be deleted in edit form.
- config/enhancement/minor Maybe handle empty key, e.g. :empty
- ui/enhancement For multiple key/value pairs the buttons for qrcode/copy are hard to match. Maybe add e.g.
- separator lines
- alternating odd/even backgrounds
- highlight of row on mouseover
- ui/enhancement/minor Long keys expand the window beyond monitor border (edit the entry to reproduce). Maybe truncate with ... prefix and add a Tooltip with full content.
- config/minor Login with capital L in default template (like capital Password, URL)
Users
- ui/bug/minor Unescaped regex special chars (e.g. wertpasdg.-) as first search term char (1 char only?) will be interpreted as regex, which might get unexpected results.
- ui/enhancement/minor Show entry on a search for the fingerprint, too
- ui/bug Full path in Could not decrypt notice extends the window (no wrap)
- ui/bug Closing the user list after a Could not decrypt error leaves the interface in an unusable disabled state (to reproduce: add a cert in , click ok -> Error, click cancel)
- app/enhancement If during reencryption an error occurs, the encryption state of the files will be inconsistent - some reencrypted and some not (to reproduce: add a cert in , click ok -> Error, compare e.g. and with gpg --list-packets) Maybe recrypt in tmp folder and replace the files instead?
- app/feature GPGPass is currently using keyids to specify the cert. Pass is capable to use all possible key specifications. To be compatible with pass and ensure that there is no data loss when an already existing store managed by pass is imported, those other specification formats need to be handled. Currently other specifications will result in unkown userid and (re)encryption is not possible:
- Suggestion to have no loss of data:
- default is to use keyids (as currently implemented)
- custom key specifications should be preserved (on edit create a map of "unknown" keys to user certs, on save this map can be consulted first to choose the right special key)
- no special handling of "unknown" certs in user list, user just checked. (better: custom specification visible in cert row)
- removal of a user deletes the special key specifications
- adding of special key specifications in .gpg-id only via file edit (future: maybe in app a raw edit of the .gpg-id file)
- Keyformats :
- keyid: KEYID
- keyid-force: KEYID!
- fpr: FINGERPRINT
- fpr-force: FINGERPRINT!
- keygrip: &KEYGRIP
- substr-name: Alice Default 01
- email-exact: <alice.default.1@gnupg.test>
- email-partial: @alice.default.1
- substr-email: alice.default.1@gnupg.test
- userid: =Alice Default 01 <alice.default.1@gnupg.test> (default)
- substr-userid: Alice Default 01 <alice.default.1@gnupg.test> (default)
- Suggestion to have no loss of data:
- ui/enhancement Display a meaningful error on save, if one or more IDs are unknown (don't change the entry) Show unknown IDs on top to draw attention
Password Generator
- ui/bug Copy password does not work
- ui/bug/minor In tooltip of button Regenerate: (Ctrl+R(I18N_ARGUMENT_MISSING))
- ui/bug Show Wordlist too short + explicit min length as user error. Otherwise it is not possible to understand, why it does not work (wordlist: wordlist_short.txt).
- app/enhancement Remove duplicate lines before check of min words (wordlist: wordlist_dups.txt). Maybe just remove duplicates on import once.
- app/feature Enable usage of generator without entry (e.g. via menu).
- ui/enhancement Explain wordlist format (one word per line) in some tooltip (e.g. Add List).
- app/enhancement Regarding entropy reduction for common strings:
- 123456 (0.00 bit) but 12345 (2.58 bit)
- maybe translate all words: house is detected, but not haus
- maybe add common 4-digit pins, e.g (reverse) birth dates, pad rows/cols, etc. For a list see here
Settings
General
Stores
- ui/enhancement When a new store is added via Configure GPGPass, the store has no users. Adding entries works until save (.gpg-ids missing). Better would be to open the user list after creation, as it's a neccessary step to setup a store.
- ui/enhancement/minor After adding a new store, focus Name (otherwise it might be overseen, that a new entry was created)
- ui/enhancement Maybe add a confirmation dialog on store removal.
- ui/bug On removal of all stores, if the last store is empty, it can't be removed. To reproduce, open and remove User, Team, Template, then Empty has no delete icon.
- ui/enhancement If all stores are deleted and one tries to enter a Name, gpgpass crashes.
Templates
- ui/enhancement/minor Change of Use template and Show all fields templated could rerender view entry. edit entry might better be closed or redirected to view entry without save then
Themes
Dark
- ui/bug Icon contrast too low, almost not visible (menu, toolbar, folder in tree, delete search term, buttons, show password, unchecked checkboxes/radiobuttons)