Tested: linux / en / 20.03.25

Setup

setup

• ui/bug/minor Entering a Name in store configuration (via Configure GPGPass) during setup crashes the application:

qt.core.qobject.connect: QObject::connect(QAbstractButton, GpgPassPageConfigDialog): invalid nullptr parameter
Client changed:   mod  GpgPass::Config::RootFoldersConfigurationPage(0x61f429461db0, name="RootFoldersConfigurationPage")
Client changed:   mod  GpgPass::Config::RootFoldersConfigurationPage(0x61f429461db0, name="RootFoldersConfigurationPage")

Select My Certificate

• ui/enhancement/minor Remove Option No certificate? Choosing it results in an error anyway. Maybe needed, if no certificates are available?
• ui/bug Generate certificate not selectable anymore without other certs available clean
  • Maybe add a button instead of the select instead of directly opening the cert gen dialog? Or would it be possible to make the former "No cert" option unselectable?
• ui/feature Tooltips with selectable text (e.g. to copy the fingerprint for bug reports) Not feasible
• ui/bug/minor choosing Generate Certificate displays an error in the background
  
• ui/enhancement/minor maybe also show expired certs (users might wonder, what happened to their cert)
• comprehension/minor Tooltip text could be more precise, e.g.:
  • Revuserids: 5 userids not certified -> 5 userids revoked / 5 userids certified (the other ones)
  • TrustX: 1 userid not certified: -> all userids not certified / no userid certified / key not trusted
  • As "certified" means "valid", why not just use "valid"?

Input Path

• bug Adding an existing store will overwrite the root .gpg-id file regardless of the differences (but not reencrypt). Maybe add a warning dialog with an explanation, a diff of the ids and resolution options (e.g. keep, overwrite, overwrite and reencrypt). Or probably better just replace the cert selection field with some user feedback, that a store is detected (has .gpg-id) and just import it without changes.
• config/bug Three slahes at the beginning autocompletes working directory
  
  
  
• config/minor Maybe normalize generated path: /home/user/////////kde/.password-store-test4/////// results in Path[$e]=$HOME/////////kde/.password-store-test4///////. This path will be visible for the user e.g. on creation of new folders and accidentally using // could be problematic in other programs/contexts.

Dialog Generate a new OpenPGP certificate

• config/minor Resulting .gpg-id has no newline, which differs from pass init. Might result in copy & paste errors, if the gpg id is copied from terminal (e.g. 78982DB8B11C0B15#).
  • still no newline, e.g. in empty add an entry, change cert, save, check .gpg-id
• bug/minor Leaving the wizard open for some (very long) time, another window with the same wizard will appear - maybe a timeout?
  
• feature Creation of certs possible, but not the deletion?
• comprehesion The (between X and Y) dates in the description of Valid until can be misleading. It took a while to understand, that it's not about the resulting valid period, but rather the min/max of the until value. 2106 also looks very arbitrary. Maybe choose between, or move the description into the datetime widget or just remove it completely? The datetime widget prevents the choice anyway, which should be intuitive.
• comprehesion/minor Tooltip Text unrecoverable in Checkbox Protect: Understandable for the users? Maybe expand to a sentence, that the passphrase needs to be kept save and secrets are lost without it.
• comprehesion/enhancement Mark the recommended algorithm in Section Advanced options? e.g. curve25519 (recommended) as Label? If users are playing around with it, they might end up generating keys with deviating algorithm.
• comprehesion/minor Dialog description name and/or email: Do users understand the implications of choosing both/between?

Main

main

• keyboard/bug Using shortcut Ctrl-Q triggers a warning, that this sequence is ambiguous and should be resolved in the Shortcut Settings. In these Settings I see, that this Shortcut is only mapped to gpgpass/Quit. Might be my config?
• note Currently multiple gpgpass instances are allowed, which probably could lead to inconsistencies. Maybe restrict to one per configuration file?
• feature now no multiple instances are allowed, one per config (.gpgpassrc path) would be better
  • users might want to separate passwords process wise, and/or use a different gnupghome
  • multiuser live tests don't work anymore (still can be somehow tested with manual pass operations though)

Menus

main

• bug Über GPGPass and SDPSX-License-Identifier in gpgpassui.rc links GPL2, README references GPL3
  
• ui/enhancement/minor Better choice of icons possible? Mix of colored / blue / black without semantical meaning. edit has the same icon as configure. Configuration icon not optimal in my opinion, at least for the toolbar (the bottom line matches visually with the Shortcut underscore and looks a bit broken in my opinion).
• language en_US chosen, but many German translations present, e.g.
  • GPGPass einrichten ...
  • Einstellungen
  • Hilfe
  • etc.
• note Handbuch and Was ist das?: disfunctional, probably placeholder?
• note Probleme oder Wünsche berichten: reports with user account only?

Search

main

• ui/bug Searches have different results, e.g. for current testdata
  1. start gpgpass
  2. repeated search
     1. search for entry
     2. delete search term and wait for tree to rerender
        
        
        
• ui/enhancement Deep folder structures in searches might be confusing
  • contents of matched folders are included in the search, which makes sense
  • parents of matched folders might be unneccessary, maybe it's worth a try to omit them, if possible
  • open matched folders with many entries will also possibly push the next matches out of view
  • maybe highlight matched substring in folders/entries
  • maybe close matched (sub-)folders
    
• bug RegEx special chars should better be handled in search. stdout:

QString(View)::contains(): called on an invalid QRegularExpression object (pattern is '*')
QString(View)::contains(): called on an invalid QRegularExpression object (pattern is '?')
QString(View)::contains(): called on an invalid QRegularExpression object (pattern is '\')

• bug/minor Unescaped regex special chars (e.g. wertpasdg.-) as first search term char (1 char only?) will be interpreted as regex, which might get unexpected results.
  
  
  
• ui/bug Folders in results closed by default, if previous search result found no results. to reproduce with current testdata,
  1. search for empty -> folder is open
     
  2. search for asdf -> no passwords found
     
  3. search for empty -> all folders closed
     
     
• ui/security/minor All Folders briefly open on search, which might leak information (over-the-shoulder)
  • well, now all folders are open by default :P

Password Tree

main

Folders

• ui/bug .password-store folder is shown. To recreate
  1. Enter some chars in Input Search and press Enter
  2. Remove all chars and wait
• ui/idea If the password store root folder would be included in the tree, it would be possible to show all configured stores simultanously (e.g. with an additional name attribute in the store configuration). On the other hand, a conscious decision to switch the profile might be preferable to prevent user mistakes and over-the-shoulder information leaks. already done
• ui/enhancement/minor If the password store is changed on filesystem, the tree might be updated only partially. Looks like this happens only, if the root folder was deleted and recreated, so this is probably ok.
  
  
• ui/bug If the first of multiple (non-empty) stores is empty, the "No Passwords Found" overlay is shown. Maybe just deactivate this overlay for multistores, as it is only useful as first step aid.
  
  
• bug File monitoring (via inotify) cannot handle reentry/recursion. To reproduce: in any store, add a symlink ln -s . recursion (commented out in testdata right now) and watch the CPU:
  
  pass is handling this:
  
• security/enhancement Entries/Folders outside of the store root (via symlink) should better be ignored (although passhas no such a restriction). Testdata example is /tmp/gpgpass main | User/symlinks/outside/FSROOT!__tmp__gpgpass, but could also be /etc or some other folder, which should better not be touched.
  • If this behaviour should be kept, File monitoring should add those files outside of store root, too (currently adding an entry in main | Empty won't show up in main | User/symlinks/outside/FSROOT!__tmp__gpgpass/stores/main/alice
• ui/bug Own .gpg-ids are applied to symlinked folders. Those folders might have none or a different .gpg-id file. Maybe disable symlinks in general, but this would not be pass compliant. Or check symlinks for real parent .gpg-ids.
  
  
• ui/enhancement/minor Beautify tooltip with userlist
  • Remove default html style bullet top/left margin
  • Maybe more width, so common userid sizes fit into it
  • Maybe remove details (certified/created)
    

Navigation

• ui/bug Entry is not viewed after de- and reselect. clipboard cleared displayed on bottom. The same happens, when the content panel is automatically closed (if enabled in settings). To reproduce:
  1. Select an entry (shown)
  2. Unselect the entry (via click on the item)
  3. Select the entry again
     
• ui/enhancement Maybe disable deselection of the currently active entry, if possible. Probably not easily possible, as currently this would it make impossible in singlestores to add a root entry.
• ui/bug In edit mode, the changes are lost, if an item is deselected.
• ui/enhancement Accessing the edit view feels uncomfortable. I know, it's in the toolbar, but choosing the right button from global context needs attention. Suggestions (preferably all of them):
  • Edit entry on doubleclick
  • Add edit button in the tree item row (e.g. floating right)
  • Add edit button on Show entry view (e.g. on title row left of copy button)
• keyboard/bug The edit shortcut does not work in edit entry mode, which is unexpected. To reproduce:
  1. set edit shortcut
  2. navigate (arrows) to some entry and press the edit shortcut -> edit view
  3. navigate (arrows) to another entry and press the edit shortcut again -> show view
• keyboard/enhancement Maybe add edit shortcut preset: ctrl + enter?
• keyboard/enhancement Add "Copy Password to Clipboard" Shortcut ctrl + c
• keyboard/enhancement After opening an entry, keyboard up/down navigates the tree. Maybe display the selected entry then (e.g. after timeout with reset on further keypresses)
• ui/feature Allow multiselect (e.g. to delete multiple items at once)
• ui/feature/minor Add copy entry action. In my password manager I use this often to ensure the same name "syntax" optimized for search.
• ui/feature/minor Display/Copy path to password file, e.g. in Context Menu
• keyboard/enhancement On edit shortcut, the focus should switch to the entry form, right now one has to tab through all toolbar items to reach it.
• keyboard/enhancement Newly created folders should have focus to create entries within afterwards
• ui/bug The open tree behaviour has several issues:
  • Adding an entry/folder resets the tree (to reproduce: collapse some folders and all stores, add an entry, all stores open again). The tree state should be kept
  • Happens also via inotify, if others add an entry (to reproduce: open main, close all stores, on any store execute echo "password" | pass insert -ef test)
  • Searching resets the tree. If possible, save and restore the former state on ESC
  • Suggestion for open folders:
    • on start (both single/multistore): closed (maybe 1st level open, if < ~5 items)
    • on search: one level of matches open
    • custom state should be kept, if possible. on abort of search, the former state could be restored + open path to selected entry
• ui/enhancement/minor Add open/close all subfolders (1 level) in context menu
• keyboard/bug Keyboard edit/delete does not work on first navigation (to reproduce: start main, tab to tree, move with arrows to first entry, try delete/edit shortcut)

Moving

• ui/bug Moving an item over another triggers the overwrite dialog. Old item will be kept, the new item will be moved to $(pwd)/.gpg Maybe just deactivate overwriting as it's not much useful?
• ui/bug/minor Moving an item visually suggests, that a custom order is possible
  

Renaming

• config/bug/minor Folder/Entry names might conflict (e.g. entry name, folder name.gpg). Not very likely, but maybe should be better handled.
  • If an entry name does exist, adding a new folder name.gpg won't do anything.
  • New folders name.gpg will result in filesystem folder name.gpg, but are shown as name in the tree.
  • Given a (filesystem) folder name.gpg, adding a new entry name will result in an error Filename refers to a directory (which is good).
• ui/bug Renaming an entry entry to an already existing folder folder will result in unexpected behaviour: the folder is kept, the entry is moved into that folder, the tree might or might not be updated. Given a folder name and an entry name, the same happens, if the entry is renamed without changing the name (rename -> just click OK).
• ui/enhancement Renaming an entry to an already existing entry does not work (which makes sense) but should probably trigger a warning/error.

Entry View

main

New Entry

• bug Creating a new entry with the name of an existing entry will override the existing entry without warning.
• bug / in entry names are interpreted as separator
  • / at start will be interpreted as absolute path, e.g. /path/to/other/.password-store/entryname will work, although the dialog explicitly states, where the file will be created
  • / in the middle
    • non exisiting paths display a user error: Could not read encryption key to use, .gpg-id file missing or invalid.
    • notapath/../works works
  • ~ is not expanded
  • If this path behaviour is intended or kept
    • Display an error after path confirmation instead of checking on save only
    • Only paths within the configured store path should be allowed
• bug Names starting with .
  • resulting files are hidden on linux, what might be a source of user errors, if files are copied manually
  • entries are displayed in the tree after creation, but hidden after restart.
  • folders are hidden in the tree after creation
  • maybe just disallow all . files, or at least: .gpg-id, .gpg-id.sig, .git
• keyboard/bug Enter will close the form without saving. To reproduce
  1. Add new entry
  2. Enter password
  3. Press Enter
• keyboard/enhancement On a new entry, the Input Password should have focus

Show Entry

• ui/security Don't leak the number of chars in the password field, which heavily reduces the search space in brute force attacks
• ui/idea Does the show entry view add any value compared to the edit view? The buttons for copy to clipboard and show qr code could also be added on the edit view. Having only one view would simplify the interface quite a bit.
• security/feature Protect more than password? Other fields might contain sensitive data, too. Probably would need a setting (list of keys).
• ui/bug Long words main | User/long/notes_* / urls main | User/long/url in description expand the view beyond viewport. Buttons for qrcode/copy are out of reach, probably wrap lines. Setting Ignore Line Wrapping suggests, that it should be set, but does not change behaviour.
  
  
• ui/bug Clicking on fields centers content both vertically/horizontally. Centering happens on text selection, too (e.g. to copy & paste). Should be deactivated. main | User/long/many_notes_lines
  
  
  
• ui/bug/minor Problems with QR-Code for long passwords/values main | User/long/password/*: QR code probably gets too small at around 1000 chars and is empty at about 2954 chars. Maybe keep pixel size constant and resize the window instead and/or display a user error if the string length exceeds a threshold.
  
  
  
  
  
• ui/security/minor Binary data in entries main | User/chars/binary* is displayed/interpreted (file might be added/changed by someone else, e.g. if the store is shared among team members; without signature checks, it could be encrypted for the user by anyone)
  • does not break, but some control chars seem to work (e.g. rtl). many errors on stdout: `qt.text.font.db: OpenType support missing for "[...]", script 66´
    
  • qr code works, but adds new contexts (e.g. qr code reader on smartphones), in which the data might be interpreted
    
• error/comprehension If pinentry-curses is used (or a fallback occurs), the error message is misleading: "No such file or directory" (to reproduce: force curses pinentry via echo "pinentry-program /usr/bin/pinentry-curses" > envs/main/alice/gpg-agent.conf && killall gpg-agent and open main | User/certs/alice.protected.1*)
  

Edit Entry

• ui/bug Deleting the search term during edit closes the edit view (without saving)

Templates

template

• config/enhancement Maybe split templated key/values on first : (with space) instead of :, e.g. for key:with:colons: value template | basic
  
• config/enhancement Lines with empty values template | basic (empty:) are deleted on save, probably as intended. Might be problematic for existing stores with non-conforming entries (e.g. managed via pass). Suggestion: Visually mark fields to be deleted in edit form.
• config/enhancement/minor Maybe handle empty key, e.g. :empty template | basic (:empty)
  
  
• ui/enhancement For multiple key/value pairs template | chars the buttons for qrcode/copy are hard to match. Maybe add e.g.
  • separator lines
  • alternating odd/even backgrounds
  • highlight of row on mouseover
    
• ui/enhancement/minor Long keys template | long_key expand the window beyond monitor border (edit the entry to reproduce). Maybe truncate with ... prefix and add a Tooltip with full content.
  
• config/minor Login with capital L in default template (like capital Password, URL)

Delete Entry

• ui/enhancement/minor Show path relative to store root. Maybe show the tree path instead of the file path (for entries without .gpg) Path/Extension is more like an implementation detail from perspective of a gui user
  
  

Users

• ui/bug/minor Unescaped regex special chars (e.g. wertpasdg.-) as first search term char (1 char only?) will be interpreted as regex, which might get unexpected results.
• ui/enhancement/minor Show entry on a search for the fingerprint, too
• ui/bug Full path in Could not decrypt notice extends the window (no wrap)
  
• ui/bug Closing the user list after a Could not decrypt error leaves the interface in an unusable disabled state (to reproduce: add a cert in main | User/empty, click ok -> Error, click cancel)
  
• app/enhancement If during reencryption an error occurs, the encryption state of the files will be inconsistent - some reencrypted and some not (to reproduce: add a cert in main | User, click ok -> Error, compare e.g. main | User/fields_all and main | User/urls with gpg --list-packets) Maybe recrypt in tmp folder and replace the files instead?
• app/feature GPGPass is currently using keyids to specify the cert. Pass is capable to use all possible key specifications. To be compatible with pass and ensure that there is no data loss when an already existing store managed by pass is imported, those other specification formats need to be handled. Currently other specifications will result in unkown userid and (re)encryption is not possible:
  
  
  
  • Suggestion to have no loss of data:
    • default is to use keyids (as currently implemented)
    • custom key specifications should be preserved (on edit create a map of "unknown" keys to user certs, on save this map can be consulted first to choose the right special key)
    • no special handling of "unknown" certs in user list (user just checked)
    • removal of a user deletes the special key specifications
    • adding of special key specifications in .gpg-id only via file edit (future: maybe in app edit)
  • Keyformats main | User/gpgid/*:
    • keyid: KEYID
    • keyid-force: KEYID!
    • fpr: FINGERPRINT
    • fpr-force: FINGERPRINT!
    • keygrip: &KEYGRIP
    • substr-name: Alice Default 01
    • email-exact: <alice.default.1@gnupg.test>
    • email-partial: @alice.default.1
    • substr-email: alice.default.1@gnupg.test
    • userid: =Alice Default 01 <alice.default.1@gnupg.test> (default)
    • substr-userid: Alice Default 01 <alice.default.1@gnupg.test> (default)

Settings

General

Stores

• ui/enhancement When a new store is added via Configure GPGPass, the store has no users. Adding entries works until save (.gpg-ids missing). Changing users on an empty store does not work, no .gpg-ids is created. Better would be to open the user list after creation, as it's a neccessary step to setup a store.
  

Templates

• ui/enhancement/minor Change of Use template and Show all fields templated could rerender view entry. edit entry might better be closed or redirected to view entry without save then