Discussion and background for naming things and german translation

We want to avoid "group" to not confuse with Kleo groups.

German translations:

• "New OpenPGP Role Key Pair..." → "Neues OpenPGP-Funktions-Schlüsselpaar ..."

Options for naming the "Save Secret Role Key..." menu entry:

• "Share Secret Role Key..." → "Teile geheimen Funktions-Schlüssel ..."
  • When using "share", it may not be clear to the user that a file is being created.
  • We also wanted to avoid "export", because it is used for public keys only.
  • We also want this to be distinguished from "backup", which is used for saving the whole key.
• "Save Secret Role Key for sharing..." → "Speichern des geheimen Funktionsschlüssels zur gemeinsamen Nutzung ..."
  • This might be to long (especially the german version) for a menu entry.
• "Save Secret Role Key for sharing..." → "Speichern des zu teilenden geheimen Funktionsschlüssels ..."
  • Probably still to long.
• "Save Secret Role Key..." → "Speichern des geheimen Funktionsschlüssels ..."
  • with a tool-tip: "Save secret role key to share within the team" → "Speichern des geheimen Funktionsschlüssels zum Teilen innerhalb des Teams"
  • Seems to be the best option we have found so far.

Suggestions (language):

engl. Menu Entry: Save Secret Team Key
Tooltip: Save this secret key to share with other team members.

dt. Menüeintrag: Geheimen Team-Schlüssel speichern
Tooltip: Geheimen Schlüssel speichern und mit Team teilen.

Dialog: Save Secret Team Key
Text: The following subkeys will be saved to a file.
This file can be shared with team members who need to read messages encrypted for this functional mailbox.

• All public subkeys
• Secret encryption subkey
• Secret signing subkey

Please choose whether team members should be allowed to sign messages using the team key.
Alternatively, they can use their personal key to sign.
[OK] [Cancel]

German version: Geheimen Team-Schlüssel speichern
Text: Die folgenden Unterschlüssel werden in einer Datei gespeichert.
Diese Datei kann an Teammitglieder weitergegeben werden, die verschlüsselte Nachrichten an dieses Funktionspostfach lesen müssen.
(shorter version: Für Teammitglieder zum Lesen verschlüsselter Nachrichten an Funktionspostfach.)

• Alle öffentlichen Unterschlüssel
• Geheimer Verschlüsselungs-Unterschlüssel
• Geheimer Unterschlüssel zum Signieren

Wählen Sie, ob Teammitglieder Nachrichten mit dem Funktionsschlüssel signieren dürfen.
Alternativ können sie ihre persönlichen Schlüssel dafür nutzen.
[OK] [Cancel]

Tooltip: Save this secret key to share with other team members.
dt. Menüeintrag: Geheimen Team-Schlüssel speichern
Tooltip: Geheimen Schlüssel speichern und mit Team teilen.

The EN version is good but the DE one does neither match nor give correct info IMHO. I'd rather just repeat the menu entry text before doing that.
How about these alternatives:
"Den geheimen Schlüssel speichern, um ihn mit dem Team zu teilen."
"Speichern, um ihn mit dem Team zu teilen."
"Team-Schlüssel zum internen Teilen abspeichern."
"Den geheimen Team-Schlüssel zum internen Teilen abspeichern." (my prefered version)

For tool tips full sentences are usually preferred, I believe.

"Geheimen Team-Schlüssel zum internen Teilen abspeichern." is grammatically correct, but it sound very formal and clunky for a UI tooltip. It lacks clarity, therefore I suggest:

"Diesen geheimen Schlüssel speichern, um ihn mit Teammitgliedern zu teilen." -> das ist dann sehr dicht an der englischen Fassung dran :)

We got new suggestions for this:

• do not use "Create Certificate" or "Create Team Certificate" etc, its a key pair.
• use the normal "Create OpenPGP Key Pair dialog for the team key creation, add a checkbox for "Create Signing Subkey" or "Create Separate Signing Subkey" or possibly "Create Signing Subkey (for Team Keys)"
• "Save team key" should work on current default keys, too, in that case only the encryption subkey should be exported
• don't export without offering the save file dialog
• if you do, the location of the key needs a copy function

We decided to

• use "Create OpenPGP Team Key" (and therefore have to change the Action "Create OpenPGP Key Pair" to "Create OpenPGP Key", too)
• Keep the team key creation action separate as originally proposed
• "Save team key" action will show if a key has a signing and encryption subkey
• Change the "Save team key" dialog text to make it less technical:

After importing the team key, team members will be able to decrypt with it.
Please choose whether team members should also be able to sign data with the team key.
Alternatively, they can use their personal key to sign. 
  [ ] Allow team members to sign with the team key
Note: Team members will not be able to change the name, email address or expiry date of the team key.

The save file dialog was already there.

Dialogtext (winzige Politur):

After importing the team key, members will be able to decrypt data with it.
Please choose whether members should also be allowed to sign data with the team key.
Alternatively, they can use their personal key to sign.

• Allow members to sign with the team key

Note: Members will not be able to change the name, email address, or expiration date of the team key.

ok, changed the text in the description of the ticket accordingly, but put two more "team" back in.

Gpg4win-5.0.0-beta413:

The tool tip for the menu is missing.
And after the "Save at" dialog we here get a "Secrete Team key was saved to $PATH/$filename" notification window. The one for secret key backup has no location info and for public keys we have no message at all.
We should have consistent behavior when saving secret (and public) keys, imho.

Tested with Gpg4win-5.0.2-beta2

Team key creation

Everything OK. Note: we decided on the way to create only one type of team keys here, they all have a sign and an encrypt subkey. Instead the decision what to share is made on export (= Save Secret Team Key). This allows for only one checkbox at creation:

In the description was written "After generation the user is offered to "Share Secret Team Key". But we only get the regular success message now (like for any other key pair).
Q1: Did we change the plan or is this missing?

Team key export

"Save secret team key" is available in the "File" menu only.
Q2: Why is it not in the context menu?
I believe if "Backup secret key" is there, the new option should be available next to it. Otherwise people will still use the secret key backup instead.

The option is offered for every secret key where the primary key is available.
Unfortunately also for those where it is only on a smart card (regardless whether the card is attached or not). And the team key is "successfully" saved, too. -> T8146: Kleopatra: Do not offer "Save Secret Team Key" for card keys
The action is not offered for team keys themselves, which lack the primary.
Q3: Do we want to offer it for them, too?

@ikloecker said (paraphrased by me):

Q1: We have removed almost all action sequences in Kleopatra, except for import actions. I don't like hard coded sequences, they only follow one possible usage case.
Q2: Because we want to reduce the context menu as much as is reasonable. "Backup secret key" should not be in the context menu, it is not often used.
Q3: the assumption is that the team-key owner is the one responsible for the distribution, the others don't need it.

@alexk and I agree regarding Q2.
@alexk remarked re Q3 that the other users could use "Backup Secret Key" for a team key instead. But this won't work: The action is not available for keys without primary secret key.

I've made the above ticket for Q2. Regarding Q3 we leave it as is, if customers should complain we could then consider changing that.
Regarding Q1: we should talk about that next week. But I'll close this ticket.