Page MenuHome GnuPG
Create Task
Maniphest T7609

GpgOL: Certificates imported from WKD are always shown as level 2
Closed, InvalidPublic
Actions

Description

A signature by an OpenPGP certificate imported via WKD is always shown as level 2 security, even if certified by ones own key.

Expected:
That the level is elevated to 3 when it is certified by a fully trusted certificate or 4 when certified by an ultimately trusted certificate.

Related Objects

Event Timeline

ebo created this task.Apr 15 2025, 5:15 PM
werner added projects: kleopatra, Bug Report.Apr 17 2025, 4:48 PM
ebo added a project: gpd5x.Apr 17 2025, 4:49 PM
ebo triaged this task as Normal priority.Apr 22 2025, 2:21 PM
ebo mentioned this in Unknown Object (Maniphest Task).Aug 28 2025, 11:31 AM
timegrid mentioned this in T7833: GpgOL: Security level 2 shown for manually imported and certified cert.Oct 2 2025, 10:40 AM
ebo moved this task from Backlog to Triage on the gpgol board.Oct 9 2025, 9:45 AM
timegrid added a subscriber: timegrid.Tue, Nov 25, 4:38 PM

I can't reproduce this on gpg4win-5.0.0-beta413 @ win11.

For the mail ted:INBOX/Sicherheitslevels/2 security level 2 (wkd), after importing the cert via wkd:

  • signing by edward results in security level 3
  • signing by ted results in security level 4

It takes a while and possibly several refreshes of the mail preview to get the update (or it takes a while until the trusdb was refreshed), maybe this was the case here?

ebo closed this task as Invalid.Thu, Nov 27, 11:32 AM
ebo edited projects, added Duplicate; removed Bug Report, kleopatra.
ebo moved this task from Triage to Done on the gpgol board.

This is a duplicate of T7833: GpgOL: Security level 2 shown for manually imported and certified cert

ebo moved this task from Backlog to Done on the gpd5x board.Thu, Nov 27, 11:34 AM