Page MenuHome GnuPG
Create Task
Maniphest T7701

Draft: Kleopatra: Add information for verification results
Open, NormalPublic
Actions

Description

Follow up of discussion from T7651.

Valid (= technically correct) signatures where the signing certificate is
a) expired
b) revoked or
c) has no trusted certification
need more information beyond the warning icon.

Current state case a:
Text: The signature is invalid: Signing certificate is expired


b: The signature is invalid: Signing certificate was revoked
c: The used key is not certified by you or any trusted person.
Additional task regarding c: Change the string to "The signing certificate is not certified by a trusted person."

We want an information button i (with a tooltip). The button should open a new window with some explanation on how to assess if this signature is ok in this case or not.

@hej, would you propose 3 texts?

Related Objects

Event Timeline

ebo triaged this task as Normal priority.Wed, Jun 25, 4:58 PM
ebo created this task.
ebo mentioned this in T7651: Draft: Kleopatra: Improve color codes of verification result messages.Wed, Jun 25, 5:00 PM
ebo updated the task description. (Show Details)Thu, Jun 26, 9:17 AM
hej added a comment.Tue, Jul 1, 10:28 AM

a: expired certificate

Dialog text:
The signature is invalid: The signing certificate has expired.

Tooltip:
If the certificate was still valid when the file was signed, the signature may still be trustworthy. Check the signature date to decide.

b: revoked certificate

Dialog text:
The signature is invalid: The signing certificate was revoked.

Tooltip:
A revoked certificate could mean it was compromised. Only trust this signature if you're sure why the certificate was revoked.

c: untrusted certificate

Dialog text:
The signing certificate is not certified by a trusted person.

Tooltip:
This means Kleopatra can't confirm who signed the file. You can choose to trust the certificate or import a trusted certification.