Page MenuHome GnuPG
Create Task
Maniphest T7786

Draft: Kleopatra: improvements of signature verification result messages
Open, NormalPublic
Actions

Description

We want to restructure the verification result messages to put the most important information at the beginning and also make a few text improvements.

Tasks for all messages: Move text from the 2nd row to the top (the most important info is given there, e.g. "The signature is invalid:")
Caveat: at some places, only a single word like "The" was added, check the texts carefully when implementing (and testing) this.

New texts:

  • for invalid signature: The signature is invalid: Bad signature\nThe signature was created with certificate: %1

Question:

  • Can we be sure that the signature in question is by that certificate? (The common case is that the file which was signed was changed after the (at that time valid) signature was made)
  • Better word here for "Bad"?
  • for valid and trusted signature: (maybe leave out the part in []? {} indicates that there are other variants, too)
    • GPD: The signature is valid and the certificate['s validity] is {fully} trusted.\nThe signature was created on %1 with the certificate: %2"
    • VSD 1: The signature is VS-NfD compliant.\nThe signature was created on %1 with the certificate: %2"
    • VSD 2: The signature is Not VS-NfD compliant. The certificate['s validity] is {fully} trusted.\nThe signature was created on %1 with the certificate: %2"

To discuss: Leave out the part in [ ]?

  • for valid but unknown: The signature can't be checked, the certificate is missing. You can search for it [on the configured server] or import it from a file.\nThe signature was created on %1 using an unknown certificate with fingerprint %2

To discuss:
a) it is not necessarily a keyserver, it may be ldap
b) we search on the configured server after a click on the fingerprint link. How to make that clear?

  • for technically correct but revoked signature: The signature is invalid: The signing certificate was revoked\nThe signature claims to be created on %1 with the certificate: %2

To discuss: "claims to be" OK?

  • for valid but not trusted: The signature can't be verified. The signing certificate is not certified by you or a trusted [third] party.\nThe signature was created on %1 with the certificate: %2"

To discuss: the part after "certified by"

  • for valid but not trusted and expired: The signature can't be verified. The signing certificate is expired and not certified by you or a trusted [third] party.\nThe signature was created on %1 with the certificate: %2"

Note: as "not trusted" should have precedence over expired, we want to only mention the "expired" as an addition.

  • for valid and trusted but expired: The signature is invalid: The signing certificate has expired.\nThe signature was created on %1 with the certificate: %2"

Related Objects