Page MenuHome GnuPG
Create Task
Maniphest T7861

GpgOL: Autosecure + autoencryptUntrusted not working as expected in VSD versions
Closed, InvalidPublic
Actions

Description

Follow up of T7778

In the case that both options "automatically encrypt messages" (autosecure=1) and "even for not trusted keys" (autoencryptUntrusted=1) are set, a mail is send encrypted if any valid key is available for the recipient. This is as intended except for in the VSD versions (where, arguably, you should not set autoencryptUntrusted as this is contrary to VS-NfD procedures)

Expected behavior for VSD versions: Before actually sending, the security approval dialog shows up for an untrusted certificate. This ensures that the sender is aware that the encryption to the not certified certificate is not VS-compliant and can abort, if desired.

To reproduce:

  1. Set autosecure=1 and autoencryptUntrusted=1 + (but probably not relevant) encryptDefault=1, signDefault=1
  2. Import a certificate with RSA3072 or 4096
  3. sent mail to that recipient address

-> mail is sent encrypted but without the security approval dialog showing

Two possible solutions:

  1. Make the approval dialog show in the VSD versions in this case
  2. Do not allow to set (and/or always ignore) the autoencryptUntrusted setting

Details

Version
VSD 3.3.2

Related Objects

Event Timeline

ebo triaged this task as Normal priority.Oct 16 2025, 2:47 PM
ebo created this task.
ebo created this object with edit policy "Contributor (Project)".
ebo moved this task from Backlog to Triage on the gpgol board.
ebo added a project: vsd.Nov 12 2025, 3:04 PM
ebo added a project: vsd34.Tue, Feb 3, 9:54 AM

We'll go with solution no 2 (which is in effect the same as no 1 anyway)

It would be best if we grey out the option for autoencryptUntrusted in the GpgOL settings and make it unchangeable for the user.

ebo assigned this task to mmontkowski.Tue, Feb 3, 10:26 AM
ebo moved this task from Triage to Backlog on the gpgol board.
ebo mentioned this in T8090: Gpgolconfig: Disable and grey out autoencryptUntrusted setting for VSD version.Thu, Feb 5, 3:39 PM

This ticket is only for ignoring the autoencryptUntrusted setting. For the gpgolconfig.exe part see T8090

ebo closed this task as Invalid.Thu, Feb 12, 9:57 AM
ebo removed projects: vsd34, gpd5x.

This ticket is now obsolete, as we will force the setting of autoencryptUntrusted=0 via the registry in Ticket T8090