Page MenuHome GnuPG
Create Task
Maniphest T7886

Kleopatra: Enhance error on missing subkey, if set by default-new-key-adsk
Open, NormalPublic
Actions

Description

If the subkey for an ADSK set by default-new-key-adsk is not in the keyring, the key generation error in Kleopatra is generic:

If possible, the error should include, that it's about a missing ADSK to point the user in the right direction.

I once forgot to delete the gpg.conf entry and it took a while until i figured it out.
As soon as ADSK is used more widely, many end users with admin provided setups might be confronted with this.

Edit 2025-11-17: We want to solve this by adding a link (button in case of the 5.0 version) labeled "Diagnostics" to the audit log.
There the user will find the ADSK mentioned.

We want this link/button for all error messages on key creation.

Details

Version
gpg4win-5.0.0-beta395 @ win11

Revisions and Commits

rLIBKLEO Libkleo
rLIBKLEOd33ad93f42a5 Create message dialog with custom buttons and audit log button
rKLEOPATRA Kleopatra
rKLEOPATRA626d02b70548 Offer audit log when OpenPGP key generation fails

Related Objects

Event Timeline

timegrid created this task.Mon, Oct 27, 2:36 PM
timegrid created this object with edit policy "Contributor (Project)".
timegrid updated the task description. (Show Details)Mon, Oct 27, 3:44 PM
ebo added a comment.Mon, Oct 27, 4:09 PM

A side question: what are your language settings there?
Seems gpg gives it's error messages in German, Kleo in English

timegrid added a comment.Tue, Oct 28, 12:47 PM

Windows Language Settings:

  • ISO: EnglishInternational
  • Windows Language: English (United Kingdom) - note: i installed English (United States), but can't select it
  • Country or Region: German
  • Regional Format: German

GPG output seems to depend on Regional Format.

ikloecker mentioned this in T7874: Kleopatra: GnuPG System configuration not translated.Tue, Oct 28, 4:24 PM
ebo renamed this task from Kleopatra: Enhance error on missing subkey, if set by default-new-ky-adsk to Kleopatra: Enhance error on missing subkey, if set by default-new-key-adsk.Thu, Oct 30, 10:35 AM
ebo mentioned this in T7913: Draft: Kleopatra: General error if designated revoker not in keyring.Thu, Nov 13, 10:38 AM
werner added a subscriber: werner.Thu, Nov 13, 12:39 PM

What about adding a "show gnupg log" button as we have in other dialogs?

ebo triaged this task as Normal priority.EditedFri, Nov 14, 8:51 AM

Yes, we now plan to add an "Show Audit Log" Button (or is it "Diagnostics" in this case?). But we are not sure if this is enough.

I was asked for a gpgme log to see what info is available at this point. I guess the relevant part is:

2025-11-14 08:35:02 gpgme[5736.1e58]     _gpgme_io_read: check: gpg: invalid ADSK '98111E67AE06F2BEFD2BDE10C5D6C
2025-11-14 08:35:02 gpgme[5736.1e58]     _gpgme_io_read: check: 919005F36A4' specified: Unbrauchbarer ..ffentlic
2025-11-14 08:35:02 gpgme[5736.1e58]     _gpgme_io_read: check: her Schl..ssel<LF>
2025-11-14 08:35:02 gpgme[5736.1e58]     _gpgme_io_read: leave: result=111

gpgme_log.txt546 KBDownload

The log is from vsd 3.3.3

ebo renamed this task from Kleopatra: Enhance error on missing subkey, if set by default-new-key-adsk to Draft: Kleopatra: Enhance error on missing subkey, if set by default-new-key-adsk.Fri, Nov 14, 12:55 PM
ikloecker claimed this task.Mon, Nov 17, 11:08 AM
ebo renamed this task from Draft: Kleopatra: Enhance error on missing subkey, if set by default-new-key-adsk to Kleopatra: Enhance error on missing subkey, if set by default-new-key-adsk.Mon, Nov 17, 11:21 AM
ebo updated the task description. (Show Details)
ebo updated the task description. (Show Details)Mon, Nov 17, 11:26 AM
ikloecker added a commit: rLIBKLEOd33ad93f42a5: Create message dialog with custom buttons and audit log button.Mon, Nov 17, 4:02 PM
ikloecker added a commit: rKLEOPATRA626d02b70548: Offer audit log when OpenPGP key generation fails.Mon, Nov 17, 6:35 PM
ikloecker added a comment.Mon, Nov 17, 6:38 PM

The error dialog now has a button to show the audit log (named Diagnostics).

ikloecker changed the task status from Open to Testing.Mon, Nov 17, 6:39 PM
ikloecker moved this task from Backlog to WIP on the gpd5x board.
werner added a comment.Wed, Nov 19, 12:51 PM

GPG output seems to depend on Regional Format.

FWIW, GnuPG uses this Windows API

/* Use native Win32 API locale ID.  */
lcid = GetThreadLocale ();
/* Strip off the sorting rules, keep only the language part.  */
langid = LANGIDFROMLCID (lcid);

but can be overridden with the LC_ALL, LC_MESSAGES, or LANG envvars by setting them to the usual xx_XX value. The Windows code pages are internally also mapped to xx_XX and in some cases to az_AZ@cyrillic etc. On Windows

gpg-error locale

can be used to display the current local as used by GnuPG. (gpg-error is not always installed)

ikloecker added a comment.Wed, Nov 19, 1:25 PM
In T7886#208534, @werner wrote:

FWIW, GnuPG uses this Windows API

[...]

but can be overridden with the LC_ALL, LC_MESSAGES, or LANG envvars by setting them to the usual xx_XX value.

Setting LC_MESSAGES to the language Qt/KDE use is what we do now.
https://dev.gnupg.org/source/gpg4win/browse/master/patches/ki18n/0001-gpg4win-fix-language-issues.patch$116
Unfortunately, gnupg's gettext replacement doesn't honor the LANGUAGE envvar that the real gettext supports (and prefers over all other variables) since more than 2.5 decades.

timegrid changed the task status from Testing to Open.Fri, Nov 21, 12:02 PM

On gpg4win-5.0.0-beta413 @ win11

  • The diagnostics button is displayed
  • The message contains a hint to adsk

So this is generally fine.

The html error message itself is not interpreted though: