Page MenuHome GnuPG
Create Task
Maniphest T7913

Kleopatra: General error if designated revoker not in keyring
Testing, NormalPublic
Actions

Description

If gpg is configured to use a designated revoker and the corresponding key is not in keyring, a general error is shown.

To reproduce:

  1. Add to gpg.conf: add-desig-revoker 581BBA74FFC628B8C984AC5E4A7EB0216A8A773D
  2. Generate a new key -> general error

On gpg --full-gen-key the error is:

gpg: invalid revocation key '581BBA74FFC628B8C984AC5E4A7EB0216A8A773D': No public key

Details

Version
vsd-3.3.3-beta90.31 @ win10

Revisions and Commits

rLIBKLEO Libkleo
rLIBKLEOb8bedbe76389 MessageBox: Fix options
rLIBKLEOb7c8ee5930f9 Use setFlag instead of error-prone bit operations
rLIBKLEOd33ad93f42a5 Create message dialog with custom buttons and audit log button
rKLEOPATRA Kleopatra
rKLEOPATRA626d02b70548 Offer audit log when OpenPGP key generation fails

Related Objects

Event Timeline

timegrid created this task.Wed, Nov 5, 11:54 AM
timegrid created this object with edit policy "Contributor (Project)".
ebo added a comment.Thu, Nov 13, 10:38 AM

what do we want here? "No public key" would be better that "General error" but then we would still have the same issue as here: T7886: Kleopatra: Enhance error on missing subkey, if set by default-new-key-adsk.

I wonder if this could be fixed once for all similar cases.

ikloecker added a comment.Thu, Nov 13, 11:19 AM

For Kleopatra we need to add an "Audit log" button to the error dialog. And we need to check if gpg is giving us a useful error that we (gpgme) are ignoring or if gpg doesn't throw a useful error. What do the gpgme logs say?

ikloecker added a comment.Thu, Nov 13, 11:26 AM

gpgme logs:

2025-11-13 11:22:26 gpgme[28014.6de1]   _gpgme_io_read: check: [GNUPG:] KEY_NOT_CREATED <LF>
2025-11-13 11:22:26 gpgme[28014.6de1]   _gpgme_io_read: check: [GNUPG:] FAILURE gpg-exit 33554433<LF>

where 33554433 means (GPG_ERR_SOURCE_GPG, GPG_ERR_GENERAL) = (GnuPG, General error)

ikloecker added a comment.Thu, Nov 13, 11:28 AM

Conclusion: gpg needs to emit a more useful status error. -> subticket

ebo triaged this task as Normal priority.Fri, Nov 14, 12:55 PM
ebo added a project: gpd5x.
ebo added a subscriber: werner.

@werner sees no reason to define a new status error for everything in gpg. So let's stick with this Kleopatra ticket and adding the "Audit Log"/"Diagnostics" button.

ebo renamed this task from Kleopatra: General error if designated revoker not in keyring to Draft: Kleopatra: General error if designated revoker not in keyring.Fri, Nov 14, 12:56 PM
ikloecker claimed this task.Mon, Nov 17, 11:08 AM
ikloecker added a commit: rLIBKLEOd33ad93f42a5: Create message dialog with custom buttons and audit log button.Mon, Nov 17, 4:16 PM
ikloecker added a commit: rKLEOPATRA626d02b70548: Offer audit log when OpenPGP key generation fails.Mon, Nov 17, 6:35 PM
ikloecker moved this task from Backlog to WIP on the gpd5x board.Mon, Nov 17, 6:40 PM

The error dialog now has a button to show the audit log (named Diagnostics).

ikloecker mentioned this in Unknown Object (Maniphest Task).Mon, Nov 24, 9:00 AM
ikloecker added a commit: rLIBKLEOb7c8ee5930f9: Use setFlag instead of error-prone bit operations.Mon, Nov 24, 9:34 AM
ikloecker renamed this task from Draft: Kleopatra: General error if designated revoker not in keyring to Kleopatra: General error if designated revoker not in keyring.Mon, Nov 24, 9:36 AM
ikloecker changed the task status from Open to Testing.
ikloecker added a commit: rLIBKLEOb8bedbe76389: MessageBox: Fix options.
ikloecker added a comment.Mon, Nov 24, 9:40 AM

Best test this with a newer installer than gpg4win-5.0.0-beta413 to avoid the regression with the raw HTML (see T7886#208675).