Page MenuHome GnuPG
Create Task
Maniphest T7981

Draft: Kleopatra: Show "No secret key" error for S/MIME protocol
Open, NormalPublic
Actions

Description

When using keyboxd, as well a in recent VSD versions, there is no "No secret key" error shown for S/MIME encrypted data if the secret key is missing.
Instead the corresponding error for S/MIME is "Not found":

C:\Users\g10code.WIN-TEST3\Documents>gpgsm -d test.txt.p7m
gpgsm: failed to find the certificate: Nicht gefunden
gpgsm: message decryption failed: Nicht gefunden <Keybox>
[GNUPG:] FAILURE gpgsm-exit 50331649

"Not found" here is no user friendly error message, it begs the question "what was not found?".
As we do use the "No secret key" error for OpenPGP in the corresponding case and we also did give that error for missing S/MIME keys in old Kleopatra versions without keyboxd I believe we should show the same error for both protocols.

In old VSD versions (checked for 3.1.26) it looks like this:


with the gpg part:

gpgsm: failed to find the certificate: Unbekannter Systemfehler
gpgsm: message decryption failed: Kein geheimer Schlüssel <GPGSM>

The "unknown system error" was fixed meanwhile, but the "No secret key" error message got lost since then, too.

In the current vsd version 3.3.4 it looks like this:


with the gpg part:

gpgsm: failed to find the certificate: Nicht gefunden
gpgsm: message decryption failed: Nicht gefunden <GPGSM>

Details

Version
all recent versions

Event Timeline

ebo created this task.Wed, Dec 17, 9:00 AM
ebo created this object with edit policy "Contributor (Project)".
ebo renamed this task from Kleopatra: Show "No secret key" error for S/MIME protocol to Draft: Kleopatra: Show "No secret key" error for S/MIME protocol.Wed, Dec 17, 9:52 AM
ebo triaged this task as Normal priority.
ebo added a comment.Wed, Dec 17, 10:02 AM

The aim of this ticket is to map the message in Kleo for the corresponding gpg case to the "Not found" error in gpgsm and thus show the other message instead.

If this is possible, I would suggest to not only change the error message "Not found", but the whole text shown to the user, which is currently:

Unable to decrypt <filename>%1</filename>: %ERROR-MESSAGE
The data was not encrypted for any secret key in your certificate list.

And make it so that when we change this text again in the future, it will be changed for both OpenPGP and S/MIME protocol.