Page MenuHome GnuPG
Create Task
Maniphest T8035

Kleopatra: Good signatures are reported as invalid signatures if key is expired or revoked
Testing, NormalPublic
Actions

Description

While looking into T7790: Kleopatra: "no trusted certification" should have precedence over "expired" in signature verification I noticed that Kleopatra reports good signatures as "invalid" if the signing key is expired or revoked. I don't think that this is done intentionally. gpg reports such signatures as good signatures. See T7790#210769 (for output of gpg) and T7790#211521 (for screenshots of Kleopatra).

Revisions and Commits

rLIBKLEO Libkleo
rLIBKLEO5068e461be73 Adapt test to new signature verification texts
rLIBKLEO9b09f94aed6e Fix and improve handling of good but not fully valid signatures

Related Objects

Event Timeline

ikloecker triaged this task as Normal priority.Thu, Jan 15, 2:12 PM
ikloecker created this task.
ikloecker added a commit: rLIBKLEO9b09f94aed6e: Fix and improve handling of good but not fully valid signatures.Thu, Jan 15, 4:26 PM
ikloecker changed the task status from Open to Testing.Thu, Jan 15, 4:45 PM
ikloecker moved this task from Backlog to WIP on the gpd5x board.

Fixed. Some examples for the improved texts which are based on the texts that gpg prints.

  • good signature with expired key

  • good signature with revoked key

  • good signature with uncertified key

  • expired signature with certified key

  • expired signature with uncertified key

Hint: Create expired signatures with gpg --default-sig-expire seconds=5 --detach-sign ...

This ticket is mostly about fixing the problem that good signatures were reported as invalid. Unless there are actual errors in the new texts there's T7786: Draft: Kleopatra: improvements of signature verification result messages for improving the messages.

ikloecker added a commit: rLIBKLEO5068e461be73: Adapt test to new signature verification texts.Thu, Jan 15, 5:02 PM