Page MenuHome GnuPG
Create Task
Maniphest T8042

Kleopatra: Add expired/revoked information to ldap search results
Open, NormalPublic
Actions

Description

Expired/Revoked certificates are currently displayed without further information of their expired/revoked status in the LDAP search results:

The LDAP OpenPGP Schema has fields with the necessary information. I'm not sure, if those fields are deprecated or could be trusted, but they are still set on upload (tested with OpenLDAP):

It would be helpful to display the status information in the search results (similar to the main certificate list), e.g.:

  • Add a "Status" column (revoked/expired) - not sure what to display on possibly valid ones, as signatures can't be checked (maybe just empty)
  • Display format for revoked/expired rows (gpg4win: red font, vsd: red background)

Details

Version
gpg4win-5.0.0 @ win11, vsd-3.3.4 @ win10

Event Timeline

timegrid created this task.Mon, Jan 19, 12:04 PM
timegrid created this object with edit policy "Contributor (Project)".
timegrid added a comment.Mon, Jan 19, 1:31 PM

Another possibility would be to just add a revoked column (expiration date is already shown) to keep closer to the ldap schema.

ikloecker renamed this task from Kleopatra: Add expired/rekoved information to ldap search results to Kleopatra: Add expired/revoked information to ldap search results.Mon, Jan 19, 3:55 PM
timegrid added a comment.Mon, Jan 19, 4:02 PM

gpgme.log (vsd 3.3.4):

gpgme_log.vsd334.txt141 KBDownload

gpgme.log (gpg4win 5.0.0):

gpgme_log.gpg4win500.txt152 KBDownload

ikloecker added a comment.Mon, Jan 19, 4:13 PM

The gpgme logs show that the information for revoked keys should be there. We just need to check for it (and somehow visualize it).

pub:o:3072:1:3DA05D6B0A5998AF:1768822823:1863514800::::::::
fpr:::::::::C70F6D8F32DFE96F5C47C40B3DA05D6B0A5998AF:
uid:o::::::::search (valid) <search@gnupg.test>\r:

pub:or:3072:1:E03DEA70D0C2F55B:1768822881:1863514800::::::::
fpr:::::::::6A65D432A5115953E84167D1E03DEA70D0C2F55B:
uid:o::::::::search (revoked) <search@gnupg.test>\r:

pub:o:3072:1:EF3EF73230C3DECF:1768822848:1768823468::::::::
fpr:::::::::38C1F8F9258B7B77989B7AFFEF3EF73230C3DECF:
uid:o::::::::search (expired) <search@gnupg.test>\r:
ebo triaged this task as Normal priority.Tue, Jan 20, 9:07 AM