Page MenuHome GnuPG
Create Task
Maniphest T8146

Kleopatra: Do not offer "Save Secret Team Key" for card keys
Testing, NormalPublic
Actions

Description

The action "Save Secret Team Key" is also offered if the secret key only resides on a smart card, not on disk.
If the key is not on disk, too, the action should be greyed out, same as "Backup Secret Keys".

Btw, "Save Secret Team Key" does in this case create a file named as expected for a team key (Berta_Boss_0x458612006D8E6F0D_SECRET_TEAM_KEY_ENCRYPT.asc) . Importing it in another keyring results in import of only the public key only, though there seems to be some information included that it should be a secret key:

gpg: key 458612006D8E6F0D: public key "Berta Boss <Berta.Boss@demo.gnupg.com>" imported
gpg: To migrate 'secring.gpg', with each smartcard, run: gpg --card-status
gpg: key 458612006D8E6F0D: secret key imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg:       secret keys read: 1
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   1  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:   1  signed:   0  trust: 1-, 0q, 0n, 0m, 0f, 0u

Details

Version
Gpg4win-5.0.2-beta2

Revisions and Commits

rKLEOPATRA Kleopatra
rKLEOPATRA6284ec6163d6 Don't offer export of signing subkey of team key for card keys
rKLEOPATRA11b311ac4039 Don't offer Save Secret Team Key for card keys
rKLEOPATRA039eddcede68 Add mechanism for more esoteric applicability checks of commands

Related Objects

Event Timeline

ebo triaged this task as Normal priority.Wed, Mar 4, 10:50 AM
ebo created this task.
ebo mentioned this in T7581: Kleopatra: Create team key.Wed, Mar 4, 11:18 AM
ikloecker claimed this task.Thu, Mar 5, 10:26 AM
ikloecker moved this task from Backlog to WIP on the gpd5x board.
ikloecker added a commit: rKLEOPATRA039eddcede68: Add mechanism for more esoteric applicability checks of commands.Thu, Mar 5, 11:30 AM
ikloecker added a commit: rKLEOPATRA11b311ac4039: Don't offer Save Secret Team Key for card keys.
ikloecker added a commit: rKLEOPATRA6284ec6163d6: Don't offer export of signing subkey of team key for card keys.
ikloecker changed the task status from Open to Testing.Thu, Mar 5, 11:36 AM

Fixed.

Additionally, the action is no longer offered for keys with an encryption-capable secret primary key without secret encryption subkey.
And sharing the secret signing subkey isn't offered anymore if this is a card key.

ikloecker mentioned this in Unknown Object (Maniphest Task).Mon, Mar 9, 9:11 AM
ikloecker added a comment.Thu, Mar 12, 2:04 PM

Note: This isn't included in Gpg4win 5.0(.2).