Kleopatra: Optionally, allow encryption with invalid or expired certificates
Open, NormalPublic
Actions

Assigned To

None

Authored By

	• ikloecker
	Mon, Mar 30, 11:54 AM

Description

Kleopatra should allow the encryption with invalid (e.g. missing root certificate) or expired certificates.

Possible implementation:

add a checkbox "Lower Security" ("Sicherheit verringern") next to the disabled OK button
- should only be displayed, if a forbidden cert (only invalid/expired, not revoked or disabled) is selected
- tooltip should show more explanation for the implications (especially vs-nfd compliance)
- if checked
  - the OK button should be re-enabled (which adds the "always-trust or ignore-expiration" flag; needs the latter flag implemented in gpg) -> T8195: Add option --ignore-expiration to gpg and gpgsm
  - on OK, an additional warning/confirmation dialog with an explanation of the implication should be displayed
add a registry setting flag to disable this checkbox (as some admins might not want to enable their users to do this)

		Status	Assigned	Task
		Open	None	T8193 Add a workflow to force encryption/signature with invalid or expired certificates
		Open	None	T8201 Kleopatra: Optionally, allow encryption with invalid or expired certificates

• ikloecker triaged this task as Normal priority.Mon, Mar 30, 11:54 AM

• ikloecker created this task.

• ikloecker created this object with edit policy "Contributor (Project)".