Jun 15 2024
Jun 14 2024
I updated the certificates of Werner, Andre and you and got as result "The certificates were updated.", i.e. plural, for both, keyserver and WKD. Singular could mean that only updates for one certificate were found.
That the first result is selected is a side effect of making the certificate list more accessible. When the lookup finished, then the certificate list gets focus so that the users can immediately interact with the result. When the list gets focus we unset and reset the current item which triggers the selection of the item. And that triggers an accessible event (so that the user knows than a list item was/is selected).
Looking only at the text used, you get exactly the same messages used for single certificate updates, "The certificate has been updated" or "The certificate was not found.", both in the singular.
Querying WKDs for keys not retrieved via WKD leaks information, i.e. a (fake) WKD could track who is looking for keys. KDE's privacy-by-default policy doesn't allow such a setting to be enabled by default. (In VSD you can enable it for certain customers who don't have a problem with this.)
Note for testing: To reduce the PUK counter to 0 you have to enter a wrong PUK for "Unlock Card". The wrong PUK must have at least 8 characters. Otherwise, gpg-agent will consider the PUK wrong without even asking the smart card so that the smart card doesn't get a chance to reject the PUK and decrease the PUK counter.
And "But "Update certificate" does still not query WKD (not even after restarting Kleopatra.)" seems to happen because the setting "Query certificate directories of providers for all user IDs" wasn't enabled.
Tested with Gpg4win-4.3.2-beta25:
When VSD33 has been updated to integrate the fix/commit then this can be closed (i.e. set to vsd-3.3.0) without manual test, in my opinion.
The (rather trivial) changes where reviewed by Sune. And it's not really a very important issue. Therefore, I'll set it directly to resolved.
Merged to VSD33.
Ok, follow up for the column is T7155.
Jun 13 2024
I can confirm that Kleopatra reports "The certificate was updated." when updating the certificate werner.koch@gnupg.com although gpgme reports "unchanged: 1" as ImportResult. Kleopatra even reports "The certificate was updated." under WKD for a locally generated test key that's not available via WKD. This should be fixed.
Tested with Gpg4win-4.3.2-beta25:
gpg uses "Remaining attempts:" for the pinentry. I'll use this also in Kleopatra so that the users can more easily recognize that this is the same information.
One idea to solve this would be to use a different model because our KeyListModel doesn't allow multiple entries with the same fingerprint. This would also allow us to get rid of columns that make no sense in this workflow like the User IDs column (validity checks are impossible).
Note that signature notations are now always loaded (after the initial key listing which is done without them). I have enabled this to make features like T6766: Kleopatra: On export, inform user about uncertified user IDs which require all certifications just work, without having to remember to load certifications or signature notations when needed which would just lead to bugs because one would obviously forget to remember this.
For Gpg4win-4.3.2-beta25: Compendium is now listed before "More documentation".
I'd say "PIN counters:" is enough in combination with a tool tip. An additional documentation in a manual is always nice, of course. But do we really need the "PIN" here? As long as after the colon PIN, PUK, etc is listed, I think we could drop it here and say "Retry counters"
One could also contemplate using something like "No. of tries left".
Done. This is how it looks like:
Should I make a new ticket for making the origin column default for the search?
This depends on what this ticket was intended to cover.
I always see the tags in the main certificate view in VSD 2.2 as well as the current Gpg4win-4.3.2-beta25.