a GUI for GNU PG among other things
Details
Details
Description
Today
Today
• ikloecker placed T7790: Kleopatra: "no trusted certification" should have precedence over "expired" in signature verification up for grabs.
I don't know how I'm supposed to change/fix this. Not even gpg does what the ticket wants (see the sub ticket). And gpg doesn't report sufficient information to Kleopatra via gpgme. In fact, gpg doesn't emit a STATUS_TRUST_* message if the signing key is expired. Hence, gpgme reports "unknown" validity for the signing key, so that Kleopatra would always print "The used key is not certified by you or any trusted person." for expired keys even if the key was fully certified before it expired.
• ikloecker changed the status of T8035: Kleopatra: Good signatures are reported as invalid signatures if key is expired or revoked from Open to Testing.
Fixed. Some examples for the improved texts which are based on the texts that gpg prints.
- good signature with expired key
- good signature with revoked key
- good signature with uncertified key
- expired signature with certified key
- expired signature with uncertified key
exoosh added a comment to T4581: Kleopatra stuck in loading the certificate cache.
Indeed, it looks this way. Thanks so much! Windows 10 and 11 in my case.
• ikloecker triaged T8035: Kleopatra: Good signatures are reported as invalid signatures if key is expired or revoked as Normal priority.
timegrid added a comment to T7008: Kleopatra: New tabs in certficate list should use same column layout as current tab.
Is this is good enough or should the import cert list also inherit the layout (with or without additional columns) from the currently active tab?
timegrid closed T7434: Kleopatra: Initial keylisting hangs for ~60 seconds (gpg-agent: Socket ...S.gpg-agent cannot be bound) as Resolved.
Looks good to me on gpg4win-5.0.0 @ win11. Tested with 20 starts of each combination:
- with / without keyboxd
- quitting kleopatra / killing all processes
Looks good to me on gpg4win-5.0.0 @ win11. Tested with 20 starts of each combination:
- with / without keyboxd
- quitting kleopatra / killing all processes
Looks good to me on gpg4win-5.0.0 @ win11. Tested with 20 starts of each combination:
- with / without keyboxd
- quitting kleopatra / killing all processes
timegrid added a comment to T7008: Kleopatra: New tabs in certficate list should use same column layout as current tab.
Another correction: I'm quite sure, that changing the width worked for a while (until i created that new tab), but I can't reproduce this anymore (even after deleting kleopatrastaterc). Now the import list again seems to have it's own memory (changing width in the import list will be kept on the next import)
timegrid added a comment to T7008: Kleopatra: New tabs in certficate list should use same column layout as current tab.
Correction: On import, the width of the last created tab (not the current one) will be used, but additional columns won't be added.
• ikloecker added a comment to T7790: Kleopatra: "no trusted certification" should have precedence over "expired" in signature verification.
Screenshots how Kleopatra currently shows the result of the verifications:
• ikloecker renamed T8029: IPC error on batch import of secret kyber cert from Kleopatra: IPC error on import of secret kyber cert to IPC error on batch import of secret kyber cert.
• ikloecker changed the status of T6623: Kleopatra hangs "Loading certificate cache" on Windows 10 from Open to Testing.
I think this has been resolved in Gpg4win 5.
• ikloecker changed the status of T4581: Kleopatra stuck in loading the certificate cache from Open to Testing.
I think this has been resolved in Gpg4win 5.
• ikloecker changed the status of T7434: Kleopatra: Initial keylisting hangs for ~60 seconds (gpg-agent: Socket ...S.gpg-agent cannot be bound) from Open to Testing.
I think this has been resolved in Gpg4win 5.
Yesterday
Yesterday
• ikloecker changed the status of T8030: Kleopatra: Add hint to filename of secret team key exports with signing key from Open to Testing.
The suffixes _ENCRYPT_SIGN and _ENCRYPT are used to differentiate the two export results.
• ikloecker changed the status of T8027: Kleopatra: a secret team key should always include all public key information from Open to Testing.
If only the secret encryption subkey is exported and there is a signing subkey then, additionally, to the secret subkey export a public export is added to the created file, i.e. in the created file there's a PUBLIC KEY BLOCK and a PRIVATE KEY BLOCK. (With the next version of gpgme the public key block only contains the primary key and the signing subkey. Currently, it's a full public key export of the team key.)
• ikloecker closed T8033: gpgme: Support --export-filter, a subtask of T8027: Kleopatra: a secret team key should always include all public key information, as Resolved.
timegrid added a comment to T7008: Kleopatra: New tabs in certficate list should use same column layout as current tab.
In gpg4win-5.0.0-beta479 @ win11
- I can confirm, that a new tab will inherit the layout from the currently active tab
- On import
- The layout of the main tab is kept
- The import cert table has it's own layout though (default columns/widths) - should this be different?
• ikloecker added a comment to T7455: Improved Sign/Encrypt/Decrypt/Verify from clipboard.
timegrid changed the status of T7455: Improved Sign/Encrypt/Decrypt/Verify from clipboard from Testing to Open.
Mostly looks good to me on gpg4win-5.0.0-beta479 @ win11.
timegrid moved T7429: Kleopatra: Importing certificate from Verification result dialog doesn't correctly re-verify the signature from QA to Done on the gpd5x board.
Looks good to me on gpg4win-5.0.0-beta479 @ win11:
Tue, Jan 13
Tue, Jan 13
• ikloecker added a comment to T5707: Kleopatra: Use windows registry additionally to config files.
I've changed this now to "GnuPG VS-Desktop" (and "GnuPG Desktop").
• werner added a comment to T5707: Kleopatra: Use windows registry additionally to config files.
Am I right that for VSD we use:
• ikloecker changed the status of T5707: Kleopatra: Use windows registry additionally to config files from Open to Testing.
• ikloecker added a comment to T5707: Kleopatra: Use windows registry additionally to config files.
We set the following organization names for the different products:
- Gpg4win: Gpg4win
- GnuPG-Desktop: GPD
- GnuPG-VS-Desktop: VSD
i.e. the registry path for Kleopatra settings will be for example
SOFTWARE\Gpg4win\Kleopatra\<config group>\<config entry>
• TobiasFella changed the status of T7831: Kleopatra: Configuration of the initial status of all checkboxes in the sign/encrypt dialog from Open to Testing.
timegrid changed the status of T5707: Kleopatra: Use windows registry additionally to config files from Testing to Open.
On gpg4win-5.0.0-beta479 @ win11 the registry settings are not read due to the organization name not set.
@werner: gpg fails to batch import secret Kyber keys:
$ GNUPGHOME=/home/ingo/dev/g10/.gnupghomes/empty gpg --batch --import --verbose ~/dev/g10/testdata/exported/Kyber768_0xDD89C34EF2B69576_SECRET.asc gpg: WARNING: unsafe permissions on homedir '/home/ingo/dev/g10/.gnupghomes/empty' gpg: enabled compatibility flags: gpg: sec brainpoolP256r1/DD89C34EF2B69576 2024-11-14 Kyber768 <kyber768@example.net> gpg: using pgp trust model gpg: key DD89C34EF2B69576: public key "Kyber768 <kyber768@example.net>" imported gpg: key DD89C34EF2B69576/DD89C34EF2B69576: secret key imported gpg: key DD89C34EF2B69576/D07DD3BF9F1AAF4F: error sending to agent: IPC parameter error gpg: error reading '/home/ingo/dev/g10/testdata/exported/Kyber768_0xDD89C34EF2B69576_SECRET.asc': IPC parameter error gpg: import from '/home/ingo/dev/g10/testdata/exported/Kyber768_0xDD89C34EF2B69576_SECRET.asc' failed: IPC parameter error gpg: Total number processed: 0 gpg: imported: 1 gpg: secret keys read: 1
timegrid updated the task description for T8029: IPC error on batch import of secret kyber cert.
timegrid added a comment to T8029: IPC error on batch import of secret kyber cert.
Importing the same files via cli does work:
timegrid updated the task description for T8029: IPC error on batch import of secret kyber cert.
timegrid added a comment to T8029: IPC error on batch import of secret kyber cert.
Screenshots of different imports:
timegrid added a comment to T8029: IPC error on batch import of secret kyber cert.
gpgme.log (import of kyber team key with signing key):
timegrid added a comment to T8029: IPC error on batch import of secret kyber cert.
gpgme.log (import of normal non team key kyber cert):
timegrid raised the priority of T8029: IPC error on batch import of secret kyber cert from Normal to High.
• ebo added a comment to T8030: Kleopatra: Add hint to filename of secret team key exports with signing key.
or maybe for the fist one "_ENC_ONLY"
timegrid triaged T8030: Kleopatra: Add hint to filename of secret team key exports with signing key as Normal priority.
• ebo edited projects for T5957: Kleopatra: Show recipient information in the Notepad next to the input field , added: gpd5x (gpd-5.0.0); removed gpd5x.
• ebo edited projects for T6627: Kleopatra: Add checkbox in certifications dialog, added: gpd5x (gpd-5.0.0); removed gpd5x.
• ebo edited projects for T7045: Kleopatra: Use "SCD DEVINFO --watch" also on Windows, added: gpd5x (gpd-5.0.0); removed gpd5x.
• ebo edited projects for T6688: Kleopatra GPGME: Reported assert on exit, added: gpd5x (gpd-5.0.0); removed gpd5x.
• ebo edited projects for T6893: Kleopatra: Drag & Drop certificates to somewhere to export them, added: gpd5x (gpd-5.0.0); removed gpd5x.