//Tested: linux / en / 20.03.25//
Setup
=====
**Select `My Certificate`**
- [x] {key ui/enhancement/minor} Remove Option `No certificate`? Choosing it results in an error anyway.icon circle color=lightgreytext} {key ui/enhancement/minor}
Remove Option `No certificate`? Choosing it results in an error anyway. Maybe needed, if no certificates are available?
- [ ] ~~{icon times-circle} {key ui/feature}
~~Tooltips with selectable text (e.g. to copy the fingerprint for bug reports)~~ Not feasible
**Input `Path`**
- [ ] {key bug} Adding an existing store will overwrite the root `.gpg-id` fileicon circle color=lightgreytext} {key bug}
Adding an existing store will overwrite the root `.gpg-id` file regardless of the differences (but not reencrypt).
Maybe add a warning dialog with an explanation, a diff of the ids and resolution options (e.g. keep, overwrite, overwrite and reencrypt).
and resoluOr probably better just replace the cert selection options (e.g. keepfield with some user feedback, overwrite, overwritethat a store is detected (has .gpg-id) and reencrypt)just import it without changes.
Or probably better just replace the cert selection field with some user feedback,- [ ] {icon circle color=lightgreytext} {key config/bug}
that a store is detected (has .gpg-id) and just import it without changes.
- [ ] {key config/bug} Three slahes at the beginning autocompletes working directory
{F20776899}
{F20776900}
{F20776901}
- [ ] {key config/minor} Maybe normalize generated path:icon circle color=lightgreytext} {key config/minor}
`/home/user/////////kde/.password-store-test4///////` results inMaybe normalize generated path: `/home/user/////////kde/.password-store-test4///////` results in `Path[$e]=$HOME/////////kde/.password-store-test4///////`.
`Path[$e]=$HOME/////////kde/.password-store-test4///////`.
This path will be visible for the user e.g. on creation of new folders
and accidentally using `//` could be problematic in other programs/contexts.
**Dialog `Generate a new OpenPGP certificate`**
- [x] {icon circle color=lightgreytext} {key config/minor} r
Resulting `.gpg-id` has no newline, which differs from `pass init`.
Might result in copy & paste errors, if the gpg id is copied from terminal
(e.g. `78982DB8B11C0B15#`).
- [x] {key bug/minor} Leaving the wizard open for some (very long) time,icon circle color=lightgreytext} {key bug/minor}
Leaving the wizard open for some (very long) time, another window with the same wizard will appear - maybe a timeout?
{F20776847}
- [ ] {icon circle color=lightgreytext} {key ui/minor}
Input fields slightly cut, to reproduce
1. open Section `Advanced Options` -> Field `Name`/`Email` cut on the right
2. check Checkbox `Protect` -> Field `Name`/`Email` cut on the left
{F20776882}
- [ ] {icon circle color=lightgreytext} {key ui/minor}
Dialog window keeps height after expansion and collapse of the Section `Advanced options` (probabaly not worth a fix)
- [ ] {icon circle color=lightgreytext} {key feature}
- [ ] {key feature} Creation of certs possible, but not the deletion?
- [ ] {key comprehesion} The `(between X and Y)` dates in the description of `Valid until` can be misleading.icon circle color=lightgreytext} {key comprehesion}
It took a while to understand, that it's not about the resulting valid period,The `(between X and Y)` dates in the description of `Valid until` can be misleading.
It took a while to understand, that it's not about the resulting valid period, but rather the min/max of the `until` value. 2106 also looks very arbitrary.
Maybe `choose between`, or move the description into the datetime widget or just remove it completely?
The datetime widget prevents the choice anyway, which should be intuitive.
- [ ] {key comprehesion/minor} Tooltip Text `unrecoverable` in Checkbox `Protect`: Understandable for the users?icon circle color=lightgreytext} {key comprehesion/minor}
Maybe expand to a sentence, that the passphrase needs to be kept save andTooltip Text `unrecoverable` in Checkbox `Protect`: Understandable for the users?
Maybe expand to a sentence, that the passphrase needs to be kept save and secrets are lost without it.
- [ ] {key comprehesion/enhancement} Mark the recommended algorithm in Section `Advicon circle color=lightgreytext} {key comprehesion/enhanced options`?ment}
e.g. `curve25519 (Mark the recommended)` as Label? If users are playing around with it, they algorithm in Section `Advanced options`?
e.g. `curve25519 (recommended)` as Label? If users are playing around with it, they might end up generating keys with deviating algorithm.
- [ ] {key comprehesion/minor} Dialog description `name and/or email`:icon circle color=lightgreytext} {key comprehesion/minor}
Dialog description `name and/or email`: Do users understand the implications of choosing both/between?
Main
====
- [x] {key keyboard/bug}: Using shortcut `Ctrl-Q` triggers a warning, that this sequence isicon circle color=lightgreytext} {key keyboard/bug}
ambiguous andUsing should be resolved in the Shortcut Settings.rtcut `Ctrl-Q` triggers a warning, In these Settings I see,that this sequence is ambiguous and should be resolved in the Shortcut Settings.
In these Settings I see, that this Shortcut is only mapped to `gpgpass/Quit`. Might be my config?
- [x] {key note} Currently multiple `gpgpass` instances are allowed,icon circle color=lightgreytext} {key note}
Currently multiple `gpgpass` instances are allowed, which probably could lead to inconsistencies.
Maybe restrict to one per configuration file?
Menus
-----
- [ ] {icon circle color=lightgreytext} {key bug}
`Über GPGPass` and `SDPSX-License-Identifier` in gpgpassui.rc links GPL2, README references GPL3
{F21156761}
- [ ] {key ui/enhancement/minor} Better choice of icons possible?icon circle color=lightgreytext} {key ui/enhancement/minor}
Mix of colored / blue / black without semantical meaning.Better choice of icons possible?
`edit` has the same icon as `configure`Mix of colored / blue / black without semantical meaning. Configuration icon not optimal in my opinion,`edit` has the same icon as `configure`.
Configuration icon not optimal in my opinion, at least for the toolbar (the bottom line matches visually with the Shortcut underscore and looks a bit broken in my opinion).
and looks a bit broken in my opinion).- [ ] {icon circle color=lightgreytext} {key language}
- [ ] {key language} `en_US` chosen, but many German translations present, e.g.
- `GPGPass einrichten ...`
- `Einstellungen`
- `Hilfe`
- etc.
- [ ] {icon circle color=lightgreytext} {key note}
`Handbuch` ~~and `Was ist das?`~~: disfunctional, probably placeholder?
- [ ] {icon circle color=lightgreytext} {key note}
- [ ] {key note} `Probleme oder Wünsche berichten`: reports with user account only?
Search
------
- [x] {icon circle color=lightgreytext} {key ui/bug} s
Searches have different results, e.g. for current testdata
1. start gpgpass
2. repeated search
1. search for `entry`
2. delete search term and wait for tree to rerender
{F21156706}
{F21156714}
{F21156720}
- [ ] {icon circle color=lightgreytext} {key ui/enhancement}
Deep folder structures in searches might be confusing
- contents of matched folders are included in the search, which makes sense
- parents of matched folders might be unneccessary, maybe it's worth a try to omit them,
if possible
- open matched folders with many entries will also possibly push the next matches out of view
- maybe highlight matched substring in folders/entries
- maybe close matched (sub-)folders
{F20937984}
- [x] {icon circle color=lightgreytext} {key bug}
RegEx special chars should better be handled in search. stdout:
```
QString(View)::contains(): called on an invalid QRegularExpression object (pattern is '*')
QString(View)::contains(): called on an invalid QRegularExpression object (pattern is '?')
QString(View)::contains(): called on an invalid QRegularExpression object (pattern is '\')
```
- [x] {key bug/minor} Unescaped regex special chars (e.g. `wertpasdg.-`) as first search termicon circle color=lightgreytext} {key bug/minor}
Unescaped regex special chars (e.g. `wertpasdg.-`) as first search term char (1 char only?) will be interpreted as regex, which might get unexpected results.
{F20777057}
{F20777374}
{F20777454}
- [ ] {icon circle color=lightgreytext} {key bug/minor}
Same for the user cert list search
- [ ] {icon circle color=lightgreytext} {key ui/bug}
Folders in results closed by default, if previous search result found no results. to reproduce with current testdata,
1. search for `empty` -> folder is open
{F21156300}
2. search for `asdf` -> no passwords found
{F21156314}
3. search for `empty` -> all folders closed
{F21156320}
{F21156331}
- [ ] {key ui/security/minor} All Folders briefly open on search, whichicon circle color=lightgreytext} {key ui/security/minor}
All Folders briefly open on search, which might leak information (over-the-shoulder)
Password Tree
-------------
**Folders**
- [x] {icon circle color=lightgreytext} {key ui/bug} `
`.password-store` folder is shown. To recreate
1. Enter some chars in Input `Search` and press `Enter`
2. Remove all chars and wait
- [ ] ~~{key ui/idea} If the password store root folder would be included in the tree,- [x] {icon circle color=green} {key ui/idea}
it would be possible to show all configured stores simultanously (e.g.~~If the password store root folder would be included in the tree, with an additionalit would be possible to show all configured stores simultanously
(e.g. with an additional `name` attribute in the store configuration).
On the other hand, a conscious decision to switch the profile might be preferable to prevent user mistakes and over-the-shoulder information leaks.~~
to prevent user mistakes and over-the-shoulder information leaks.~~ already donealready done
- [ ] {icon circle color=lightgreytext} {key ui/enhancement/minor}
- [ ] {key ui/enhancement/minor} If the password store is changed on filesystem, the tree might be updated only partially.
be updated only partially. Looks like this happens only, if the root folder was deleted and recreated, so this might be ok.
{F21156569}
{F21156581}
**Navigation**
- [ ] {icon circle color=lightgreytext} {key ui/bug}
Entry is not viewed after de- and reselect. `clipboard cleared` displayed on bottom.
The same happens, when the content panel is automatically closed (if enabled in settings).
To reproduce:
1. Select an entry (shown)
2. Unselect the entry (via click on the item)
3. Select the entry again
{F20777787}
- [ ] {icon circle color=lightgreytext} {key ui/enhancement}
Disable deselection of the currently active entry.
- It feels unexpected ~~and I can't think of any usecase~~. This could break toolbar `Add` (no way to add in root folder, if folder cannot be deselected).
- In edit mode, the changes are lost on deselection.
- [ ] {key ui/enhancement} Accessing the `edit` view feels uncomfortable. I know, it's in theicon circle color=lightgreytext} {key ui/enhancement}
Accessing the `edit` view feels uncomfortable. I know, it's in the toolbar, but choosing the right button from global context needs attention.
Suggestions (preferably all of them):
- Edit entry on doubleclick
- Add edit button in the tree item row (e.g. floating right)
- Add edit button on `Show entry` view (e.g. on title row left of `copy` button)
- [ ] {key keyboard/bug} The `edit` shortcut does not work in `edit` entry mode,icon circle color=lightgreytext} {key keyboard/bug}
The `edit` shortcut does not work in `edit` entry mode, which is unexpected. To reproduce:
1. set `edit` shortcut
2. navigate (arrows) to some entry and press the `edit` shortcut -> `edit` view
3. navigate (arrows) to another entry and press the `edit` shortcut again -> `show` view
- [ ] {key keyboard/enhancement} Maybe add `edit` shortcut preset: `ctrl + enter`?icon circle color=lightgreytext} {key keyboard/enhancement}
Maybe add `edit` shortcut preset: `ctrl + enter`?
- [ ] {icon circle color=lightgreytext} {key keyboard/enhancement}
Add "Copy Password to Clipboard" Shortcut `ctrl + c`
- [ ] {icon circle color=lightgreytext} {key keyboard/enhancement}
- [ ] {key keyboard/enhancement} After opening an entry, keyboard up/down navigates the tree.
Maybe display the selected entry then (e.g. after timeout with reset on further keypresses)
- [ ] {key ui/feature} Allow multiselect (e.g. to delete multiple items at once)icon circle color=lightgreytext} {key ui/feature}
- [ ] {key ui/feature/minor} Add `copy` entry action Allow multiselect (e.g. In my password manager I use this often toto delete multiple items at once)
- [ ] {icon circle color=lightgreytext} {key ui/feature/minor}
Add `copy` entry action. In my password manager I use this often to ensure the same name "syntax" optimized for search.
- [ ] {icon circle color=lightgreytext} {key ui/feature/minor}
Display/Copy path to password file, e.g. in Context Menu
**Moving**
- [ ] {icon circle color=lightgreytext} {key ui/bug}
Moving an item over another triggers the overwrite dialog.
Old item will be kept, the new item will be moved to `$(pwd)/.gpg`
Maybe just deactivate overwriting as it's not much useful?
- [ ] {icon circle color=lightgreytext} {key ui/bug/minor}
Moving an item visually suggests, that a custom order is possible
{F20777650}
**Renaming**
- [ ] {icon circle color=lightgreytext} {key config/bug/minor}
Folder/Entry names might conflict
(e.g. entry `name`, folder `name.gpg`). Not very likely, but maybe should be better handled.
- If an entry `name` does exist, adding a new folder `name.gpg` won't do anything.
- New folders `name.gpg` will result in filesystem folder `name.gpg`, but are shown
as `name` in the tree.
- Given a (filesystem) folder `name.gpg`, adding a new entry `name` will result
in an error `Filename refers to a directory` (which is good).
- [ ] {key ui/bug} Renaming an entry `entry` to an already existing folder `folder` will result
in unexpected behaviour: the folder is kept, the entry is moved into that folder,- [ ] {icon circle color=lightgreytext} {key ui/bug}
the tree might or might not be updated.Renaming an entry `entry` to an already existing folder `folder` will result in unexpected behaviour:
Given athe folder `name` and an entry `name`is kept, the same happensentry is moved into that folder, if the entry is renamedthe tree might or might not be updated.
Given a folder `name` and an entry `name`, the same happens, if the entry is renamed without changing the name (rename -> just click `OK`).
- [ ] {key ui/enhancement} Renaming an entry to an already existing entry does not workicon circle color=lightgreytext} {key ui/enhancement}
Renaming an entry to an already existing entry does not work (which makes sense) but should probably trigger a warning/error.
Entry View
----------
**New Entry**
- [ ] {key bug} Creating a new entry with the name of an existing entry will override theicon circle color=lightgreytext} {key bug}
Creating a new entry with the name of an existing entry will override the existing entry without warning.
- [ ] {key bug} `/` in entry names are interpreted as separatoricon circle color=lightgreytext} {key bug}
- `/` at start will be interpreted as absolute path,
e.g. `/path/to/other/.password-store/entryname` will work, although the dialog`/` in entry names are interpreted as separator
- `/` at start will be interpreted as absolute path, e.g. `/path/to/other/.password-store/entryname` will work, although the dialog explicitly states, where the file will be created
- `/` in the middle
- non exisiting paths display a user error:
`Could not read encryption key to use, .gpg-id file missing or invalid.`
- `notapath/../works` works
- `~` is not expanded
- If this path behaviour is intended or kept
- Display an error after path confirmation instead of checking on `save` only
- Only paths within the configured store path should be allowed
- [ ] {icon circle color=lightgreytext} {key bug} n
Names starting with `.`
- resulting files are hidden on linux, what might be a source of user errors, if files are copied manually
- entries are displayed in the tree after creation, but hidden after restart.
- folders are hidden in the tree after creation
- maybe just disallow all `.` files, or at least: `.gpg-id`, `.gpg-id.sig`, `.git`
- [ ] {icon circle color=lightgreytext} {key keyboard/bug}
`Enter` will close the form without saving. To reproduce
1. Add new entry
2. Enter password
3. Press `Enter`
- [ ] {icon circle color=lightgreytext} {key keyboard/enhancement}
On a new entry, the Input `Password` should have focus
**Show Entry**
- [ ] {key ui/security} Don't leak the number of chars in the password field, whichicon circle color=lightgreytext} {key ui/security}
Don't leak the number of chars in the password field, which heavily reduces the search space in brute force attacks
- [ ] {icon circle color=lightgreytext} {key ui/idea}
Does the `show entry` view add any value compared to the edit view?
The buttons for `copy to clipboard` and `show qr code` could also be added on the edit view.
Having only one view would simplify the interface quite a bit.
- [ ] {key security/feature} Protect more than `password`?icon circle color=lightgreytext} {key security/feature}
Protect more than `password`? Other fields might contain sensitive data, too. Probably would need a setting (list of keys).
- [ ] {icon circle color=lightgreytext} {key ui/enhancement}
- [ ] {key ui/enhancement} Long words/urls in description expand the view beyond viewport.
Buttons for qrcode/copy are out of reach, probably wrap lines.
Setting `Ignore Line Wrapping` suggests, that it should be set, but does not change behaviour.
{F21060206}
{F21060207}
- [ ] {key ui/enhancement/minor} Long keys expand the window beyond monitor border.icon circle color=lightgreytext} {key ui/enhancement/minor}
Long keys expand the window beyond monitor border. Maybe truncate with `...` prefix and add a Tooltip with full content.
{F21061334}
- beyond monitor border expansion also happend once on a "failed to encrypt" entry
- [ ] {key ui/bug} Clicking on fields centers content both vertically/horizontally.icon circle color=lightgreytext} {key ui/bug}
Clicking on fields centers content both vertically/horizontally.
Centering happens on text selection, too (e.g. to copy & paste).
Should be deactivated.
{F21060255}
{F21060256}
{F21060254}
- [ ] {key ui/enhancement} For multiple key/value pairs the buttons for qrcode/copy areicon circle color=lightgreytext} {key ui/enhancement}
For multiple key/value pairs the buttons for qrcode/copy are hard to match. Maybe add e.g.
- separator lines
- alternating odd/even backgrounds
- highlight of row on mouseover
{F21060309}
- [ ] {icon circle color=lightgreytext} {key ui/bug/minor}
Problems with QR-Code for long passwords/values:
QR code probably gets too small at around 1000 chars and is empty at about 2954 chars.
Maybe keep pixel size constant and resize the window instead and/or display a user error if the string length exceeds a threshold.
{F21060328}
{F21060329}
{F21060330}
{F21060331}
{F21060327}
- [ ] {key ui/security/minor} Binary data in entries is displayed/interpreted (file might be added/changed by someone else,icon circle color=lightgreytext} {key ui/security/minor}
Binary data in entries is displayed/interpreted (file might be added/changed by someone else, e.g. if the store is shared among team members;
without signature checks, it could be encrypted for the user by anyone)
- does not break, but some control chars seem to work (e.g. `rtl`). many errors on stdout: `qt.text.font.db: OpenType support missing for "[...]", script 66´
{F21060620}
- qr code works, but adds new contexts (e.g. qr code reader on smartphones), in which the data might be interpreted
{F21060623}
**Edit Entry**
- [ ] {icon circle color=lightgreytext} {key ui/bug} d
Deleting the search term during `edit` closes the edit view (without saving)
**Templates (auto)**
- [ ] {key config/enhancement} Maybe split templated key/values on first `: ` (with space)icon circle color=lightgreytext} {key config/enhancement}
Maybe split templated key/values on first `: ` (with space) instead of `:`, e.g. for `key:with:colons: value`
{F21061490}
- [ ] {icon circle color=lightgreytext} {key config/enhancement} l
Lines with empty values are deleted on `save`, probably as intended.
Might be problematic for existing stores with non-conforming entries (e.g. managed via `pass`).
Suggestion: Visually mark fields to be deleted in edit form.
- [ ] {icon circle color=lightgreytext} {key config/enhancement/minor}
Maybe handle empty key, e.g. `:empty`
{F21061537}
{F21061538}
**Templates (fixed)**
- [ ] {icon circle color=lightgreytext} {key config/minor}
`Login` with capital `L` in default template (like capital `Password`, `URL`)
Settings
========
- [ ] {icon circle color=lightgreytext} {key ui/enhancement/minor}
Change of `Use template` and `Show all fields templated` could rerender `view` entry.
could rerender `view` entry. `edit` entry might better be closed or redirected to view `entry` without save then