Change Details

Revoked User IDs are offered for encryption, which is confusing to users. This is not always the case, it seems as if it depends on if they have been used in the past. Additionally, the icons used for revoked UIDs in the sign/encrypt dialog may change and are partially wrong. How to reproduce: Encrypt something selecting one of the uids of a certificate with at least 2 of them. Then revoke that UID. Start to encrypt a message or go to the recipients tab of the notepad. Check which UIDs are offered: {F23992974} In case it is relevant, this is the window which opens if you choose the icon on the right of the drop down menu in the same case: {F23993018} Here all user-IDs are offered, be they valid or not, even if the UID was never selected for encryption. If I remember correctly, we planned to show revoked uids only in the extended filter dialog window? (so that user missing an ID they encrypted to before can find it there if they look.) This looked at first as if it was a regression, as the revoked certificates were not offered in VSD 3.3.0, see {T7183}. But if you have used the revoked UID before, it ist offered even in 3.3.0. And you can encrypt to it, too, although with a red encrypt button. Edit 2025-06-11: the following part was wrong, I'd deleted the secret key in between which of course explains it… I'll delete that part to make the ticket more readable. But it seems the issue goes away if you delete the secret key and then reimport it.

Revoked User IDs are offered for signing/encrypt to self, which is confusing to users. This is not always the case, it seems as if it depends on if they have been used in the past. Additionally, the icons used for revoked UIDs in the sign/encrypt dialog may be a green check mark, while the background color is red. The background and the icon should always agree. How to reproduce: Encrypt something selecting one of the uids of a certificate with at least 2 of them. Then revoke that UID. Start to encrypt a message or go to the recipients tab of the notepad. Check which UIDs are offered: {F23992974} In case it is relevant, this is the window which opens if you choose the icon on the right of the drop down menu in the same case: {F23993018} Here all user-IDs are offered, be they valid or not, even if the UID was never selected for encryption. If I remember correctly, we planned to show revoked uids only in the extended filter dialog window? (so that user missing an ID they encrypted to before can find it there if they look.) This looked at first as if it was a regression, as the revoked certificates were not offered in VSD 3.3.0, see {T7183}. But if you have used the revoked UID before, it ist offered even in 3.3.0. And you can encrypt to it, too, although with a red encrypt button. Edit 2025-06-11: the following part was wrong, I'd deleted the secret key in between which of course explains it… I'll delete that part to make the ticket more readable. But it seems the issue goes away if you delete the secret key and then reimport it. Edit2 2025-06-11: Only or the fist encryption after reimport was only the valid UID offered. After encrypting to the key once using that valid UID on the next encryption operation both UIDs are offered again. With the invalid UID preselected and "not VS-NfD compliant" next to the sign/encrypt button. Which results in the user having to correct the chosen UID every time. {F24026319}

Revoked User IDs are offered for signing/encryption to self, which is confusing to users. This is not always the case, it seems as if it depends on if they have been used in the past. Additionally, the icons used for revoked UIDs in the sign/encrypt dialog may change and are partially wrongbe a green check mark, while the background color is red. The background and the icon should always agree. How to reproduce: Encrypt something selecting one of the uids of a certificate with at least 2 of them. Then revoke that UID. Start to encrypt a message or go to the recipients tab of the notepad. Check which UIDs are offered: {F23992974} In case it is relevant, this is the window which opens if you choose the icon on the right of the drop down menu in the same case: {F23993018} Here all user-IDs are offered, be they valid or not, even if the UID was never selected for encryption. If I remember correctly, we planned to show revoked uids only in the extended filter dialog window? (so that user missing an ID they encrypted to before can find it there if they look.) This looked at first as if it was a regression, as the revoked certificates were not offered in VSD 3.3.0, see {T7183}. But if you have used the revoked UID before, it ist offered even in 3.3.0. And you can encrypt to it, too, although with a red encrypt button. Edit 2025-06-11: the following part was wrong, I'd deleted the secret key in between which of course explains it… I'll delete that part to make the ticket more readable. But it seems the issue goes away if you delete the secret key and then reimport it. Edit2 2025-06-11: Only or the fist encryption after reimport was only the valid UID offered. After encrypting to the key once using that valid UID on the next encryption operation both UIDs are offered again. With the invalid UID preselected and "not VS-NfD compliant" next to the sign/encrypt button. Which results in the user having to correct the chosen UID every time. {F24026319}