Change Details

//Tested: linux / en / 20.03.25// Setup ===== Select `My Certificate` - [ ] {key ui/enhancement} Remove Option `No certificate`? Choosing it results in an error anyway. Maybe needed, if no certificates are available? - [ ] {key ui/feature} Tooltips with selectable text (e.g. to copy the fingerprint for bug reports) Input `Path` - [ ] {key bug} Adding an existing store will overwrite the root `.gpg-id` file regardless of the differences (but not reencrypt). Maybe add a warning dialog with an explanation, a diff of the ids and resolution options (e.g. keep, overwrite, overwrite and reencrypt) - [ ] {key config/bug} Three slahes at the beginning autocompletes working directory {F20776899} {F20776900} {F20776901} - [ ] {key config/minor} Maybe normalize generated path: `/home/user/////////kde/.password-store-test4///////` results in `Path[$e]=$HOME/////////kde/.password-store-test4///////`. This path will be visible for the user e.g. on creation of new folders and accidentally using `//` could be problematic in other programs/contexts. Dialog `Generate a new OpenPGP certificate` - [ ] {key config/minor} resulting `.gpg-id` has no newline, which differs from `pass init`. Might result in copy & paste errors, if the gpg id is copied from terminal (e.g. `78982DB8B11C0B15#`). - [ ] {key bug/minor} Leaving the wizard open for some (very long) time, another window with the same wizard will appear - maybe a timeout? {F20776847} - [ ] {key ui/minor} Input fields slightly cut, to reproduce 1. open Section `Advanced Options` -> Field `Name`/`Email` cut on the right 2. check Checkbox `Protect` -> Field `Name`/`Email` cut on the left {F20776882} - [ ] {key ui/minor} Dialog window keeps height after expansion and collapse of the Section `Advanced options` - [ ] {key feature} Creation of certs possible, but not the deletion? - [ ] {key comprehesion} The `(between X and Y)` dates in the description of `Valid until` can be misleading. It took a while to understand, that it's not about the resulting valid period, but rather the min/max of the `until` value. Maybe `choose between`, or move the description into the datetime widget or just remove it completely? The datetime widget prevents the choice anyway, which should be intuitive. - [ ] {key comprehesion/minor} Tooltip Text `unrecoverable` in Checkbox `Protect`: Understandable for the users? Maybe expand to a sentence, that the passphrase needs to be kept save and secrets are lost without it. - [ ] {key comprehesion/enhancement} Mark the recommended algorithm in Section `Advanced options`? e.g. `curve25519 (recommended)` as Label? If users are playing around with it, they might end up generating keys with deviating algorithm. - [ ] {key comprehesion/minor} Dialog description `name and/or email`: Do users understand the implications of choosing both/between? Main ==== - [ ] {key keyboard/bug}: Using shortcut `Ctrl-Q` triggers a warning, that this sequence is ambiguous and should be resolved in the Shortcut Settings. In these Settings I see, that this Shortcut is only mapped to `gpgpass/Quit`. Might be my config? - [ ] {key note} Currently multiple `gpgpass` instances are allowed, which probably could lead to inconsistencies. Maybe restrict to one per configuration file? Menus ----- - [ ] {key ui/enhancement/minor} Better choice of icons possible? Mix of colored / blue / black without semantical meaning. `edit` has the same icon as `configure`. Configuration icon not optimal in my opinion, at least for the toolbar (the bottom line matches visually with the Shortcut underscore and looks a bit broken in my opinion). Search ------ - [ ] {key bug} RegEx special chars should better be handled in search. stdout: ``` QString(View)::contains(): called on an invalid QRegularExpression object (pattern is '*') QString(View)::contains(): called on an invalid QRegularExpression object (pattern is '?') QString(View)::contains(): called on an invalid QRegularExpression object (pattern is '\') ``` - [ ] {key bug/minor} Unescaped regex special chars (e.g. `wertpasdg.-`) as first search term char (1 char only?) will be interpreted as regex, which might get unexpected results. {F20777057} {F20777374} {F20777454} - [ ] {key ui/bug} Folders in results closed by default, if previous search result found no results - [ ] {key ui/security/minor} All Folders briefly open on search, which might leak information (over-the-shoulder) Password Tree ------------- Folders - [ ] {key ui/bug} `.password-store` folder is shown. To recreate 1. Enter some chars in Input `Search` and press `Enter` 2. Remove all chars and wait - [ ] {key ui/idea} If the password store root folder would be included in the tree, it would be possible to show all configured stores simultanously (e.g. with an additional `name` attribute in the store configuration). On the other hand, a conscious decision to switch the profile might be preferable to prevent user mistakes and over-the-shoulder information leaks. Navigation - [ ] {key ui/bug} Entry is not viewed after de- and reselect. To reproduce: 1. Select an entry (shown) 2. Unselect the entry (via click on the item) 3. Select the entry again {F20777787} - [ ] {key ui/enhancement} Disable deselection of the currently active entry. - It feels unexpected ~~and I can't think of any usecase~~. This could break toolbar `Add` (no way to add in root folder, if folder cannot be deselected). - In edit mode, the changes are lost on deselection. - [ ] {key ui/enhancement} Accessing the `edit` view feels uncomfortable. I know, it's in the toolbar, but choosing the right button from global context needs attention. Suggestions (preferably all of them): - Edit entry on doubleclick - Add edit button in the tree item row (e.g. floating right) - Add edit button on `Show entry` view (e.g. on title row left of `copy` button) - [ ] {key ui/enhancement} Deep folder structures in searches might be confusing - contents of matched folders are included in the search, which makes sense - parents of matched folders might be unneccessary, maybe it's worth a try to omit them, if possible - maybe highlight matched folders/entries - maybe close all folders in matched folders {F20937984} - [ ] {key ui/feature} Allow multiselect (e.g. to delete multiple items at once) - [ ] {key ui/feature/minor} Add `copy` entry action. In my password manager I use this often to ensure the same name "syntax" optimized for search. - [ ] {key ui/feature/minor} Display/Copy path to password file, e.g. in Context Menu Moving - [ ] {key ui/bug} Moving an item over another triggers the overwrite dialog. Old item will be kept, the new item will be moved to `$(pwd)/.gpg` Maybe just deactivate overwriting as it's not much useful? - [ ] {key ui/bug/minor} Moving an item visually suggests, that a custom order is possible {F20777650} Renaming - [ ] {key config/bug/minor} Folder/Entry names might conflict (e.g. entry `name`, folder `name.gpg`). Not very likely, but maybe should be better handled. - If an entry `name` does exist, adding a new folder `name.gpg` won't do anything. - New folders `name.gpg` will result in filesystem folder `name.gpg`, but are shown as `name` in the tree. - Given a (filesystem) folder `name.gpg`, adding a new entry `name` will result in an error `Filename refers to a directory` (which is good). - [ ] {key ui/bug} Renaming an entry `entry` to an already existing folder `folder` will result in unexpected behaviour: the folder is kept, the entry is moved into that folder, the tree might or might not be updated. Given a folder `name` and an entry `name`, the same happens, if the entry is renamed without changing the name (rename -> just click `OK`). - [ ] {key ui/enhancement} Renaming an entry to an already existing entry does not work (which makes sense) but should probably trigger a warning/error. Entry View ---------- New Entry - [ ] {key bug} Creating a new entry with the name of an existing entry will override the existing entry without warning. - [ ] {key bug} `/` in entry names are interpreted as separator - `/` at start will be interpreted as absolute path, e.g. `/path/to/other/.password-store/entryname` will work, although the dialog explicitly states, where the file will be created - `/` in the middle - non exisiting paths display a user error: `Could not read encryption key to use, .gpg-id file missing or invalid.` - `notapath/../works` works - `~` is not expanded - If this path behaviour is intended or kept - Display an error after path confirmation instead of checking on `save` only - Only paths within the configured store path should be allowed - [ ] {key bug} names starting with `.` - resulting files are hidden on linux, what might be a source of user errors, if files are copied manually - entries are displayed in the tree after creation, but hidden after restart. - folders are hidden in the tree after creation - `.gpg-id` is a valid folder name, which conflicts with the pass file. In the userlist, no users are selected. `save` does not work: `Unable to open "/home/kaleidos/kde/.password-store/override/.gpg-id"` - `.gpg-id.sig` should also be prevented, as it conflicts with the detached signature created when using `PASSWORD_STORE_SIGNING_KEY` - `.git` should better also be prevented - [ ] {key keyboard/bug} `Enter` will close the form without saving. To reproduce 1. Add new entry 2. Enter password 3. Press `Enter` - [ ] {key keyboard/enhancement} On a new entry, the Input `Password` should have focus Show Entry - [ ] {key ui/security} Don't leak the number of chars in the password field, which heavily reduces the search space in brute force attacks - [ ] {key ui/idea} Does the `show entry` view add any value compared to the edit view? The buttons for `copy to clipboard` and `show qr code` could also be added on the edit view. Having only one view would simplify the interface quite a bit. - [ ] {key security/feature} Protect more than `password`? Other fields might contain sensitive data, too. Probably would need a setting (list of keys). Edit Entry - [ ] {key ui/bug} deleting the search term during `edit` closes the edit view (without saving)

//Tested: linux / en / 20.03.25// Setup ===== Select `My Certificate` - [ ] {key ui/enhancement/minor} Remove Option `No certificate`? Choosing it results in an error anyway. Maybe needed, if no certificates are available? - [ ] {key ui/feature} Tooltips with selectable text (e.g. to copy the fingerprint for bug reports) Input `Path` - [ ] {key bug} Adding an existing store will overwrite the root `.gpg-id` file regardless of the differences (but not reencrypt). Maybe add a warning dialog with an explanation, a diff of the ids and resolution options (e.g. keep, overwrite, overwrite and reencrypt) - [ ] {key config/bug} Three slahes at the beginning autocompletes working directory {F20776899} {F20776900} {F20776901} - [ ] {key config/minor} Maybe normalize generated path: `/home/user/////////kde/.password-store-test4///////` results in `Path[$e]=$HOME/////////kde/.password-store-test4///////`. This path will be visible for the user e.g. on creation of new folders and accidentally using `//` could be problematic in other programs/contexts. Dialog `Generate a new OpenPGP certificate` - [ ] {key config/minor} resulting `.gpg-id` has no newline, which differs from `pass init`. Might result in copy & paste errors, if the gpg id is copied from terminal (e.g. `78982DB8B11C0B15#`). - [ ] {key bug/minor} Leaving the wizard open for some (very long) time, another window with the same wizard will appear - maybe a timeout? {F20776847} - [ ] {key ui/minor} Input fields slightly cut, to reproduce 1. open Section `Advanced Options` -> Field `Name`/`Email` cut on the right 2. check Checkbox `Protect` -> Field `Name`/`Email` cut on the left {F20776882} - [ ] {key ui/minor} Dialog window keeps height after expansion and collapse of the Section `Advanced options` - [ ] {key feature} Creation of certs possible, but not the deletion? - [ ] {key comprehesion} The `(between X and Y)` dates in the description of `Valid until` can be misleading. It took a while to understand, that it's not about the resulting valid period, but rather the min/max of the `until` value. Maybe `choose between`, or move the description into the datetime widget or just remove it completely? The datetime widget prevents the choice anyway, which should be intuitive. - [ ] {key comprehesion/minor} Tooltip Text `unrecoverable` in Checkbox `Protect`: Understandable for the users? Maybe expand to a sentence, that the passphrase needs to be kept save and secrets are lost without it. - [ ] {key comprehesion/enhancement} Mark the recommended algorithm in Section `Advanced options`? e.g. `curve25519 (recommended)` as Label? If users are playing around with it, they might end up generating keys with deviating algorithm. - [ ] {key comprehesion/minor} Dialog description `name and/or email`: Do users understand the implications of choosing both/between? Main ==== - [ ] {key keyboard/bug}: Using shortcut `Ctrl-Q` triggers a warning, that this sequence is ambiguous and should be resolved in the Shortcut Settings. In these Settings I see, that this Shortcut is only mapped to `gpgpass/Quit`. Might be my config? - [ ] {key note} Currently multiple `gpgpass` instances are allowed, which probably could lead to inconsistencies. Maybe restrict to one per configuration file? Menus ----- - [ ] {key ui/enhancement/minor} Better choice of icons possible? Mix of colored / blue / black without semantical meaning. `edit` has the same icon as `configure`. Configuration icon not optimal in my opinion, at least for the toolbar (the bottom line matches visually with the Shortcut underscore and looks a bit broken in my opinion). - [ ] {note} `Handbuch` and `Was ist das?`: disfunctional, probably placeholder? - [ ] {note} `Probleme oder Wünsche berichten`: reports with user account only? Search ------ - [ ] {key bug} RegEx special chars should better be handled in search. stdout: ``` QString(View)::contains(): called on an invalid QRegularExpression object (pattern is '*') QString(View)::contains(): called on an invalid QRegularExpression object (pattern is '?') QString(View)::contains(): called on an invalid QRegularExpression object (pattern is '\') ``` - [ ] {key bug/minor} Unescaped regex special chars (e.g. `wertpasdg.-`) as first search term char (1 char only?) will be interpreted as regex, which might get unexpected results. {F20777057} {F20777374} {F20777454} - [ ] {key ui/bug} Folders in results closed by default, if previous search result found no results - [ ] {key ui/security/minor} All Folders briefly open on search, which might leak information (over-the-shoulder) Password Tree ------------- Folders - [ ] {key ui/bug} `.password-store` folder is shown. To recreate 1. Enter some chars in Input `Search` and press `Enter` 2. Remove all chars and wait - [ ] {key ui/idea} If the password store root folder would be included in the tree, it would be possible to show all configured stores simultanously (e.g. with an additional `name` attribute in the store configuration). On the other hand, a conscious decision to switch the profile might be preferable to prevent user mistakes and over-the-shoulder information leaks. Navigation - [ ] {key ui/bug} Entry is not viewed after de- and reselect. `clipboard cleared` displayed on bottom. The same happens, when the content panel is automatically closed (if enabled in settings). To reproduce: 1. Select an entry (shown) 2. Unselect the entry (via click on the item) 3. Select the entry again {F20777787} - [ ] {key ui/enhancement} Disable deselection of the currently active entry. - It feels unexpected ~~and I can't think of any usecase~~. This could break toolbar `Add` (no way to add in root folder, if folder cannot be deselected). - In edit mode, the changes are lost on deselection. - [ ] {key ui/enhancement} Accessing the `edit` view feels uncomfortable. I know, it's in the toolbar, but choosing the right button from global context needs attention. Suggestions (preferably all of them): - Edit entry on doubleclick - Add edit button in the tree item row (e.g. floating right) - Add edit button on `Show entry` view (e.g. on title row left of `copy` button) - [ ] {key ui/enhancement} Deep folder structures in searches might be confusing - contents of matched folders are included in the search, which makes sense - parents of matched folders might be unneccessary, maybe it's worth a try to omit them, if possible - maybe highlight matched folders/entries - maybe close all folders in matched folders {F20937984} - [ ] {key keyboard/enhancement} Add Copy/Paste Shortcuts `ctrl + c/v` - [ ] {key keyboard/enhancement} After opening an entry, keyboard up/down navigates the tree. Maybe display the selected entry then (e.g. after timeout with reset on further keypresses) - [ ] {key ui/feature} Allow multiselect (e.g. to delete multiple items at once) - [ ] {key ui/feature/minor} Add `copy` entry action. In my password manager I use this often to ensure the same name "syntax" optimized for search. - [ ] {key ui/feature/minor} Display/Copy path to password file, e.g. in Context Menu Moving - [ ] {key ui/bug} Moving an item over another triggers the overwrite dialog. Old item will be kept, the new item will be moved to `$(pwd)/.gpg` Maybe just deactivate overwriting as it's not much useful? - [ ] {key ui/bug/minor} Moving an item visually suggests, that a custom order is possible {F20777650} Renaming - [ ] {key config/bug/minor} Folder/Entry names might conflict (e.g. entry `name`, folder `name.gpg`). Not very likely, but maybe should be better handled. - If an entry `name` does exist, adding a new folder `name.gpg` won't do anything. - New folders `name.gpg` will result in filesystem folder `name.gpg`, but are shown as `name` in the tree. - Given a (filesystem) folder `name.gpg`, adding a new entry `name` will result in an error `Filename refers to a directory` (which is good). - [ ] {key ui/bug} Renaming an entry `entry` to an already existing folder `folder` will result in unexpected behaviour: the folder is kept, the entry is moved into that folder, the tree might or might not be updated. Given a folder `name` and an entry `name`, the same happens, if the entry is renamed without changing the name (rename -> just click `OK`). - [ ] {key ui/enhancement} Renaming an entry to an already existing entry does not work (which makes sense) but should probably trigger a warning/error. Entry View ---------- New Entry - [ ] {key bug} Creating a new entry with the name of an existing entry will override the existing entry without warning. - [ ] {key bug} `/` in entry names are interpreted as separator - `/` at start will be interpreted as absolute path, e.g. `/path/to/other/.password-store/entryname` will work, although the dialog explicitly states, where the file will be created - `/` in the middle - non exisiting paths display a user error: `Could not read encryption key to use, .gpg-id file missing or invalid.` - `notapath/../works` works - `~` is not expanded - If this path behaviour is intended or kept - Display an error after path confirmation instead of checking on `save` only - Only paths within the configured store path should be allowed - [ ] {key bug} names starting with `.` - resulting files are hidden on linux, what might be a source of user errors, if files are copied manually - entries are displayed in the tree after creation, but hidden after restart. - folders are hidden in the tree after creation - `.gpg-id` is a valid folder name, which conflicts with the pass file. In the userlist, no users are selected. `save` does not work: `Unable to open "/home/kaleidos/kde/.password-store/override/.gpg-id"` - `.gpg-id.sig` should also be prevented, as it conflicts with the detached signature created when using `PASSWORD_STORE_SIGNING_KEY` - `.git` should better also be prevented - [ ] {key keyboard/bug} `Enter` will close the form without saving. To reproduce 1. Add new entry 2. Enter password 3. Press `Enter` - [ ] {key keyboard/enhancement} On a new entry, the Input `Password` should have focus Show Entry - [ ] {key ui/security} Don't leak the number of chars in the password field, which heavily reduces the search space in brute force attacks - [ ] {key ui/idea} Does the `show entry` view add any value compared to the edit view? The buttons for `copy to clipboard` and `show qr code` could also be added on the edit view. Having only one view would simplify the interface quite a bit. - [ ] {key security/feature} Protect more than `password`? Other fields might contain sensitive data, too. Probably would need a setting (list of keys). - [ ] {key ui/enhancement} Long words/urls in description expand the view beyond viewport. Buttons for qrcode/copy are out of reach, probably wrap lines. Setting `Ignore Line Wrapping` suggests, that it should be set, but does not change behaviour. {F21060206} {F21060207} - [ ] {key ui/enhancement/minor} Long keys expand the view beyond viewport. Maybe truncate with `...` prefix and add a Tooltip with full content. {F21061334} - [ ] {key ui/bug} Clicking on fields centers content both vertically/horizontally. Centering happens on text selection, too (e.g. to copy & paste). Should be deactivated. {F21060255} {F21060256} {F21060254} - [ ] {key ui/enhancement} For multiple key/value pairs the buttons for qrcode/copy are hard to match. Maybe add e.g. - separator lines - alternating odd/even backgrounds - highlight of row on mouseover {F21060309} - [ ] {key ui/bug/minor} Problems with QR-Code for long passwords/values: QR code probably gets too small at around 1000 chars and is empty at about 2954 chars {F21060328} {F21060329} {F21060330} {F21060331} {F21060327} - [ ] {key ui/security/minor} Binary data in entries is displayed/interpreted (file might be added/changed by someone else) - does not break, but some control chars seem to work (e.g. `rtl`). many errors on stdout: `qt.text.font.db: OpenType support missing for "[...]", script 66´ {F21060620} - qr code works, but adds new contexts (e.g. qr code reader on smartphones), in which the data might be interpreted {F21060623} Edit Entry - [ ] {key ui/bug} deleting the search term during `edit` closes the edit view (without saving) Templates (auto) - [ ] {key config/enhancement} Maybe split templated key/values on first `: ` (with space) instead of `:`, e.g. for `key:with:colons: value` {F21061490} - [ ] {key config/enhancement} lines with empty values are deleted on `save`, probably as intended. Might be problematic for existing stores with non-conforming entries (e.g. managed via `pass`). Suggestion: Visually mark fields to be deleted in edit form. - [ ] {key config/enhancement/minor} Maybe handle empty key, e.g. `:empty` {F21061537} {F21061538} Templates (fixed) - [ ] {key config/minor} `Login` with capital `L` in default template (like capital `Password`, `URL`) Settings -------- - [ ] {key ui/enhancement/minor} Change of `Use template` and `Show all fields templated` could rerender entry view. Probably only on `view` entry, not on `edit` entry.

//Tested: linux / en / 20.03.25// Setup ===== Select `My Certificate` - [ ] {key ui/enhancement/minor} Remove Option `No certificate`? Choosing it results in an error anyway. Maybe needed, if no certificates are available? - [ ] {key ui/feature} Tooltips with selectable text (e.g. to copy the fingerprint for bug reports) Input `Path` - [ ] {key bug} Adding an existing store will overwrite the root `.gpg-id` file regardless of the differences (but not reencrypt). Maybe add a warning dialog with an explanation, a diff of the ids and resolution options (e.g. keep, overwrite, overwrite and reencrypt) - [ ] {key config/bug} Three slahes at the beginning autocompletes working directory {F20776899} {F20776900} {F20776901} - [ ] {key config/minor} Maybe normalize generated path: `/home/user/////////kde/.password-store-test4///////` results in `Path[$e]=$HOME/////////kde/.password-store-test4///////`. This path will be visible for the user e.g. on creation of new folders and accidentally using `//` could be problematic in other programs/contexts. Dialog `Generate a new OpenPGP certificate` - [ ] {key config/minor} resulting `.gpg-id` has no newline, which differs from `pass init`. Might result in copy & paste errors, if the gpg id is copied from terminal (e.g. `78982DB8B11C0B15#`). - [ ] {key bug/minor} Leaving the wizard open for some (very long) time, another window with the same wizard will appear - maybe a timeout? {F20776847} - [ ] {key ui/minor} Input fields slightly cut, to reproduce 1. open Section `Advanced Options` -> Field `Name`/`Email` cut on the right 2. check Checkbox `Protect` -> Field `Name`/`Email` cut on the left {F20776882} - [ ] {key ui/minor} Dialog window keeps height after expansion and collapse of the Section `Advanced options` - [ ] {key feature} Creation of certs possible, but not the deletion? - [ ] {key comprehesion} The `(between X and Y)` dates in the description of `Valid until` can be misleading. It took a while to understand, that it's not about the resulting valid period, but rather the min/max of the `until` value. Maybe `choose between`, or move the description into the datetime widget or just remove it completely? The datetime widget prevents the choice anyway, which should be intuitive. - [ ] {key comprehesion/minor} Tooltip Text `unrecoverable` in Checkbox `Protect`: Understandable for the users? Maybe expand to a sentence, that the passphrase needs to be kept save and secrets are lost without it. - [ ] {key comprehesion/enhancement} Mark the recommended algorithm in Section `Advanced options`? e.g. `curve25519 (recommended)` as Label? If users are playing around with it, they might end up generating keys with deviating algorithm. - [ ] {key comprehesion/minor} Dialog description `name and/or email`: Do users understand the implications of choosing both/between? Main ==== - [ ] {key keyboard/bug}: Using shortcut `Ctrl-Q` triggers a warning, that this sequence is ambiguous and should be resolved in the Shortcut Settings. In these Settings I see, that this Shortcut is only mapped to `gpgpass/Quit`. Might be my config? - [ ] {key note} Currently multiple `gpgpass` instances are allowed, which probably could lead to inconsistencies. Maybe restrict to one per configuration file? Menus ----- - [ ] {key ui/enhancement/minor} Better choice of icons possible? Mix of colored / blue / black without semantical meaning. `edit` has the same icon as `configure`. Configuration icon not optimal in my opinion, at least for the toolbar (the bottom line matches visually with the Shortcut underscore and looks a bit broken in my opinion). - [ ] {note} `Handbuch` and `Was ist das?`: disfunctional, probably placeholder? - [ ] {note} `Probleme oder Wünsche berichten`: reports with user account only? Search ------ - [ ] {key bug} RegEx special chars should better be handled in search. stdout: ``` QString(View)::contains(): called on an invalid QRegularExpression object (pattern is '*') QString(View)::contains(): called on an invalid QRegularExpression object (pattern is '?') QString(View)::contains(): called on an invalid QRegularExpression object (pattern is '\') ``` - [ ] {key bug/minor} Unescaped regex special chars (e.g. `wertpasdg.-`) as first search term char (1 char only?) will be interpreted as regex, which might get unexpected results. {F20777057} {F20777374} {F20777454} - [ ] {key ui/bug} Folders in results closed by default, if previous search result found no results - [ ] {key ui/security/minor} All Folders briefly open on search, which might leak information (over-the-shoulder) Password Tree ------------- Folders - [ ] {key ui/bug} `.password-store` folder is shown. To recreate 1. Enter some chars in Input `Search` and press `Enter` 2. Remove all chars and wait - [ ] {key ui/idea} If the password store root folder would be included in the tree, it would be possible to show all configured stores simultanously (e.g. with an additional `name` attribute in the store configuration). On the other hand, a conscious decision to switch the profile might be preferable to prevent user mistakes and over-the-shoulder information leaks. Navigation - [ ] {key ui/bug} Entry is not viewed after de- and reselect. `clipboard cleared` displayed on bottom. The same happens, when the content panel is automatically closed (if enabled in settings). To reproduce: 1. Select an entry (shown) 2. Unselect the entry (via click on the item) 3. Select the entry again {F20777787} - [ ] {key ui/enhancement} Disable deselection of the currently active entry. - It feels unexpected ~~and I can't think of any usecase~~. This could break toolbar `Add` (no way to add in root folder, if folder cannot be deselected). - In edit mode, the changes are lost on deselection. - [ ] {key ui/enhancement} Accessing the `edit` view feels uncomfortable. I know, it's in the toolbar, but choosing the right button from global context needs attention. Suggestions (preferably all of them): - Edit entry on doubleclick - Add edit button in the tree item row (e.g. floating right) - Add edit button on `Show entry` view (e.g. on title row left of `copy` button) - [ ] {key ui/enhancement} Deep folder structures in searches might be confusing - contents of matched folders are included in the search, which makes sense - parents of matched folders might be unneccessary, maybe it's worth a try to omit them, if possible - maybe highlight matched folders/entries - maybe close all folders in matched folders {F20937984} - [ ] {key keyboard/enhancement} Add Copy/Paste Shortcuts `ctrl + c/v` - [ ] {key keyboard/enhancement} After opening an entry, keyboard up/down navigates the tree. Maybe display the selected entry then (e.g. after timeout with reset on further keypresses) - [ ] {key ui/feature} Allow multiselect (e.g. to delete multiple items at once) - [ ] {key ui/feature/minor} Add `copy` entry action. In my password manager I use this often to ensure the same name "syntax" optimized for search. - [ ] {key ui/feature/minor} Display/Copy path to password file, e.g. in Context Menu Moving - [ ] {key ui/bug} Moving an item over another triggers the overwrite dialog. Old item will be kept, the new item will be moved to `$(pwd)/.gpg` Maybe just deactivate overwriting as it's not much useful? - [ ] {key ui/bug/minor} Moving an item visually suggests, that a custom order is possible {F20777650} Renaming - [ ] {key config/bug/minor} Folder/Entry names might conflict (e.g. entry `name`, folder `name.gpg`). Not very likely, but maybe should be better handled. - If an entry `name` does exist, adding a new folder `name.gpg` won't do anything. - New folders `name.gpg` will result in filesystem folder `name.gpg`, but are shown as `name` in the tree. - Given a (filesystem) folder `name.gpg`, adding a new entry `name` will result in an error `Filename refers to a directory` (which is good). - [ ] {key ui/bug} Renaming an entry `entry` to an already existing folder `folder` will result in unexpected behaviour: the folder is kept, the entry is moved into that folder, the tree might or might not be updated. Given a folder `name` and an entry `name`, the same happens, if the entry is renamed without changing the name (rename -> just click `OK`). - [ ] {key ui/enhancement} Renaming an entry to an already existing entry does not work (which makes sense) but should probably trigger a warning/error. Entry View ---------- New Entry - [ ] {key bug} Creating a new entry with the name of an existing entry will override the existing entry without warning. - [ ] {key bug} `/` in entry names are interpreted as separator - `/` at start will be interpreted as absolute path, e.g. `/path/to/other/.password-store/entryname` will work, although the dialog explicitly states, where the file will be created - `/` in the middle - non exisiting paths display a user error: `Could not read encryption key to use, .gpg-id file missing or invalid.` - `notapath/../works` works - `~` is not expanded - If this path behaviour is intended or kept - Display an error after path confirmation instead of checking on `save` only - Only paths within the configured store path should be allowed - [ ] {key bug} names starting with `.` - resulting files are hidden on linux, what might be a source of user errors, if files are copied manually - entries are displayed in the tree after creation, but hidden after restart. - folders are hidden in the tree after creation - `.gpg-id` is a valid folder name, which conflicts with the pass file. In the userlist, no users are selected. `save` does not work: `Unable to open "/home/kaleidos/kde/.password-store/override/.gpg-id"` - `.gpg-id.sig` should also be prevented, as it conflicts with the detached signature created when using `PASSWORD_STORE_SIGNING_KEY` - `.git` should better also be prevented - [ ] {key keyboard/bug} `Enter` will close the form without saving. To reproduce 1. Add new entry 2. Enter password 3. Press `Enter` - [ ] {key keyboard/enhancement} On a new entry, the Input `Password` should have focus Show Entry - [ ] {key ui/security} Don't leak the number of chars in the password field, which heavily reduces the search space in brute force attacks - [ ] {key ui/idea} Does the `show entry` view add any value compared to the edit view? The buttons for `copy to clipboard` and `show qr code` could also be added on the edit view. Having only one view would simplify the interface quite a bit. - [ ] {key security/feature} Protect more than `password`? Other fields might contain sensitive data, too. Probably would need a setting (list of keys). - [ ] {key ui/enhancement} Long words/urls in description expand the view beyond viewport. Buttons for qrcode/copy are out of reach, probably wrap lines. Setting `Ignore Line Wrapping` suggests, that it should be set, but does not change behaviour. {F21060206} {F21060207} - [ ] {key ui/enhancement/minor} Long keys expand the view beyond viewport. Maybe truncate with `...` prefix and add a Tooltip with full content. {F21061334} - [ ] {key ui/bug} Clicking on fields centers content both vertically/horizontally. Centering happens on text selection, too (e.g. to copy & paste). Should be deactivated. {F21060255} {F21060256} {F21060254} - [ ] {key ui/enhancement} For multiple key/value pairs the buttons for qrcode/copy are hard to match. Maybe add e.g. - separator lines - alternating odd/even backgrounds - highlight of row on mouseover {F21060309} - [ ] {key ui/bug/minor} Problems with QR-Code for long passwords/values: QR code probably gets too small at around 1000 chars and is empty at about 2954 chars {F21060328} {F21060329} {F21060330} {F21060331} {F21060327} - [ ] {key ui/security/minor} Binary data in entries is displayed/interpreted (file might be added/changed by someone else) - does not break, but some control chars seem to work (e.g. `rtl`). many errors on stdout: `qt.text.font.db: OpenType support missing for "[...]", script 66´ {F21060620} - qr code works, but adds new contexts (e.g. qr code reader on smartphones), in which the data might be interpreted {F21060623} Edit Entry - [ ] {key ui/bug} deleting the search term during `edit` closes the edit view (without saving) Templates (auto) - [ ] {key config/enhancement} Maybe split templated key/values on first `: ` (with space) instead of `:`, e.g. for `key:with:colons: value` {F21061490} - [ ] {key config/enhancement} lines with empty values are deleted on `save`, probably as intended. Might be problematic for existing stores with non-conforming entries (e.g. managed via `pass`). Suggestion: Visually mark fields to be deleted in edit form. - [ ] {key config/enhancement/minor} Maybe handle empty key, e.g. `:empty` {F21061537} {F21061538} Templates (fixed) - [ ] {key config/minor} `Login` with capital `L` in default template (like capital `Password`, `URL`) Settings -------- - [ ] {key ui/enhancement/minor} Change of `Use template` and `Show all fields templated` could rerender entry view. Probably only on `view` entry, not on `edit` entry.