Change Details

//Tested: linux / en / 20.03.25// Setup ===== **Select `My Certificate`** - [x] {key ui/enhancement/minor} Remove Option `No certificate`? Choosing it results in an error anyway. Maybe needed, if no certificates are available? - [ ] ~~{key ui/feature} Tooltips with selectable text (e.g. to copy the fingerprint for bug reports)~~ Not feasible **Input `Path`** - [ ] {key bug} Adding an existing store will overwrite the root `.gpg-id` file regardless of the differences (but not reencrypt). Maybe add a warning dialog with an explanation, a diff of the ids and resolution options (e.g. keep, overwrite, overwrite and reencrypt) - [ ] {key config/bug} Three slahes at the beginning autocompletes working directory {F20776899} {F20776900} {F20776901} - [ ] {key config/minor} Maybe normalize generated path: `/home/user/////////kde/.password-store-test4///////` results in `Path[$e]=$HOME/////////kde/.password-store-test4///////`. This path will be visible for the user e.g. on creation of new folders and accidentally using `//` could be problematic in other programs/contexts. **Dialog `Generate a new OpenPGP certificate`** - [x] {key config/minor} resulting `.gpg-id` has no newline, which differs from `pass init`. Might result in copy & paste errors, if the gpg id is copied from terminal (e.g. `78982DB8B11C0B15#`). - [ ] {key bug/minor} Leaving the wizard open for some (very long) time, another window with the same wizard will appear - maybe a timeout? {F20776847} - [ ] {key ui/minor} Input fields slightly cut, to reproduce 1. open Section `Advanced Options` -> Field `Name`/`Email` cut on the right 2. check Checkbox `Protect` -> Field `Name`/`Email` cut on the left {F20776882} - [ ] {key ui/minor} Dialog window keeps height after expansion and collapse of the Section `Advanced options` - [ ] {key feature} Creation of certs possible, but not the deletion? - [ ] {key comprehesion} The `(between X and Y)` dates in the description of `Valid until` can be misleading. It took a while to understand, that it's not about the resulting valid period, but rather the min/max of the `until` value. Maybe `choose between`, or move the description into the datetime widget or just remove it completely? The datetime widget prevents the choice anyway, which should be intuitive. - [ ] {key comprehesion/minor} Tooltip Text `unrecoverable` in Checkbox `Protect`: Understandable for the users? Maybe expand to a sentence, that the passphrase needs to be kept save and secrets are lost without it. - [ ] {key comprehesion/enhancement} Mark the recommended algorithm in Section `Advanced options`? e.g. `curve25519 (recommended)` as Label? If users are playing around with it, they might end up generating keys with deviating algorithm. - [ ] {key comprehesion/minor} Dialog description `name and/or email`: Do users understand the implications of choosing both/between? Main ==== - [ ] {key keyboard/bug}: Using shortcut `Ctrl-Q` triggers a warning, that this sequence is ambiguous and should be resolved in the Shortcut Settings. In these Settings I see, that this Shortcut is only mapped to `gpgpass/Quit`. Might be my config? - [ ] {key note} Currently multiple `gpgpass` instances are allowed, which probably could lead to inconsistencies. Maybe restrict to one per configuration file? Menus ----- - [ ] {key ui/enhancement/minor} Better choice of icons possible? Mix of colored / blue / black without semantical meaning. `edit` has the same icon as `configure`. Configuration icon not optimal in my opinion, at least for the toolbar (the bottom line matches visually with the Shortcut underscore and looks a bit broken in my opinion). - [ ] {note} `Handbuch` and `Was ist das?`: disfunctional, probably placeholder? - [ ] {note} `Probleme oder Wünsche berichten`: reports with user account only? Search ------ - [ ] {key bug} RegEx special chars should better be handled in search. stdout: ``` QString(View)::contains(): called on an invalid QRegularExpression object (pattern is '*') QString(View)::contains(): called on an invalid QRegularExpression object (pattern is '?') QString(View)::contains(): called on an invalid QRegularExpression object (pattern is '\') ``` - [ ] {key bug/minor} Unescaped regex special chars (e.g. `wertpasdg.-`) as first search term char (1 char only?) will be interpreted as regex, which might get unexpected results. {F20777057} {F20777374} {F20777454} - [ ] {key ui/bug} Folders in results closed by default, if previous search result found no results - [ ] {key ui/security/minor} All Folders briefly open on search, which might leak information (over-the-shoulder) Password Tree ------------- **Folders** - [ ] {key ui/bug} `.password-store` folder is shown. To recreate 1. Enter some chars in Input `Search` and press `Enter` 2. Remove all chars and wait - [ ] {key ui/idea} If the password store root folder would be included in the tree, it would be possible to show all configured stores simultanously (e.g. with an additional `name` attribute in the store configuration). On the other hand, a conscious decision to switch the profile might be preferable to prevent user mistakes and over-the-shoulder information leaks. **Navigation** - [ ] {key ui/bug} Entry is not viewed after de- and reselect. `clipboard cleared` displayed on bottom. The same happens, when the content panel is automatically closed (if enabled in settings). To reproduce: 1. Select an entry (shown) 2. Unselect the entry (via click on the item) 3. Select the entry again {F20777787} - [ ] {key ui/enhancement} Disable deselection of the currently active entry. - It feels unexpected ~~and I can't think of any usecase~~. This could break toolbar `Add` (no way to add in root folder, if folder cannot be deselected). - In edit mode, the changes are lost on deselection. - [ ] {key ui/enhancement} Accessing the `edit` view feels uncomfortable. I know, it's in the toolbar, but choosing the right button from global context needs attention. Suggestions (preferably all of them): - Edit entry on doubleclick - Add edit button in the tree item row (e.g. floating right) - Add edit button on `Show entry` view (e.g. on title row left of `copy` button) - [ ] {key ui/enhancement} Deep folder structures in searches might be confusing - contents of matched folders are included in the search, which makes sense - parents of matched folders might be unneccessary, maybe it's worth a try to omit them, if possible - maybe highlight matched folders/entries - maybe close all folders in matched folders {F20937984} - [ ] {key keyboard/enhancement} Add Copy/Paste Shortcuts `ctrl + c/v` - [ ] {key keyboard/enhancement} After opening an entry, keyboard up/down navigates the tree. Maybe display the selected entry then (e.g. after timeout with reset on further keypresses) - [ ] {key ui/feature} Allow multiselect (e.g. to delete multiple items at once) - [ ] {key ui/feature/minor} Add `copy` entry action. In my password manager I use this often to ensure the same name "syntax" optimized for search. - [ ] {key ui/feature/minor} Display/Copy path to password file, e.g. in Context Menu **Moving** - [ ] {key ui/bug} Moving an item over another triggers the overwrite dialog. Old item will be kept, the new item will be moved to `$(pwd)/.gpg` Maybe just deactivate overwriting as it's not much useful? - [ ] {key ui/bug/minor} Moving an item visually suggests, that a custom order is possible {F20777650} **Renaming** - [ ] {key config/bug/minor} Folder/Entry names might conflict (e.g. entry `name`, folder `name.gpg`). Not very likely, but maybe should be better handled. - If an entry `name` does exist, adding a new folder `name.gpg` won't do anything. - New folders `name.gpg` will result in filesystem folder `name.gpg`, but are shown as `name` in the tree. - Given a (filesystem) folder `name.gpg`, adding a new entry `name` will result in an error `Filename refers to a directory` (which is good). - [ ] {key ui/bug} Renaming an entry `entry` to an already existing folder `folder` will result in unexpected behaviour: the folder is kept, the entry is moved into that folder, the tree might or might not be updated. Given a folder `name` and an entry `name`, the same happens, if the entry is renamed without changing the name (rename -> just click `OK`). - [ ] {key ui/enhancement} Renaming an entry to an already existing entry does not work (which makes sense) but should probably trigger a warning/error. Entry View ---------- **New Entry** - [ ] {key bug} Creating a new entry with the name of an existing entry will override the existing entry without warning. - [ ] {key bug} `/` in entry names are interpreted as separator - `/` at start will be interpreted as absolute path, e.g. `/path/to/other/.password-store/entryname` will work, although the dialog explicitly states, where the file will be created - `/` in the middle - non exisiting paths display a user error: `Could not read encryption key to use, .gpg-id file missing or invalid.` - `notapath/../works` works - `~` is not expanded - If this path behaviour is intended or kept - Display an error after path confirmation instead of checking on `save` only - Only paths within the configured store path should be allowed - [ ] {key bug} names starting with `.` - resulting files are hidden on linux, what might be a source of user errors, if files are copied manually - entries are displayed in the tree after creation, but hidden after restart. - folders are hidden in the tree after creation - `.gpg-id` is a valid folder name, which conflicts with the pass file. In the userlist, no users are selected. `save` does not work: `Unable to open "/home/kaleidos/kde/.password-store/override/.gpg-id"` - `.gpg-id.sig` should also be prevented, as it conflicts with the detached signature created when using `PASSWORD_STORE_SIGNING_KEY` - `.git` should better also be prevented - [ ] {key keyboard/bug} `Enter` will close the form without saving. To reproduce 1. Add new entry 2. Enter password 3. Press `Enter` - [ ] {key keyboard/enhancement} On a new entry, the Input `Password` should have focus **Show Entry** - [ ] {key ui/security} Don't leak the number of chars in the password field, which heavily reduces the search space in brute force attacks - [ ] {key ui/idea} Does the `show entry` view add any value compared to the edit view? The buttons for `copy to clipboard` and `show qr code` could also be added on the edit view. Having only one view would simplify the interface quite a bit. - [ ] {key security/feature} Protect more than `password`? Other fields might contain sensitive data, too. Probably would need a setting (list of keys). - [ ] {key ui/enhancement} Long words/urls in description expand the view beyond viewport. Buttons for qrcode/copy are out of reach, probably wrap lines. Setting `Ignore Line Wrapping` suggests, that it should be set, but does not change behaviour. {F21060206} {F21060207} - [ ] {key ui/enhancement/minor} Long keys expand the view beyond viewport. Maybe truncate with `...` prefix and add a Tooltip with full content. {F21061334} - [ ] {key ui/bug} Clicking on fields centers content both vertically/horizontally. Centering happens on text selection, too (e.g. to copy & paste). Should be deactivated. {F21060255} {F21060256} {F21060254} - [ ] {key ui/enhancement} For multiple key/value pairs the buttons for qrcode/copy are hard to match. Maybe add e.g. - separator lines - alternating odd/even backgrounds - highlight of row on mouseover {F21060309} - [ ] {key ui/bug/minor} Problems with QR-Code for long passwords/values: QR code probably gets too small at around 1000 chars and is empty at about 2954 chars {F21060328} {F21060329} {F21060330} {F21060331} {F21060327} - [ ] {key ui/security/minor} Binary data in entries is displayed/interpreted (file might be added/changed by someone else) - does not break, but some control chars seem to work (e.g. `rtl`). many errors on stdout: `qt.text.font.db: OpenType support missing for "[...]", script 66´ {F21060620} - qr code works, but adds new contexts (e.g. qr code reader on smartphones), in which the data might be interpreted {F21060623} **Edit Entry** - [ ] {key ui/bug} deleting the search term during `edit` closes the edit view (without saving) **Templates (auto)** - [ ] {key config/enhancement} Maybe split templated key/values on first `: ` (with space) instead of `:`, e.g. for `key:with:colons: value` {F21061490} - [ ] {key config/enhancement} lines with empty values are deleted on `save`, probably as intended. Might be problematic for existing stores with non-conforming entries (e.g. managed via `pass`). Suggestion: Visually mark fields to be deleted in edit form. - [ ] {key config/enhancement/minor} Maybe handle empty key, e.g. `:empty` {F21061537} {F21061538} **Templates (fixed)** - [ ] {key config/minor} `Login` with capital `L` in default template (like capital `Password`, `URL`) Settings ======== - [ ] {key ui/enhancement/minor} Change of `Use template` and `Show all fields templated` could rerender entry view. Probably only on `view` entry, not on `edit` entry.

//Tested: linux / en / 20.03.25// Setup ===== **Select `My Certificate`** - [x] {key ui/enhancement/minor} Remove Option `No certificate`? Choosing it results in an error anyway. Maybe needed, if no certificates are available? - [ ] ~~{key ui/feature} Tooltips with selectable text (e.g. to copy the fingerprint for bug reports)~~ Not feasible **Input `Path`** - [ ] {key bug} Adding an existing store will overwrite the root `.gpg-id` file regardless of the differences (but not reencrypt). Maybe add a warning dialog with an explanation, a diff of the ids and resolution options (e.g. keep, overwrite, overwrite and reencrypt) - [ ] {key config/bug} Three slahes at the beginning autocompletes working directory {F20776899} {F20776900} {F20776901} - [ ] {key config/minor} Maybe normalize generated path: `/home/user/////////kde/.password-store-test4///////` results in `Path[$e]=$HOME/////////kde/.password-store-test4///////`. This path will be visible for the user e.g. on creation of new folders and accidentally using `//` could be problematic in other programs/contexts. **Dialog `Generate a new OpenPGP certificate`** - [x] {key config/minor} resulting `.gpg-id` has no newline, which differs from `pass init`. Might result in copy & paste errors, if the gpg id is copied from terminal (e.g. `78982DB8B11C0B15#`). - [ ] {key bug/minor} Leaving the wizard open for some (very long) time, another window with the same wizard will appear - maybe a timeout? {F20776847} - [ ] {key ui/minor} Input fields slightly cut, to reproduce 1. open Section `Advanced Options` -> Field `Name`/`Email` cut on the right 2. check Checkbox `Protect` -> Field `Name`/`Email` cut on the left {F20776882} - [ ] {key ui/minor} Dialog window keeps height after expansion and collapse of the Section `Advanced options` (probabaly not worth a fix) - [ ] {key feature} Creation of certs possible, but not the deletion? - [ ] {key comprehesion} The `(between X and Y)` dates in the description of `Valid until` can be misleading. It took a while to understand, that it's not about the resulting valid period, but rather the min/max of the `until` value. 2106 also looks very arbitrary. Maybe `choose between`, or move the description into the datetime widget or just remove it completely? The datetime widget prevents the choice anyway, which should be intuitive. - [ ] {key comprehesion/minor} Tooltip Text `unrecoverable` in Checkbox `Protect`: Understandable for the users? Maybe expand to a sentence, that the passphrase needs to be kept save and secrets are lost without it. - [ ] {key comprehesion/enhancement} Mark the recommended algorithm in Section `Advanced options`? e.g. `curve25519 (recommended)` as Label? If users are playing around with it, they might end up generating keys with deviating algorithm. - [ ] {key comprehesion/minor} Dialog description `name and/or email`: Do users understand the implications of choosing both/between? Main ==== - [ ] {key keyboard/bug}: Using shortcut `Ctrl-Q` triggers a warning, that this sequence is ambiguous and should be resolved in the Shortcut Settings. In these Settings I see, that this Shortcut is only mapped to `gpgpass/Quit`. Might be my config? - [ ] {key note} Currently multiple `gpgpass` instances are allowed, which probably could lead to inconsistencies. Maybe restrict to one per configuration file? Menus ----- - [ ] {key bug} `Über GPGPass` links GPL2, README references GPL3 {F21156761} - [ ] {key ui/enhancement/minor} Better choice of icons possible? Mix of colored / blue / black without semantical meaning. `edit` has the same icon as `configure`. Configuration icon not optimal in my opinion, at least for the toolbar (the bottom line matches visually with the Shortcut underscore and looks a bit broken in my opinion). - [ ] {key language} `en_US` chosen, but many German translations present, e.g. - `GPGPass einrichten ...` - `Einstellungen` - `Hilfe` - etc. - [ ] {key note} `Handbuch` and `Was ist das?`: disfunctional, probably placeholder? - [ ] {key note} `Probleme oder Wünsche berichten`: reports with user account only? Search ------ - [ ] {key ui/bug} searches have different results, e.g. for current testdata 1. start gpgpass 2. repeated search 1. search for `entry` 2. delete search term and wait for tree to rerender {F21156706} {F21156714} {F21156720} - [ ] {key ui/enhancement} Deep folder structures in searches might be confusing - contents of matched folders are included in the search, which makes sense - parents of matched folders might be unneccessary, maybe it's worth a try to omit them, if possible - open matched folders with many entries will also possibly push the next matches out of view - maybe highlight matched substring in folders/entries - maybe close matched (sub-)folders {F20937984} - [ ] {key bug} RegEx special chars should better be handled in search. stdout: ``` QString(View)::contains(): called on an invalid QRegularExpression object (pattern is '*') QString(View)::contains(): called on an invalid QRegularExpression object (pattern is '?') QString(View)::contains(): called on an invalid QRegularExpression object (pattern is '\') ``` - [ ] {key bug/minor} Unescaped regex special chars (e.g. `wertpasdg.-`) as first search term char (1 char only?) will be interpreted as regex, which might get unexpected results. {F20777057} {F20777374} {F20777454} - [ ] {key ui/bug} Folders in results closed by default, if previous search result found no results. to reproduce with current testdata, 1. search for `empty` -> folder is open {F21156300} 2. search for `asdf` -> no passwords found {F21156314} 3. search for `empty` -> all folders closed {F21156320} {F21156331} - [ ] {key ui/security/minor} All Folders briefly open on search, which might leak information (over-the-shoulder) Password Tree ------------- **Folders** - [ ] {key ui/bug} `.password-store` folder is shown. To recreate 1. Enter some chars in Input `Search` and press `Enter` 2. Remove all chars and wait - [ ] {key ui/idea} If the password store root folder would be included in the tree, it would be possible to show all configured stores simultanously (e.g. with an additional `name` attribute in the store configuration). On the other hand, a conscious decision to switch the profile might be preferable to prevent user mistakes and over-the-shoulder information leaks. - [ ] {key ui/enhancement/minor} If the password store is changed on filesystem, the tree might be updated only partially. Probably an edgecase, if someone uses `pass` in parallel. {F21156569} {F21156581} **Navigation** - [ ] {key ui/bug} Entry is not viewed after de- and reselect. `clipboard cleared` displayed on bottom. The same happens, when the content panel is automatically closed (if enabled in settings). To reproduce: 1. Select an entry (shown) 2. Unselect the entry (via click on the item) 3. Select the entry again {F20777787} - [ ] {key ui/enhancement} Disable deselection of the currently active entry. - It feels unexpected ~~and I can't think of any usecase~~. This could break toolbar `Add` (no way to add in root folder, if folder cannot be deselected). - In edit mode, the changes are lost on deselection. - [ ] {key ui/enhancement} Accessing the `edit` view feels uncomfortable. I know, it's in the toolbar, but choosing the right button from global context needs attention. Suggestions (preferably all of them): - Edit entry on doubleclick - Add edit button in the tree item row (e.g. floating right) - Add edit button on `Show entry` view (e.g. on title row left of `copy` button) - [ ] {key keyboard/bug} The `edit` shortcut does not work in `edit` entry mode, which is unexpected. To reproduce: 1. set `edit` shortcut 2. navigate (arrows) to some entry and press the `edit` shortcut -> `edit` view 3. navigate (arrows) to another entry and press the `edit` shortcut again -> `show` view - [ ] {key keyboard/enhancement} Maybe add `edit` shortcut preset: `ctrl + enter`? - [ ] {key keyboard/enhancement} Add Copy/Paste Shortcuts `ctrl + c/v` - [ ] {key keyboard/enhancement} After opening an entry, keyboard up/down navigates the tree. Maybe display the selected entry then (e.g. after timeout with reset on further keypresses) - [ ] {key ui/feature} Allow multiselect (e.g. to delete multiple items at once) - [ ] {key ui/feature/minor} Add `copy` entry action. In my password manager I use this often to ensure the same name "syntax" optimized for search. - [ ] {key ui/feature/minor} Display/Copy path to password file, e.g. in Context Menu **Moving** - [ ] {key ui/bug} Moving an item over another triggers the overwrite dialog. Old item will be kept, the new item will be moved to `$(pwd)/.gpg` Maybe just deactivate overwriting as it's not much useful? - [ ] {key ui/bug/minor} Moving an item visually suggests, that a custom order is possible {F20777650} **Renaming** - [ ] {key config/bug/minor} Folder/Entry names might conflict (e.g. entry `name`, folder `name.gpg`). Not very likely, but maybe should be better handled. - If an entry `name` does exist, adding a new folder `name.gpg` won't do anything. - New folders `name.gpg` will result in filesystem folder `name.gpg`, but are shown as `name` in the tree. - Given a (filesystem) folder `name.gpg`, adding a new entry `name` will result in an error `Filename refers to a directory` (which is good). - [ ] {key ui/bug} Renaming an entry `entry` to an already existing folder `folder` will result in unexpected behaviour: the folder is kept, the entry is moved into that folder, the tree might or might not be updated. Given a folder `name` and an entry `name`, the same happens, if the entry is renamed without changing the name (rename -> just click `OK`). - [ ] {key ui/enhancement} Renaming an entry to an already existing entry does not work (which makes sense) but should probably trigger a warning/error. Entry View ---------- **New Entry** - [ ] {key bug} Creating a new entry with the name of an existing entry will override the existing entry without warning. - [ ] {key bug} `/` in entry names are interpreted as separator - `/` at start will be interpreted as absolute path, e.g. `/path/to/other/.password-store/entryname` will work, although the dialog explicitly states, where the file will be created - `/` in the middle - non exisiting paths display a user error: `Could not read encryption key to use, .gpg-id file missing or invalid.` - `notapath/../works` works - `~` is not expanded - If this path behaviour is intended or kept - Display an error after path confirmation instead of checking on `save` only - Only paths within the configured store path should be allowed - [ ] {key bug} names starting with `.` - resulting files are hidden on linux, what might be a source of user errors, if files are copied manually - entries are displayed in the tree after creation, but hidden after restart. - folders are hidden in the tree after creation - maybe just disallow all `.` files, or at least: `.gpg-id`, `.gpg-id.sig`, `.git` - [ ] {key keyboard/bug} `Enter` will close the form without saving. To reproduce 1. Add new entry 2. Enter password 3. Press `Enter` - [ ] {key keyboard/enhancement} On a new entry, the Input `Password` should have focus **Show Entry** - [ ] {key ui/security} Don't leak the number of chars in the password field, which heavily reduces the search space in brute force attacks - [ ] {key ui/idea} Does the `show entry` view add any value compared to the edit view? The buttons for `copy to clipboard` and `show qr code` could also be added on the edit view. Having only one view would simplify the interface quite a bit. - [ ] {key security/feature} Protect more than `password`? Other fields might contain sensitive data, too. Probably would need a setting (list of keys). - [ ] {key ui/enhancement} Long words/urls in description expand the view beyond viewport. Buttons for qrcode/copy are out of reach, probably wrap lines. Setting `Ignore Line Wrapping` suggests, that it should be set, but does not change behaviour. {F21060206} {F21060207} - [ ] {key ui/enhancement/minor} Long keys expand the window beyond monitor border. Maybe truncate with `...` prefix and add a Tooltip with full content. {F21061334} - [ ] {key ui/bug} Clicking on fields centers content both vertically/horizontally. Centering happens on text selection, too (e.g. to copy & paste). Should be deactivated. {F21060255} {F21060256} {F21060254} - [ ] {key ui/enhancement} For multiple key/value pairs the buttons for qrcode/copy are hard to match. Maybe add e.g. - separator lines - alternating odd/even backgrounds - highlight of row on mouseover {F21060309} - [ ] {key ui/bug/minor} Problems with QR-Code for long passwords/values: QR code probably gets too small at around 1000 chars and is empty at about 2954 chars. Maybe keep pixel size constant and resize the window instead and/or display a user error if the string length exceeds a threshold. {F21060328} {F21060329} {F21060330} {F21060331} {F21060327} - [ ] {key ui/security/minor} Binary data in entries is displayed/interpreted (file might be added/changed by someone else, e.g. if the store is shared among team members; without signature checks, it could be encrypted for the user by anyone) - does not break, but some control chars seem to work (e.g. `rtl`). many errors on stdout: `qt.text.font.db: OpenType support missing for "[...]", script 66´ {F21060620} - qr code works, but adds new contexts (e.g. qr code reader on smartphones), in which the data might be interpreted {F21060623} **Edit Entry** - [ ] {key ui/bug} deleting the search term during `edit` closes the edit view (without saving) **Templates (auto)** - [ ] {key config/enhancement} Maybe split templated key/values on first `: ` (with space) instead of `:`, e.g. for `key:with:colons: value` {F21061490} - [ ] {key config/enhancement} lines with empty values are deleted on `save`, probably as intended. Might be problematic for existing stores with non-conforming entries (e.g. managed via `pass`). Suggestion: Visually mark fields to be deleted in edit form. - [ ] {key config/enhancement/minor} Maybe handle empty key, e.g. `:empty` {F21061537} {F21061538} **Templates (fixed)** - [ ] {key config/minor} `Login` with capital `L` in default template (like capital `Password`, `URL`) Settings ======== - [ ] {key ui/enhancement/minor} Change of `Use template` and `Show all fields templated` could rerender `view` entry. `edit` entry might better be closed or redirected to view `entry` without save then

//Tested: linux / en / 20.03.25// Setup ===== **Select `My Certificate`** - [x] {key ui/enhancement/minor} Remove Option `No certificate`? Choosing it results in an error anyway. Maybe needed, if no certificates are available? - [ ] ~~{key ui/feature} Tooltips with selectable text (e.g. to copy the fingerprint for bug reports)~~ Not feasible **Input `Path`** - [ ] {key bug} Adding an existing store will overwrite the root `.gpg-id` file regardless of the differences (but not reencrypt). Maybe add a warning dialog with an explanation, a diff of the ids and resolution options (e.g. keep, overwrite, overwrite and reencrypt) - [ ] {key config/bug} Three slahes at the beginning autocompletes working directory {F20776899} {F20776900} {F20776901} - [ ] {key config/minor} Maybe normalize generated path: `/home/user/////////kde/.password-store-test4///////` results in `Path[$e]=$HOME/////////kde/.password-store-test4///////`. This path will be visible for the user e.g. on creation of new folders and accidentally using `//` could be problematic in other programs/contexts. **Dialog `Generate a new OpenPGP certificate`** - [x] {key config/minor} resulting `.gpg-id` has no newline, which differs from `pass init`. Might result in copy & paste errors, if the gpg id is copied from terminal (e.g. `78982DB8B11C0B15#`). - [ ] {key bug/minor} Leaving the wizard open for some (very long) time, another window with the same wizard will appear - maybe a timeout? {F20776847} - [ ] {key ui/minor} Input fields slightly cut, to reproduce 1. open Section `Advanced Options` -> Field `Name`/`Email` cut on the right 2. check Checkbox `Protect` -> Field `Name`/`Email` cut on the left {F20776882} - [ ] {key ui/minor} Dialog window keeps height after expansion and collapse of the Section `Advanced options` (probabaly not worth a fix) - [ ] {key feature} Creation of certs possible, but not the deletion? - [ ] {key comprehesion} The `(between X and Y)` dates in the description of `Valid until` can be misleading. It took a while to understand, that it's not about the resulting valid period, but rather the min/max of the `until` value. Maybe `choose between`,2106 also looks very arbitrary. Maybe `choose between`, or move the description into the datetime widget or just remove it completely? The datetime widget prevents the choice anyway, which should be intuitive. - [ ] {key comprehesion/minor} Tooltip Text `unrecoverable` in Checkbox `Protect`: Understandable for the users? Maybe expand to a sentence, that the passphrase needs to be kept save and secrets are lost without it. - [ ] {key comprehesion/enhancement} Mark the recommended algorithm in Section `Advanced options`? e.g. `curve25519 (recommended)` as Label? If users are playing around with it, they might end up generating keys with deviating algorithm. - [ ] {key comprehesion/minor} Dialog description `name and/or email`: Do users understand the implications of choosing both/between? Main ==== - [ ] {key keyboard/bug}: Using shortcut `Ctrl-Q` triggers a warning, that this sequence is ambiguous and should be resolved in the Shortcut Settings. In these Settings I see, that this Shortcut is only mapped to `gpgpass/Quit`. Might be my config? - [ ] {key note} Currently multiple `gpgpass` instances are allowed, which probably could lead to inconsistencies. Maybe restrict to one per configuration file? Menus ----- - [ ] {key bug} `Über GPGPass` links GPL2, README references GPL3 {F21156761} - [ ] {key ui/enhancement/minor} Better choice of icons possible? Mix of colored / blue / black without semantical meaning. `edit` has the same icon as `configure`. Configuration icon not optimal in my opinion, at least for the toolbar (the bottom line matches visually with the Shortcut underscore and looks a bit broken in my opinion). - [ ] {notkey language} `Handbuch` and `Was ist das?`: disfuncen_US` chosen, but many German translationals present, probably placeholder?e.g. - [ ] { - `GPGPass einrichten ...` - `Einstellungen` - `Hilfe` - etc. - [ ] {key note} `Handbuch` and `Was ist das?`: disfunctional, probably placeholder? - [ ] {key note} `Probleme oder Wünsche berichten`: reports with user account only? Search ------ - [ ] {key ui/bug} searches have different results, e.g. for current testdata 1. start gpgpass 2. repeated search 1. search for `entry` 2. delete search term and wait for tree to rerender {F21156706} {F21156714} {F21156720} - [ ] {key ui/enhancement} Deep folder structures in searches might be confusing - contents of matched folders are included in the search, which makes sense - parents of matched folders might be unneccessary, maybe it's worth a try to omit them, if possible - open matched folders with many entries will also possibly push the next matches out of view - maybe highlight matched substring in folders/entries - maybe close matched (sub-)folders {F20937984} - [ ] {key bug} RegEx special chars should better be handled in search. stdout: ``` QString(View)::contains(): called on an invalid QRegularExpression object (pattern is '*') QString(View)::contains(): called on an invalid QRegularExpression object (pattern is '?') QString(View)::contains(): called on an invalid QRegularExpression object (pattern is '\') ``` - [ ] {key bug/minor} Unescaped regex special chars (e.g. `wertpasdg.-`) as first search term char (1 char only?) will be interpreted as regex, which might get unexpected results. {F20777057} {F20777374} {F20777454} - [ ] {key ui/bug} Folders in results closed by default, if previous search result found no results. to reproduce with current testdata, 1. search for `empty` -> folder is open {F21156300} 2. search for `asdf` -> no passwords found {F21156314} 3. search for `empty` -> all folders closed {F21156320} {F21156331} - [ ] {key ui/security/minor} All Folders briefly open on search, which might leak information (over-the-shoulder) Password Tree ------------- **Folders** - [ ] {key ui/bug} `.password-store` folder is shown. To recreate 1. Enter some chars in Input `Search` and press `Enter` 2. Remove all chars and wait - [ ] {key ui/idea} If the password store root folder would be included in the tree, it would be possible to show all configured stores simultanously (e.g. with an additional `name` attribute in the store configuration). On the other hand, a conscious decision to switch the profile might be preferable to prevent user mistakes and over-the-shoulder information leaks. - [ ] {key ui/enhancement/minor} If the password store is changed on filesystem, the tree might be updated only partially. Probably an edgecase, if someone uses `pass` in parallel. {F21156569} {F21156581} **Navigation** - [ ] {key ui/bug} Entry is not viewed after de- and reselect. `clipboard cleared` displayed on bottom. The same happens, when the content panel is automatically closed (if enabled in settings). To reproduce: 1. Select an entry (shown) 2. Unselect the entry (via click on the item) 3. Select the entry again {F20777787} - [ ] {key ui/enhancement} Disable deselection of the currently active entry. - It feels unexpected ~~and I can't think of any usecase~~. This could break toolbar `Add` (no way to add in root folder, if folder cannot be deselected). - In edit mode, the changes are lost on deselection. - [ ] {key ui/enhancement} Accessing the `edit` view feels uncomfortable. I know, it's in the toolbar, but choosing the right button from global context needs attention. Suggestions (preferably all of them): - Edit entry on doubleclick - Add edit button in the tree item row (e.g. floating right) - Add edit button on `Show entry` view (e.g. on title row left of `copy` button) - [ ] {key ui/enhancement} Deep folder structures in searches might be confusingkeyboard/bug} The `edit` shortcut does not work in `edit` entry mode, - contents of matched folders are included in the search,which is unexpected. which makes senseTo reproduce: - parents of matched folders might be unneccessary,1. maybe it's worth a try to omit them, if possibleset `edit` shortcut - maybe highlight matched folders/entries2. navigate (arrows) to some entry and press the `edit` shortcut -> `edit` view - maybe close all folders in matched folders3. navigate (arrows) to another entry and press the `edit` shortcut again -> `show` view {F20937984}- [ ] {key keyboard/enhancement} Maybe add `edit` shortcut preset: `ctrl + enter`? - [ ] {key keyboard/enhancement} Add Copy/Paste Shortcuts `ctrl + c/v` - [ ] {key keyboard/enhancement} After opening an entry, keyboard up/down navigates the tree. Maybe display the selected entry then (e.g. after timeout with reset on further keypresses) - [ ] {key ui/feature} Allow multiselect (e.g. to delete multiple items at once) - [ ] {key ui/feature/minor} Add `copy` entry action. In my password manager I use this often to ensure the same name "syntax" optimized for search. - [ ] {key ui/feature/minor} Display/Copy path to password file, e.g. in Context Menu **Moving** - [ ] {key ui/bug} Moving an item over another triggers the overwrite dialog. Old item will be kept, the new item will be moved to `$(pwd)/.gpg` Maybe just deactivate overwriting as it's not much useful? - [ ] {key ui/bug/minor} Moving an item visually suggests, that a custom order is possible {F20777650} **Renaming** - [ ] {key config/bug/minor} Folder/Entry names might conflict (e.g. entry `name`, folder `name.gpg`). Not very likely, but maybe should be better handled. - If an entry `name` does exist, adding a new folder `name.gpg` won't do anything. - New folders `name.gpg` will result in filesystem folder `name.gpg`, but are shown as `name` in the tree. - Given a (filesystem) folder `name.gpg`, adding a new entry `name` will result in an error `Filename refers to a directory` (which is good). - [ ] {key ui/bug} Renaming an entry `entry` to an already existing folder `folder` will result in unexpected behaviour: the folder is kept, the entry is moved into that folder, the tree might or might not be updated. Given a folder `name` and an entry `name`, the same happens, if the entry is renamed without changing the name (rename -> just click `OK`). - [ ] {key ui/enhancement} Renaming an entry to an already existing entry does not work (which makes sense) but should probably trigger a warning/error. Entry View ---------- **New Entry** - [ ] {key bug} Creating a new entry with the name of an existing entry will override the existing entry without warning. - [ ] {key bug} `/` in entry names are interpreted as separator - `/` at start will be interpreted as absolute path, e.g. `/path/to/other/.password-store/entryname` will work, although the dialog explicitly states, where the file will be created - `/` in the middle - non exisiting paths display a user error: `Could not read encryption key to use, .gpg-id file missing or invalid.` - `notapath/../works` works - `~` is not expanded - If this path behaviour is intended or kept - Display an error after path confirmation instead of checking on `save` only - Only paths within the configured store path should be allowed - [ ] {key bug} names starting with `.` - resulting files are hidden on linux, what might be a source of user errors, if files are copied manually - entries are displayed in the tree after creation, but hidden after restart. - folders are hidden in the tree after creation - `.gpg-id` is a valid folder name- maybe just disallow all `.` files, which conflicts with the pass file. In the userlist, no users are selected.or at least: `.gpg-id`, `save` does not work: `Unable to open "/home/kaleidos/kde/.password-store/override/.gpg-id"` - `.gpg-id.sig` should also be prevented, as it conflicts with the detached signature created when using `PASSWORD_STORE_SIGNING_KEY` - `.git` should better also be prevented`.git` - [ ] {key keyboard/bug} `Enter` will close the form without saving. To reproduce 1. Add new entry 2. Enter password 3. Press `Enter` - [ ] {key keyboard/enhancement} On a new entry, the Input `Password` should have focus **Show Entry** - [ ] {key ui/security} Don't leak the number of chars in the password field, which heavily reduces the search space in brute force attacks - [ ] {key ui/idea} Does the `show entry` view add any value compared to the edit view? The buttons for `copy to clipboard` and `show qr code` could also be added on the edit view. Having only one view would simplify the interface quite a bit. - [ ] {key security/feature} Protect more than `password`? Other fields might contain sensitive data, too. Probably would need a setting (list of keys). - [ ] {key ui/enhancement} Long words/urls in description expand the view beyond viewport. Buttons for qrcode/copy are out of reach, probably wrap lines. Setting `Ignore Line Wrapping` suggests, that it should be set, but does not change behaviour. {F21060206} {F21060207} - [ ] {key ui/enhancement/minor} Long keys expand the viewindow beyond viewportmonitor border. Maybe truncate with `...` prefix and add a Tooltip with full content. {F21061334} - [ ] {key ui/bug} Clicking on fields centers content both vertically/horizontally. Centering happens on text selection, too (e.g. to copy & paste). Should be deactivated. {F21060255} {F21060256} {F21060254} - [ ] {key ui/enhancement} For multiple key/value pairs the buttons for qrcode/copy are hard to match. Maybe add e.g. - separator lines - alternating odd/even backgrounds - highlight of row on mouseover {F21060309} - [ ] {key ui/bug/minor} Problems with QR-Code for long passwords/values: QR code probably gets too small at around 1000 chars and is empty at about 2954 chars. QR code probably gets too small at around 1000 chars and is empty at about 2954 charsMaybe keep pixel size constant and resize the window instead and/or display a user error if the string length exceeds a threshold. {F21060328} {F21060329} {F21060330} {F21060331} {F21060327} - [ ] {key ui/security/minor} Binary data in entries is displayed/interpreted (file might be added/changed by someone else, e.g. if the store is shared among team members; without signature checks, it could be encrypted for the user by anyone) - does not break, but some control chars seem to work (e.g. `rtl`). many errors on stdout: `qt.text.font.db: OpenType support missing for "[...]", script 66´ {F21060620} - qr code works, but adds new contexts (e.g. qr code reader on smartphones), in which the data might be interpreted {F21060623} **Edit Entry** - [ ] {key ui/bug} deleting the search term during `edit` closes the edit view (without saving) **Templates (auto)** - [ ] {key config/enhancement} Maybe split templated key/values on first `: ` (with space) instead of `:`, e.g. for `key:with:colons: value` {F21061490} - [ ] {key config/enhancement} lines with empty values are deleted on `save`, probably as intended. Might be problematic for existing stores with non-conforming entries (e.g. managed via `pass`). Suggestion: Visually mark fields to be deleted in edit form. - [ ] {key config/enhancement/minor} Maybe handle empty key, e.g. `:empty` {F21061537} {F21061538} **Templates (fixed)** - [ ] {key config/minor} `Login` with capital `L` in default template (like capital `Password`, `URL`) Settings ======== - [ ] {key ui/enhancement/minor} Change of `Use template` and `Show all fields templated` could rerender entry view. Probably only on `view` entry,. not on `edit` `edit` entry might better be closed or redirected to view `entry.` without save then