//Tested: linux / en / 20.03.25//
Setup
=====
{nav icon=database, name=setup}
- [x] {icon circle color=green} {key ui/bug/minor}
Entering a `Name` in store configuration (via `Configure GPGPass`) during setup crashes the application:
- [ ] {icon circle color=lightgreytext} {key ui/enhancement}
We should also look into improving this page in general for the case where there's no password store yet
**Select `My Certificate`**
- [x] {icon circle color=green} {key ui/enhancement/minor}
Remove Option `No certificate`? Choosing it results in an error anyway. Maybe needed, if no certificates are available?
- [x] {icon exclamation color=red} {icon circle color=green} {key ui/bug}
`Generate certificate` not selectable anymore without other certs available {nav icon=database, name=clean}
- [x] {icon circle color=green} Maybe add a button instead of directly opening the cert gen dialog?
Or would it be possible to make the former "No cert" option unselectable?
- [x] {icon times-circle} {key ui/feature}
~~Tooltips with selectable text (e.g. to copy the fingerprint for bug reports)~~
Not feasible
- [ ] {icon exclamation color=yellow} {icon circle color=lightgreytext} {key ui/bug}
First certificate should be usable (unusable don't make sense, entries cannot be saved afterwards).
Not disabled/untrusted. To reproduce, open {nav icon=database, name=setup} and choose
- {icon circle color=red} `alice.disabled.1`
- disabled keys are still selectable
- {icon circle color=green} `alice.trust*`
- [ ] {icon circle color=lightgreytext} {key ui/bug/minor}
choosing `Generate Certificate` displays an error in the background
{F21967800}
- [ ] {icon circle color=lightgreytext} {key ui/enhancement/minor}
maybe also show expired certs (users might wonder, what happened to their cert)
- [ ] {icon circle color=lightgreytext} {key comprehension/minor}
Tooltip text could be more precise, e.g.:
- `Revuserids`: 5 userids not certified -> 5 userids revoked / 5 userids certified (the other ones)
- `TrustX`: 1 userid not certified: -> all userids not certified / no userid certified / key not trusted
- As "certified" means "valid", why not just use "valid"?
**Input `Path`**
- [x] {icon exclamation color=red} {icon circle color=green} {key bug}
Adding an existing store will overwrite the root `.gpg-id` file regardless of the differences (but not reencrypt).
Maybe add a warning dialog with an explanation, a diff of the ids and resolution options (e.g. keep, overwrite, overwrite and reencrypt).
Or probably better just replace the cert selection field with some user feedback, that a store is detected (has .gpg-id) and just import it without changes.
- [ ] {icon circle color=lightgreytext} {key app/enhancement}
Adding existing stores might be a valid usecase (e.g. reinstall from backup). An option to just import without overwriting the `gpg-id` file would be nice.
- [ ] {icon circle color=lightgreytext} {key config/bug}
Three slahes at the beginning autocompletes working directory
{F20776899}
{F20776900}
{F20776901}
- [ ] {icon circle color=lightgreytext} {key config/minor}
Maybe normalize generated path: `/home/user/////////kde/.password-store-test4///////` results in `Path[$e]=$HOME/////////kde/.password-store-test4///////`.
This path will be visible for the user e.g. on creation of new folders and accidentally using `//` could be problematic in other programs/contexts.
**Dialog `Generate a new OpenPGP certificate`**
- [ ] {icon circle color=lightgreytext} {key config/minor}
Resulting `.gpg-id` has no newline, which differs from `pass init`.
Might result in copy & paste errors, if the gpg id is copied from terminal
(e.g. `78982DB8B11C0B15#`).
- {icon circle color=red} still no newline, e.g. in {nav icon=database, name=empty} add an entry, change cert, save, check .gpg-id
- [x] {icon circle color=green} {key bug/minor}
Leaving the wizard open for some (very long) time, another window with the same wizard will appear - maybe a timeout?
{F20776847}
- [ ] {icon circle color=lightgreytext} {key feature}
Creation of certs possible, but not the deletion?
- [ ] {icon circle color=lightgreytext} {key comprehesion}
The `(between X and Y)` dates in the description of `Valid until` can be misleading.
It took a while to understand, that it's not about the resulting valid period, but rather the min/max of the `until` value. 2106 also looks very arbitrary.
Maybe `choose between`, or move the description into the datetime widget or just remove it completely?
The datetime widget prevents the choice anyway, which should be intuitive.
- [ ] {icon circle color=lightgreytext} {key comprehesion/minor}
Tooltip Text `unrecoverable` in Checkbox `Protect`: Understandable for the users?
Maybe expand to a sentence, that the passphrase needs to be kept save and secrets are lost without it.
- [ ] {icon circle color=lightgreytext} {key comprehesion/enhancement}
Mark the recommended algorithm in Section `Advanced options`?
e.g. `curve25519 (recommended)` as Label? If users are playing around with it, they might end up generating keys with deviating algorithm.
- [ ] {icon circle color=lightgreytext} {key comprehesion/minor}
Dialog description `name and/or email`: Do users understand the implications of choosing both/between?
Main
====
{nav icon=database, name=main}
- [x] {icon circle color=green} {key keyboard/bug}
Using shortcut `Ctrl-Q` triggers a warning, that this sequence is ambiguous and should be resolved in the Shortcut Settings.
In these Settings I see, that this Shortcut is only mapped to `gpgpass/Quit`. Might be my config?
- [x] {icon circle color=green} {key note}
Currently multiple `gpgpass` instances are allowed, which probably could lead to inconsistencies.
Maybe restrict to one per configuration file?
- [ ] {icon exclamation color=yellow} {icon circle color=lightgreytext} {key app/enhancement}
Use gpg for randomness
- [ ] {icon exclamation color=yellow} {icon circle color=lightgreytext} {key ui}
Show VS conform
- [ ] {icon circle color=lightgreytext} {key app/feature} now no multiple instances are allowed, one per config (`.gpgpassrc` path) would be better
- users might want to separate passwords process wise, and/or use a different gnupghome
- multiuser live tests don't work anymore (still can be somehow tested with manual `pass` operations though)
- [ ] {icon circle color=lightgreytext} {key app/feature}
Sign `.gpg-id` file (env var PASSWORD_STORE_SIGNING_KEY)
Check signature on show/edit entries, warn on mismatch.
- [ ] {icon circle color=lightgreytext} {key app/feature}
Support [TOTP extension](https://github.com/tadfisher/pass-otp)
- [ ] {icon circle color=lightgreytext} {key app/feature}
Support yubico / FIDO TOTP
- [ ] {icon circle color=lightgreytext} {key app/feature}
Support for tray icon password and TOTP picker like plasma-pass (von meik)
- [ ] {icon circle color=lightgreytext} {key app/bug/minor}
`What's this` shortcut should also be removed (after deletion from menu).
Menus
-----
{nav icon=database, name=main}
- [ ] {icon exclamation color=yellow} {icon circle color=lightgreytext} {key bug}
`Über GPGPass` and `SDPSX-License-Identifier` in gpgpassui.rc links GPL2, README references GPL3
{F21156761}
- [ ] {icon circle color=lightgreytext} {key ui/enhancement/minor}
Better choice of icons possible?
Mix of colored / blue / black without semantical meaning. `edit` has the same icon as `configure`.
Configuration icon not optimal in my opinion, at least for the toolbar (the bottom line matches visually with the Shortcut underscore and looks a bit broken in my opinion).
- [ ] {icon circle color=lightgreytext} {key ui/enhancement/minor}
`Users` has no icon.
- [ ] {icon exclamation color=yellow} {icon circle color=lightgreytext} {key language}
`en_US` chosen, but many German translations present, e.g.
- `GPGPass einrichten ...`
- `Einstellungen`
- `Hilfe`
- etc.
- [ ] {icon circle color=lightgreytext} {key note}
`Handbuch` ~~and `Was ist das?`~~: disfunctional, probably placeholder?
- [ ] {icon circle color=lightgreytext} {key note}
`Probleme oder Wünsche berichten`: reports with user account only?
Search
------
{nav icon=database, name=main}
- [x] {icon circle color=green} {key ui/bug}
Searches have different results, e.g. for current testdata
1. start gpgpass
2. repeated search
1. search for `entry`
2. delete search term and wait for tree to rerender
{F21156706}
{F21156714}
{F21156720}
- [ ] {icon circle color=lightgreytext} {key ui/enhancement}
Deep folder structures in searches might be confusing
- contents of matched folders are included in the search, which makes sense
- parents of matched folders might be unneccessary, maybe it's worth a try to omit them, if possible
- open matched folders with many entries will also possibly push the next matches out of view
- maybe highlight matched substring in folders/entries
- maybe close matched (sub-)folders
{F20937984}
- [x] {icon circle color=green} {key bug}
RegEx special chars should better be handled in search. stdout:
```
QString(View)::contains(): called on an invalid QRegularExpression object (pattern is '*')
QString(View)::contains(): called on an invalid QRegularExpression object (pattern is '?')
QString(View)::contains(): called on an invalid QRegularExpression object (pattern is '\')
```
- [x] {icon circle color=green} {key bug/minor}
Unescaped regex special chars (e.g. `wertpasdg.-`) as first search term char (1 char only?) will be interpreted as regex, which might get unexpected results.
{F20777057}
{F20777374}
{F20777454}
- [x] {icon circle color=green} {key ui/bug}
Folders in results closed by default, if previous search result found no results. to reproduce with current testdata,
1. search for `empty` -> folder is open
{F21156300}
2. search for `asdf` -> no passwords found
{F21156314}
3. search for `empty` -> all folders closed
{F21156320}
{F21156331}
- [x] {icon circle color=green} {key ui/security/minor}
All Folders briefly open on search, which might leak information (over-the-shoulder)
- well, now all folders are open by default :P
Password Tree
-------------
{nav icon=database, name=main}
**Folders**
- [x] {icon circle color=green} {key ui/bug}
`.password-store` folder is shown. To recreate
1. Enter some chars in Input `Search` and press `Enter`
2. Remove all chars and wait
- [x] {icon circle color=green} {key ui/idea}
~~If the password store root folder would be included in the tree, it would be possible to show all configured stores simultanously
(e.g. with an additional `name` attribute in the store configuration).
On the other hand, a conscious decision to switch the profile might be preferable to prevent user mistakes and over-the-shoulder information leaks.~~
already done
- [x] {icon circle color=green} {key ui/enhancement/minor}
If the password store is changed on filesystem, the tree might be updated only partially.
Looks like this happens only, if the root folder was deleted and recreated, so this is probably ok.
{F21156569}
{F21156581}
- [x] {icon exclamation color=red} {icon circle color=green} {key ui/bug}
If the first of multiple (non-empty) stores is empty, the "No Passwords Found" overlay is shown.
Maybe just deactivate this overlay for multistores, as it is only useful as first step aid.
{F21967853}
{F21967840}
- [ ] {icon exclamation color=yellow} {icon circle color=lightgreytext} {key bug}
File monitoring (via inotify) cannot handle reentry/recursion.
To reproduce: in any store, add a symlink `ln -s . recursion` (commented out in testdata right now) and watch the CPU:
{F21967880}
`pass` is handling this:
{F21967887}
- [ ] {icon exclamation color=yellow} {icon circle color=lightgreytext} {key security/enhancement}
Entries/Folders outside of the store root (via symlink) should better be ignored (although `pass`has no such a restriction).
Testdata example is `/tmp/gpgpass` {nav icon=database, name=main | User/symlinks/outside/FSROOT!__tmp__gpgpass}, but could also be `/etc` or some other folder, which should better not be touched.
- If this behaviour should be kept, File monitoring should add those files outside of store root, too
(currently adding an entry in {nav icon=database, name=main | Empty } won't show up in {nav icon=database, name=main | User/symlinks/outside/FSROOT!__tmp__gpgpass/stores/main/alice }
- [ ] {icon exclamation color=yellow} {icon circle color=lightgreytext} {key ui/enhancement}
Sort entries alphabetically but case insensitive
{nav icon=database, name=main | User/sort/*}
- [ ] {icon circle color=lightgreytext} {key ui/bug}
Own `.gpg-ids` are applied to symlinked folders.
Those folders might have none or a different `.gpg-id` file.
Maybe disable symlinks in general, but this would not be `pass` compliant.
Or check symlinks for real parent `.gpg-ids`.
{F21967893}
{F21967903}
- [ ] {icon circle color=lightgreytext} {key ui/enhancement/minor}
Beautify tooltip with userlist
- Remove default html style bullet top/left margin
- Maybe more width, so common userid sizes fit into it
- Maybe remove details (certified/created)
{F21967910}
**Navigation**
- [ ] {icon exclamation color=red} {icon circle color=lightgreytext} {key ui/bug}
Entry is not viewed after de- and reselect. `clipboard cleared` displayed on bottom.
The same happens, when the content panel is automatically closed (if enabled in settings).
To reproduce:
1. Select an entry (shown)
2. Unselect the entry (via click on the item)
3. Select the entry again
{F20777787}
- [ ] {icon circle color=lightgreytext} {key ui/enhancement}
Maybe disable deselection of the currently active entry, if possible.
Probably not easily possible, as currently this would it make impossible in singlestores to add a root entry.
- [ ] {icon exclamation color=red} {icon circle color=lightgreytext} {key ui/bug}
In edit mode, the changes are lost, if an item is deselected.
- [ ] {icon exclamation color=yellow} {icon circle color=lightgreytext} {key ui/enhancement}
Accessing the `edit` view feels uncomfortable. I know, it's in the toolbar, but choosing the right button from global context needs attention.
Suggestions (preferably all of them):
- Edit entry on doubleclick
- Add edit button in the tree item row (e.g. floating right)
- Add edit button on `Show entry` view (e.g. on title row left of `copy` button)
- [ ] {icon exclamation color=yellow} {icon circle color=lightgreytext} {key keyboard/bug}
The `edit` shortcut does not work in `edit` entry mode, which is unexpected. To reproduce:
1. set `edit` shortcut
2. navigate (arrows) to some entry and press the `edit` shortcut -> `edit` view
3. navigate (arrows) to another entry and press the `edit` shortcut again -> `show` view
- [ ] {icon circle color=lightgreytext} {key keyboard/enhancement}
Maybe add `edit` shortcut preset: `ctrl + enter`?
- [ ] {icon circle color=lightgreytext} {key keyboard/enhancement}
Add "Copy Password to Clipboard" Shortcut `ctrl + c`
- [ ] {icon circle color=lightgreytext} {key keyboard/enhancement}
After opening an entry, keyboard up/down navigates the tree.
Maybe display the selected entry then (e.g. after timeout with reset on further keypresses)
- [ ] {icon circle color=lightgreytext} {key ui/feature}
Allow multiselect (e.g. to delete multiple items at once)
- [ ] {icon circle color=lightgreytext} {key ui/feature/minor}
Add `copy` entry action. In my password manager I use this often to ensure the same name "syntax" optimized for search.
- [ ] {icon circle color=lightgreytext} {key ui/feature/minor}
Display/Copy path to password file, e.g. in Context Menu
- [ ] {icon exclamation color=yellow} {icon circle color=lightgreytext} {key keyboard/enhancement}
On edit shortcut, the focus should switch to the entry form, right now
one has to tab through all toolbar items to reach it.
- [ ] {icon exclamation color=yellow} {icon circle color=lightgreytext} {key keyboard/enhancement}
Newly created folders should have focus to create entries within afterwards
- [ ] {icon exclamation color=red} {icon circle color=lightgreytext} {key ui/bug}
The open tree behaviour has several issues:
- Adding an entry/folder resets the tree (to reproduce: collapse some folders and all stores, add an entry, all stores open again). The tree state should be kept
- Happens also via inotify, if others add an entry (to reproduce: open {nav icon=database, name=main}, close all stores, on any store execute `echo "password" | pass insert -ef test`)
- Searching resets the tree. If possible, save and restore the former state on ESC
- Suggestion for open folders:
- on start (both single/multistore): closed (maybe 1st level open, if < ~5 items)
- on search: one level of matches open
- custom state should be kept, if possible.
on abort of search, the former state could be restored + open path to selected entry
- [ ] {icon circle color=lightgreytext} {key ui/enhancement/minor}
Add open/close all subfolders (1 level) in context menu
- [ ] {icon circle color=lightgreytext} {key keyboard/bug}
Keyboard edit/delete does not work on first navigation
(to reproduce: start {nav icon=database, name=main}, tab to tree, move with arrows to first entry, try delete/edit shortcut)
- [ ] {icon circle color=lightgreytext} {key ui/enhancement/minor}
Stores could be visually slightly different (e.g. bold, icon, background)
**Moving**
- [ ] {icon exclamation color=red} {icon circle color=lightgreytext} {key ui/bug}
Moving an item over another triggers the overwrite dialog.
Old item will be kept, the new item will be moved to `$(pwd)/.gpg`
Maybe just deactivate overwriting as it's not much useful?
- [ ] {icon circle color=lightgreytext} {key ui/bug/minor}
Moving an item visually suggests, that a custom order is possible
{F20777650}
**Renaming**
- [ ] {icon exclamation color=yellow} {icon circle color=lightgreytext} {key config/bug/minor}
Folder/Entry names might conflict
(e.g. entry `name`, folder `name.gpg`). Not very likely, but maybe should be better handled.
- If an entry `name` does exist, adding a new folder `name.gpg` won't do anything.
- New folders `name.gpg` will result in filesystem folder `name.gpg`, but are shown as `name` in the tree.
- Given a (filesystem) folder `name.gpg`, adding a new entry `name` will result in an error `Filename refers to a directory` (which is good).
- [ ] {icon exclamation color=red} {icon circle color=lightgreytext} {key ui/bug}
Renaming an entry `entry` to an already existing folder `folder` will result in unexpected behaviour:
the folder is kept, the entry is moved into that folder, the tree might or might not be updated.
Given a folder `name` and an entry `name`, the same happens, if the entry is renamed without changing the name (rename -> just click `OK`).
- [ ] {icon exclamation color=yellow} {icon circle color=lightgreytext} {key ui/enhancement}
Renaming an entry to an already existing entry does not work (which makes sense) but should probably trigger a warning/error.
Entry View
----------
{nav icon=database, name=main}
**New Entry**
- [x] {icon exclamation color=red} {icon circle color=green} {key bug}
Creating a new entry with the name of an existing entry will override the existing entry without warning.
- [ ] {icon exclamation color=yellow} {icon circle color=lightgreytext} {key bug}
`/` in entry names are interpreted as separator
- `/` at start will be interpreted as absolute path, e.g. `/path/to/other/.password-store/entryname` will work, although the dialog explicitly states, where the file will be created
- `/` in the middle
- non exisiting paths display a user error: `Could not read encryption key to use, .gpg-id file missing or invalid.`
- `notapath/../works` works
- `~` is not expanded
- If this path behaviour is intended or kept
- Display an error after path confirmation instead of checking on `save` only
- Only paths within the configured store path should be allowed
- [ ] {icon exclamation color=yellow} {icon circle color=lightgreytext} {key bug}
Names starting with `.`
- resulting files are hidden on linux, what might be a source of user errors, if files are copied manually
- entries are displayed in the tree after creation, but hidden after restart.
- folders are hidden in the tree after creation
- maybe just disallow all `.` files, or at least: `.gpg-id`, `.gpg-id.sig`, `.git`
- [ ] {icon exclamation color=red} {icon circle color=lightgreytext} {key keyboard/bug}
`Enter` will close the form without saving. To reproduce
1. Add new entry
2. Enter password
3. Press `Enter`
- [ ] {icon exclamation color=yellow} {icon circle color=lightgreytext} {key keyboard/enhancement}
On a new entry, the Input `Password` should have focus
**Show Entry**
- [ ] {icon exclamation color=yellow} {icon circle color=lightgreytext} {key ui/security}
Don't leak the number of chars in the password field, which heavily reduces the search space in brute force attacks
- [ ] {icon circle color=lightgreytext} {key ui/idea}
Does the `show entry` view add any value compared to the edit view?
The buttons for `copy to clipboard` and `show qr code` could also be added on the edit view.
Having only one view would simplify the interface quite a bit.
- [ ] {icon circle color=lightgreytext} {key security/feature}
Protect more than `password`? Other fields might contain sensitive data, too. Probably would need a setting (list of keys).
- [ ] {icon exclamation color=yellow} {icon circle color=lightgreytext} {key ui/bug}
Long words {nav icon=database, name=main | User/long/notes_*} / urls {nav icon=database, name=main | User/long/url} in description expand the view beyond viewport.
Buttons for qrcode/copy are out of reach, probably wrap lines.
Setting `Ignore Line Wrapping` suggests, that it should be set, but does not change behaviour.
{F21060206}
{F21060207}
- [ ] {icon exclamation color=red} {icon circle color=lightgreytext} {key ui/bug}
Clicking on fields centers content both vertically/horizontally.
Centering happens on text selection, too (e.g. to copy & paste).
Should be deactivated.
{nav icon=database, name=main | User/long/many_notes_lines}
{F21060255}
{F21060256}
{F21060254}
- [ ] {icon circle color=lightgreytext} {key ui/bug/minor}
Problems with QR-Code for long passwords/values {nav icon=database, name=main | User/long/password/*}:
QR code probably gets too small at around 1000 chars and is empty at about 2954 chars.
Maybe keep pixel size constant and resize the window instead and/or display a user error if the string length exceeds a threshold.
{F21060328}
{F21060329}
{F21060330}
{F21060331}
{F21060327}
- [ ] {icon circle color=lightgreytext} {key ui/security/minor}
Binary data in entries {nav icon=database, name=main | User/chars/binary*} is displayed/interpreted (file might be added/changed by someone else, e.g. if the store is shared among team members;
without signature checks, it could be encrypted for the user by anyone)
- does not break, but some control chars seem to work (e.g. `rtl`). many errors on stdout: `qt.text.font.db: OpenType support missing for "[...]", script 66´
{F21060620}
- qr code works, but adds new contexts (e.g. qr code reader on smartphones), in which the data might be interpreted
{F21060623}
- [ ] {icon circle color=lightgreytext} {key error/comprehension}
If pinentry-curses is used (or a fallback occurs), the error message is misleading: "No such file or directory"
(to reproduce: force curses pinentry via
`echo "pinentry-program /usr/bin/pinentry-curses" > envs/main/alice/gpg-agent.conf && killall gpg-agent` and open {nav icon=database, name=main | User/certs/alice.protected.1*})
{F21967933}
**Edit Entry**
- [ ] {icon exclamation color=red} {icon circle color=lightgreytext} {key ui/bug}
Deleting the search term during `edit` closes the edit view (without saving)
- [ ] {icon circle color=lightgreytext} {key app/feature}
Enable user to "raw" edit entries
**Delete Entry**
- [ ] {icon circle color=lightgreytext} {key ui/enhancement/minor}
Show path relative to store root.
Maybe show the tree path instead of the file path (for entries without `.gpg`)
Path/Extension is more like an implementation detail from perspective of a gui user
{F21967954}
{F21967953}
- [ ] {icon exclamation color=yellow} {icon circle color=lightgreytext} {key ui/bug}
deleting a file in a symlinked folder does not remove the symlink in tree. to reproduce
1. delete {nav icon=database, name=main | User/symlinks/linked_folder/entry}
2. {nav icon=database, name=main | User/symlinks/folter/entry} is removed in tree,
but {nav icon=database, name=main | User/symlinks/linked_folder/entry} is still shown
- [ ] {icon exclamation color=yellow} {icon circle color=lightgreytext} {key ui/bug}
Deleting a store in a multistore tree deletes the folder on filesystem, not in tree, nor in config.
Maybe deactivate deletion of a store root folder in tree.
- [ ] {icon circle color=lightgreytext} {key keyboard/enhancement}
Refocus tree after deletion
- [ ] {icon circle color=lightgreytext} {key ui/bug/minor}
Deleting a folder during creation/edit of an entry in that folder should close the entry.
Templates
=========
{nav icon=database, name=template}
- [ ] {icon circle color=lightgreytext} {key config/enhancement}
Maybe split templated key/values on first `: ` (with space) instead of `:`, e.g. for `key:with:colons: value` {nav icon=database, name=template | basic}
{F21061490}
- [ ] {icon exclamation color=yellow} {icon circle color=lightgreytext} {key config/enhancement}
Lines with empty values {nav icon=database, name=template | basic (empty:)} are deleted on `save`, probably as intended.
Might be problematic for existing stores with non-conforming entries (e.g. managed via `pass`).
Suggestion: Visually mark fields to be deleted in edit form.
- [ ] {icon circle color=lightgreytext} {key config/enhancement/minor}
Maybe handle empty key, e.g. `:empty`
{nav icon=database, name=template | basic (:empty)}
{F21061537}
{F21061538}
- [ ] {icon circle color=lightgreytext} {key ui/enhancement}
For multiple key/value pairs {nav icon=database, name=template | chars} the buttons for qrcode/copy are hard to match. Maybe add e.g.
- separator lines
- alternating odd/even backgrounds
- highlight of row on mouseover
{F21060309}
- [ ] {icon exclamation color=yellow} {icon circle color=lightgreytext} {key ui/enhancement/minor}
Long keys {nav icon=database, name=template | long_key} expand the window beyond monitor border (edit the entry to reproduce).
Maybe truncate with `...` prefix and add a Tooltip with full content.
{F21061334}
- [ ] {icon circle color=lightgreytext} {key config/minor}
`Login` with capital `L` in default template (like capital `Password`, `URL`)
Users
=====
- [ ] {icon circle color=lightgreytext} {key ui/bug/minor}
Unescaped regex special chars (e.g. `wertpasdg.-`) as first search term char (1 char only?) will be interpreted as regex, which might get unexpected results.
- [ ] {icon circle color=lightgreytext} {key ui/enhancement/minor}
Show entry on a search for the fingerprint, too
- [ ] {icon exclamation color=yellow} {icon circle color=lightgreytext} {key ui/bug}
Full path in `Could not decrypt` notice extends the window (no wrap)
{F21968010}
- [ ] {icon exclamation color=red} {icon circle color=lightgreytext} {key ui/bug}
Closing the user list after a `Could not decrypt` error leaves the interface in an unusable disabled state (to reproduce: add a cert in {nav icon=database, name=main | User/empty}, click ok -> Error, click cancel)
{F21968001}
- [ ] {icon exclamation color=yellow} {icon circle color=lightgreytext} {key app/enhancement}
If during reencryption an error occurs, the encryption state of the files will be inconsistent - some reencrypted and some not
(to reproduce: add a cert in {nav icon=database, name=main | User}, click ok -> Error, compare e.g. {nav icon=database, name=main | User/fields_all} and {nav icon=database, name=main | User/urls} with `gpg --list-packets`)
Maybe recrypt in tmp folder and replace the files instead?
- [ ] {icon exclamation color=red} {icon circle color=lightgreytext} {key app/feature}
`GPGPass` is currently using keyids to specify the cert. `Pass` is capable to use [all possible key specifications](https://www.gnupg.org/documentation/manuals/gnupg/Specify-a-User-ID.html).
To be compatible with `pass` and ensure that there is no data loss when an already existing store managed by pass is imported, those other specification formats need to be handled.
Currently other specifications will result in `unkown userid` and (re)encryption is not possible:
{F21967989}
{F21967988}
{F21967987}
- Suggestion to have no loss of data:
- default is to use keyids (as currently implemented)
- custom key specifications should be preserved (on edit create a map of "unknown" keys to user certs, on save this map can be consulted first to choose the right special key)
- no special handling of "unknown" certs in user list, user just checked. (better: custom specification visible in cert row)
- removal of a user deletes the special key specifications
- adding of special key specifications in `.gpg-id` only via file edit (future: maybe in app a raw edit of the `.gpg-id` file)
- Keyformats {nav icon=database, name=main | User/gpgid/*}:
- keyid: `KEYID`
- keyid-force: `KEYID!`
- fpr: `FINGERPRINT`
- fpr-force: `FINGERPRINT!`
- keygrip: `&KEYGRIP`
- substr-name: `Alice Default 01`
- email-exact: `<alice.default.1@gnupg.test>`
- email-partial: `@alice.default.1`
- substr-email: `alice.default.1@gnupg.test`
- userid: `=Alice Default 01 <alice.default.1@gnupg.test> (default)`
- substr-userid: `Alice Default 01 <alice.default.1@gnupg.test> (default)`
- [ ] {icon exclamation color=yellow} {icon circle color=lightgreytext} {key ui/enhancement}
Display a meaningful error on save, if one or more IDs are unknown (don't change the entry)
Show unknown IDs on top to draw attention
Password Generator
==================
- [x] {icon exclamation color=yellow} {icon circle color=lightgreytext} {key ui/bug}
Copy password does not work
- [ ] {icon exclamation color=yellow} {icon circle color=lightgreytext} {key ui/bug/minor}
In tooltip of button `Regenerate`: `(Ctrl+R(I18N_ARGUMENT_MISSING))`
- [ ] {icon exclamation color=yellow} {icon circle color=lightgreytext} {key ui/bug}
Show `Wordlist too short` + explicit min length as user error. Otherwise it is not possible to understand, why it does not work (wordlist: `wordlist_short.txt`).
- [ ] {icon exclamation color=yellow} {icon circle color=lightgreytext} {key app/enhancement}
Remove duplicate lines before check of min words (wordlist: `wordlist_dups.txt`). Maybe just remove duplicates on import once.
- [ ] {icon circle color=lightgreytext} {key app/feature}
Enable usage of generator without entry (e.g. via menu).
- [ ] {icon circle color=lightgreytext} {key ui/enhancement}
Explain wordlist format (one word per line) in some tooltip (e.g. `Add List`).
- [ ] {icon circle color=lightgreytext} {key app/enhancement}
Regarding entropy reduction for common strings:
- 123456 (0.00 bit) but 12345 (2.58 bit)
- maybe translate all words: house is detected, but not haus
- maybe add common 4-digit pins, e.g (reverse) birth dates, pad rows/cols, etc.
For a list see [here](https://www.abc.net.au/news/2025-01-28/almost-one-in-ten-people-use-the-same-four-digit-pin/103946842)
Settings
========
**General**
**Stores**
- [ ] {icon exclamation color=yellow} {icon circle color=lightgreytext} {key ui/enhancement}
When a new store is added via `Configure GPGPass`, the store has no users.
Adding entries works until save (`.gpg-ids` missing).
Better would be to open the user list after creation, as it's a neccessary step to setup a store.
{F21968038}
- [ ] {icon circle color=lightgreytext} {key ui/enhancement/minor}
After adding a new store, focus `Name` (otherwise it might be overseen, that a new entry was created)
- [ ] {icon exclamation color=yellow} {icon circle color=lightgreytext} {key ui/enhancement}
Maybe add a confirmation dialog on store removal.
- [ ] {icon circle color=lightgreytext} {key ui/bug}
On removal of all stores, if the last store is empty, it can't be removed.
To reproduce, open {nav icon=database, name=main} and remove `User`, `Team`, `Template`,
then `Empty` has no delete icon.
- [ ] {icon exclamation color=yellow} {icon circle color=lightgreytext} {key ui/enhancement}
If all stores are deleted and one tries to enter a `Name`, gpgpass crashes.
**Templates**
- [ ] {icon circle color=lightgreytext} {key ui/enhancement/minor}
Change of `Use template` and `Show all fields templated` could rerender `view` entry.
`edit` entry might better be closed or redirected to view `entry` without save then
Themes
======
**Dark**
- [ ] {icon exclamation color=red} {icon circle color=lightgreytext} {key ui/bug}
Icon contrast too low, almost not visible (menu, toolbar, folder in tree, delete search term, buttons, show password, unchecked checkboxes/radiobuttons)
{F22508117}
{F22508116}
{F22508118}
{F22508115}
{F22508114}
{F22508113}
{F22508112}
{F22508108}
{F22508111}
{F22508110}
{F22508109}