Using a workaround that validates passphrase for a secret key.
With GnuPG 2.2.23 and GpgME 1.1.15, a secret key can be exported when the right
passphrase is provided. With a bad passphrase, application crashes.
See https://dev.gnupg.org/T5151
Application may validate a passphrase before invoking engine. Until it is
hopefully fixed in upstream and available in mainstream.
If no subkey is found (wrong fpr) or not provided, the expiry time of
the key is set instead.
setExpire() allows to expire all subkeys at once. Not implemented here.
Requires GPGME >= 1.15.0.
Bad keys, subkeys, identities and signatures are tagged in red.
A secret key not owned by the user is shown in bold.
Application name is bold and bigger.
Popup background color is changed to floralwhite.
Certified user identities in keys can be revoked using the same popup
for certification.
Requires GnuPG 2.2.24 (not available in distro's repository, not fully
tested to date).
Requests the passphrase with a popup.
As from GPGME 1.15.0, the loopback pinentry is functional when exporting secret keys. It works fine when the exact passphrase is provided. If it's a wrong passphrase, GPGME does not generate an ::Error, but the app crashes with 'free(): double free detected in tcache 2'.
Hence, this patch cannot be committed to master.
Status : dangerous
Result : works and works not
Reason : a wrong passphrase means a crash
The email parameter must have a valid email address format here, else
GPGME will refuse to create the identity. This is not the case when
creating a key, where any string is accepted.
Correct format :
name <email> (comment)
Was :
name <email> comment
Though the 'comment' part was visible with the cli gpg app, it was not
shown in kleopatra and in K7.
Result : fails.
Reason : loopback passphrase provider is never called.
With default pinentry mode, the passphrase is requested normally
and the private key is exported. But this can't be done on a web server.
Enclosed in #ifdef DEVTIME.
Result : fails.
Reason : password callback is never called.
With default pinentry mode, the password is requested normally
and the private key is exported. But this can't be done on a web server.
Enclosed in #ifdef DEVTIME.
Created key must always be looked for as it is not assigned to the
passed in null key.
Delete local context and loopback passphrase provider.
Parameter expires was ignored in CreateKeyWithEngineDefaultAlgo.
This is a trade-off.
When the calendar of the WDateEdit is clicked, widget PopupExpiryTime gets hidden, forcing to show it again.
If PopupExpiryTime::setTransient is false, it will obviously persist, until explicitly hidden with the Close button. Not satisfactory to change key selection while it is visible, nor to do other tasks like changing certification trust level, certifying uids.... whatever.
Forcing its persistence while playing with many events has not been successful, and quite ugly.
