The created key was searched with FindKey(), that operates on the class
scope ::Context. The latter does not use loopback pinentry. Even though,
the created key was found, the passphrase for the created key being
cached in gpg-agent.
Once ExportKeyStreamResource::handleRequest is entered, a 'Save As'
dialog will be opened by the browser, even if key data is empty. This
may happen if passphrase is wrong.
If key data is generated before the download is actually requested, we
can check if there is anything to push to browser and prevent the
download request.
Using a workaround that validates passphrase for a secret key.
With GnuPG 2.2.23 and GpgME 1.1.15, a secret key can be exported when the right
passphrase is provided. With a bad passphrase, application crashes.
See https://dev.gnupg.org/T5151
Application may validate a passphrase before invoking engine. Until it is
hopefully fixed in upstream and available in mainstream.
If no subkey is found (wrong fpr) or not provided, the expiry time of
the key is set instead.
setExpire() allows to expire all subkeys at once. Not implemented here.
Requires GPGME >= 1.15.0.
Bad keys, subkeys, identities and signatures are tagged in red.
A secret key not owned by the user is shown in bold.
Application name is bold and bigger.
Popup background color is changed to floralwhite.
Certified user identities in keys can be revoked using the same popup
for certification.
Requires GnuPG 2.2.24 (not available in distro's repository, not fully
tested to date).
Requests the passphrase with a popup.
As from GPGME 1.15.0, the loopback pinentry is functional when exporting secret keys. It works fine when the exact passphrase is provided. If it's a wrong passphrase, GPGME does not generate an ::Error, but the app crashes with 'free(): double free detected in tcache 2'.
Hence, this patch cannot be committed to master.
Status : dangerous
Result : works and works not
Reason : a wrong passphrase means a crash
The email parameter must have a valid email address format here, else
GPGME will refuse to create the identity. This is not the case when
creating a key, where any string is accepted.
Correct format :
name <email> (comment)
Was :
name <email> comment
Though the 'comment' part was visible with the cli gpg app, it was not
shown in kleopatra and in K7.
Result : fails.
Reason : loopback passphrase provider is never called.
With default pinentry mode, the passphrase is requested normally
and the private key is exported. But this can't be done on a web server.
Enclosed in #ifdef DEVTIME.
Result : fails.
Reason : password callback is never called.
With default pinentry mode, the password is requested normally
and the private key is exported. But this can't be done on a web server.
Enclosed in #ifdef DEVTIME.
