[Gpg4win-devel] Kleopatra creates keys without separate subkey

Werner Koch wk at gnupg.org
Sun May 31 20:45:02 CEST 2015 

On Fri, 24 Apr 2015 10:47, aheinecke at intevation.de said:

>> Ben raised this problem on the OpenPGP WG list: It seems that Kleopatra
>> creates an sign+encrypt primary key instead of a sign primary and
>> encrypt subkey.
>
> This was done before my time. I guess the Rationale (and what I also thinking) 

No, I don't think so.  This is for sure a bug if not a regression.

I would never ever have agreed to it.

> Ok. If you say so I accept that ;-).  I'm currently thinking that just using 
> Key-Type: default Subkey-Type: default etc. in the GnupgKeyParams xml would be 
> the best way to go here (as long as the user does not use advanced options) 

GPA does this:

  switch (params->algo)
    {
    case GPA_KEYGEN_ALGO_RSA_RSA:
      key_algo = "RSA";
      subkeys = g_strdup_printf ("Subkey-Type: RSA\n"
                                 "Subkey-Length: %d\n"
                                 "Subkey-Usage: encrypt\n", params->keysize);
      break;
    case GPA_KEYGEN_ALGO_RSA_ELGAMAL:
      key_algo = "RSA";
      subkeys = g_strdup_printf ("Subkey-Type: ELG-E\n"
                                 "Subkey-Length: %d\n"
                                 "Subkey-Usage: encrypt\n", params->keysize);
      break;
    case GPA_KEYGEN_ALGO_RSA:
      key_algo = "RSA";
      break;
    case GPA_KEYGEN_ALGO_DSA_ELGAMAL:
      key_algo = "DSA";
      subkeys = g_strdup_printf ("Subkey-Type: ELG-E\n"
                                 "Subkey-Length: %i\n"
                                 "Subkey-Usage: encrypt\n", params->keysize);
      break;
    case GPA_KEYGEN_ALGO_DSA:
      key_algo = "DSA";
      break;
    default:
      /* Can't happen */
      return NULL;
    }

[...]

  /* Assemble the final parameter string */
  string = g_strdup_printf ("<GnupgKeyParms format=\"internal\">\n"
                            "Key-Type: %s\n"
                            "Key-Length: %i\n"
                            "Key-Usage: sign\n"
                            "%s" /* Subkeys */
                            "%s" /* Name */
                            "%s" /* Email */
                            "%s" /* Comment */
                            "%s" /* Expiration date */
                            "%%ask-passphrase\n"
                            "</GnupgKeyParms>\n",
                            key_algo,
                            params->keysize,
                            subkeys? subkeys : "",
                            name? name:"",
                            email? email : "",
                            comment? comment : "",
                            expire? expire : "");


> probably just remove the Dialog "We are about to create a key with this 
> values" to reduce UI Steps.

Yes please.  The user should not see that.  We should actually change
GPA and Kleopatra to allow only the creation of a key without being able
to select any parameters (i.e. the GNOME way ;-).  Those who need a
special type of key can always use the command line.

Maybe an expert option to allow selecting between RSA and ECC keys will
make sense for some time.  But not right now.

> Ideally we would have something like gpgme_inquire_genkey_defaults or 
> something so that we could show the defaults to the user and fill the "advanced 

Let's do what "gpg --quick-gen-key" does.  I will add an gpgme feature
to allow for exactly this.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gpg4win-devel mailing list