[kleopatra] [Bug 322664] New: Result of file signature verification is misleading/confusing

maddinster at gmail.com maddinster at gmail.com
Sun Jul 21 22:23:09 BST 2013


https://bugs.kde.org/show_bug.cgi?id=322664

            Bug ID: 322664
           Summary: Result of file signature verification is
                    misleading/confusing
    Classification: Unclassified
           Product: kleopatra
           Version: 2.1.1
          Platform: MS Windows
                OS: MS Windows
            Status: UNCONFIRMED
          Severity: wishlist
          Priority: NOR
         Component: general
          Assignee: kdepim-bugs at kde.org
          Reporter: maddinster at gmail.com
                CC: mutz at kde.org

When you check a file that was signed with a key that has a low trust level
(like not signed by yourself) you get the following output:
"Not enough information to check signature validity,"
That is not very helpful. It would be nice to know, that the signature test was
in fact successful but the used key is maybe not trustworthy and what can be
done to change this.

If you check a file that was changed after signing the certificate becomes
suddenly unknown.
"Invalid signature.
Signed with unknown certificate 0x... The signature is bad"
It would be better understandable with a clear statement, the file was not
signed with the certificate 0x... of XY.

The german text is even stranger:
"Signatur ungültig.
Signiert mit unbekanntem Zertifikat 0x... Die Signatur ist unbrauchbar."
Unbrauchbar? Why state that the signature is useless? The signature is plain
wrong!

It may make sense from a cryptographers point of view but this is one of the
little hassles that people think about when they say that cryptography is too
complicated.

Reproducible: Always

Steps to Reproduce:
1. check file signed with valid but untrusted key
2. look at result
3. edit file and check again
4. look at result again

-- 
You are receiving this mail because:
You are the assignee for the bug.


More information about the Kdepim-bugs mailing list