Summary: | automatic new wallet wizard stops with "no suitable key" without hint | ||
---|---|---|---|
Product: | [Frameworks and Libraries] frameworks-kwallet | Reporter: | arne anka <kde-bugs> |
Component: | general | Assignee: | Valentin Rusu <valir> |
Status: | ASSIGNED --- | ||
Severity: | normal | CC: | accounts+bugs.kde, anditosan1000, andrew.loerch, antti, atle.pedersen, atluft, bugs.kde, califool, denis.revin, enkouyami, evren320, exposemoldesoledksgub, fdshg, fils2806, hendricks.john, info, jeffstokes1972, justin.m.gardiner, kdelibs-bugs, lars.gottlieb, mani.zaeim, nate, postix, richard.j.e.cooke, senjas, skimwpi, stig.grindland, swpalmer, tduck973564, tim.pizey, wheelcomplex |
Priority: | VHI | Keywords: | usability |
Version: | unspecified | ||
Target Milestone: | --- | ||
Platform: | Other | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: | ||
Sentry Crash Report: | |||
Attachments: | attachment-1632853-0.html |
Description
arne anka
2015-10-16 11:56:17 UTC
You must first understand how GPG works before trying to use GPG-based wallets. Please refer to GPG manuals for that. no, i certainly do not. please, read carefully and try to understand before jumping to conclusions! this is _NOT, repeat _NOT_, about how GPG works or not, but about the wizard leaving users high and dry without the slightest hint of how to proceed. whether i understand how GPG works or not does not matter here since, even if i do, it does not help me to know how to make the necessary changes to the KDE configuration -- assuming logically that KDE has some kind of UI or such to do the necessary steps. in any case instead of just a message basically saying "get lost", there _NEEDS_ to be a clear hint how to proceed from KDE's PoV. the current experience is highly dissatisfying and shouldn't have occured at all. Any patch welcome. @Valentin 'Any patch welcome.' is not a constructive or appropriate response. I came here because I too had a bad user experience, having no idea where to go next. Your response was enough to get me to register. I am a returning KDE user, having been in Ubuntu land for 10 years. This is one of many little problems. Bad user experience? Doesn't that pretty much define Linux and the UI-impaired people that maintain it? Yes, this is a significant issue. An embarrassment really. But on Linux, everyone has to be a sysadmin. @arne, well thought out comments. I installed a wifi device and this key manager popup started to show up. Eventually, this command convinced the popup to stop appearing. gpg --full-gen-key A key manager that can popup windows when no installed keys are detected should be able to create keys too. Replacing the message, "Seems that your system has no keys suitable for encryption. Please set-up at least an encryption key, then try again." with something more user-friendly is important. The current message is only meaningful to system administrators, not end users. The dialog should have a button to launch a key generation wizard. I had the same behaviour using CentOS 7.2. When I selected "Classic" bluefish instead of GPG it prompted me for a password and its confirmation, and this worked to create a kde wallet. I had the same problem. gpg --full-gen-key doesn't work for me, but gpg2 --full-gen-key does. It seems my system (kubuntu 16.04) has both v1 and v2 of gpg, and gpg defaults to v1. After doing this I had to quit and restart the process requesting to use the wallet. Seems the "KDE Wallet System" creating a new wallet will not reload available keys after first loading them. So: 1. Cancel the dialog for creating a new wallet 2. Run gpg2 --full-gen-key and follow the instructions 3. Redo whatever triggered the request for a new wallet (for example connecting to wireless) (Optionally create the wallet using kwalletmanager5, for example 'kdewallet') It's close to a year and the status of this issue is still "UNCONFIRMED." I just hit this issue after trying linux again after a few years away. It is not good that after my first boot I was asked to enter my wifi password and then was presented with this. As I am a developer I knew what the message meant but most people wouldn't. This needs to be improved. I have the same issue, I am using linux starting by RedHat9 and Fedora since 2001, shifting to ubuntu on 2008 since Sep-2016 which I intalled Arch and KDE, I am developer and sysadmin, I just mentiond my background to clear it that I am not a novice Linux user or unprofessional one, but this Error "Seems that your system has no keys suitable for encryption. Please set-up at least an encryption key, then try again." is none sence! how about "Ops, an exception occured!"; from KDE community I do expect more, its more than a year which this issue didnt resolve. I do expect better UX from KDE community and better communication attitude on response; this Error is almost took 30 mins to solve it and around a year which didnt change. I just register the account and report it because of some unfriendly user responce as I can see some others involved with this! Please try to provide better UX, Plasama5 is a great desktop. Thanks for your efforts. Same issue for me. It's not clear from this error that you must to do. Can you be more informative about it? For example, you can just tell user something like: "Please, run `gpg2 --full-gen-key` to add at least one key" Thank you :) Personally, it would be nice to have some message that explain what to do next and those who are familiar with gpg and linux will know what needs to be done. Anyhow, I have done my best below to help those who are stuck and desires using GPG. Overview of the steps: KDE wallet is looking for something called public key pairs that you register to the keyring. The keyring will be tied to your username on your machine. You can generate your public key pairs using gpg. After you generate your public key pairs, it will be listed in your KDE wallet and you can select it. 1. Check if you have gpg. It normally comes with your linux distribution. Try the following below (If not, replace gpg with gpg2): >>which gpg If you get a complaint that it is unavailable, you need to install gpg. 2. Generate your key pair: >>gpg --gen-key Select the default when it asks for the kind of key. Choose to have the key never to expire. Follow the instructions to fill out your real name, email, comments, and passphrase (The passphrase is the key that protects your private key in case your private key is stolen). Generate random bytes by doing what it asks you to do. It may take some time so be patient. For me, it took 5 minutes or so. Eventually, you will get an output that it generated it and you will be returned to the prompt. 3. Verify that your key pair has been generated: >>gpg -K You will see a list of keys in the keyring and you should see the one that you generated. The next time KDE wallet runs, your key will be available if you choose GPG encryption. I hope this helps. It would be nice to see more information or at least what is the actual problem. The message isn't helpful. Even if you try to search for a solution on the internet, there isn't much info out there. For those still searching, here's how I fixed the problem: Open KGpg and go to the "Key Properties" screen and change the "Owner Trust", I chose "Ultimately". But I'm not sure if this is the level required, I just went with it. Alternatively, you can use the CLI command: $ gpg --edit-key $KEYID And then execute the `trust` command, to change the trust field to "5 = I trust ultimately". To see a list of trusted keys: $ gpg --update-trustdb *** Bug 387881 has been marked as a duplicate of this bug. *** I'll see if I can work up a patch for this at some point soon. Not being a cryptography expert, Comment 14 is especially helpful. If it is not too much to ask, can someone make a video of this? Ubuntu 20.04 LTS, it is still here. gpg --full-gen-key may fix this. I have been getting the dreaded error: "Encryption error while attempting to save the wallet kdewallet. Error code is 53 (Unusable public key). Please fix your system configuration, then try again. This error may occur if you are not using a full trust GPG key. Please ensure you have the secret key for the key you are using." I went through different bug reports and this is the list of things what might go wrong with GPG and are worth checking: 1. You don't have GPG certificate, then generate one using: ```bash gpg --full-generate-key ``` 2. Certificate does not have `ultimate` trust. * To set it graphically follow: https://bbs.archlinux.org/viewtopic.php?pid=1876589#p1876589 * To set it through interactive CLI follow this: https://security.stackexchange.com/a/129477 3. Certificate has expired (this was my case, it sort of worked, but I couldn't update any passwords and was constantly getting an error). To fix this issue, either generate a new certificate or change expiry date (don't worry, the key itself will still be the same): ```bash # Find the key which needs to be updated. # IMPORTANT: Keys can have sub keys, check all expiration dates! gpg --list-secret-keys --keyid-format=long --verbose ################# Enter interactive mode KEY= gpg --edit-key ${KEY} ################# In interactive mode list # This will choose the second key (0-based index) key 1 # Change expiration date expire # Choose validity length, for example, 3 years from now on: 3y # IMPORTANT! Confirm to save changes save ``` Seven years later and this bug is still here :-O. Not even a help message. Does Ubuntu have this bug as well as Kubuntu? I'm thinking I should switch if this is the first thing I encounter when trying to switch from Windows to Linux. Here to say this is still a problem. It'd be nice if a general user was guided in a better way to a solution. The KDE Wallet Service seems like a great feature in Plasma, but the way it's presented makes people shy away from it. If it's going to be enabled by default (it was in Fedora 36), I think it should prompt for some kind of setup at the beginning. Having said this, I don't know if this should be enabled by default. I've been distrohopping a little over this week, and every single KDE based distro I've tried has had this happen every time the user tries to open a Chromium based browse, or an application based on it. This issue has been open for 8 full years. That this is such a low priority for the KDE design team is frankly not a great look. You can wipe it off on the chromium team if you like, but it appears the message comes from KDE, not Chromium. I humbly suggest some ressources be allocated to fix this; if nothing else make the message link to a user friendly solution. Hello, I'm also here regarding this user experience, as I have experienced it myself ever since I switched to linux some months ago and trying different distros. KDE feels unhelpful by telling me to "Please set-up at least an encryption key, then try again.", as if I'm already an expert on this stuff. Which is making me do the job of searching up how to do this the right way. Which again leads me to all kind of info from years back which I'm not sure about. If the error message could include a link to KDE documentation, or some suggestion on how to proceed with setting up GPG, I think it would be a great step forward here. For context, I went through these steps and I hope new users doesn't have to: Ask an AI for help -> reddit -> link to this issue -> understand why I should set up GPG and not escape to blowfish. I am now glad to see that I'm not alone here, and thanks to all you previous commenters for the information collected here. This bug has been open 8 years now. Nice of some folks to put fixes in the comments. Maybe the devs could use one with a button or option in the gui. Managing, setting up a new gpg key or modifying an existing expired key within KDE is possible through Kleopatra application, this way you don't need to look up for terminal commands. But i still believe KWallet should redirect the user to launch Kleopatra application if there is no suitable gpg is found, so the user would then find out what to do next easily on a user friendly gui. "Seems that your system has no keys suitable for encryption. Please set-up at least one encryption key, then try again." New KDE user, experienced in Linux, I had to come here googling for solution because I were stuck. This is not good user experience. I had to google solution before being able to connect to WiFi, as storing WiFi password requires wallet. This process should be done automatically. This comment had me going forward. https://bugs.kde.org/show_bug.cgi?id=353960#c14 Plasma 6, 2024, and this is still a thing. Sure, I've been using Linux since 1998 and I know how to generate GPG keys. But here's the thing... a KDE Wallet dialog that pops up every time you connect to wifi or enter any system password only to insist that you don't have any keys, and then doesn't actually tell you how to create them, in an endless loop, is GARBAGE. After seeing "any patch welcome"... I spent the morning working on this: https://invent.kde.org/frameworks/kwallet/-/merge_requests/83 This merge request is for a change in knewwalletdialog.cpp, to change the message displayed in KWallet when users have newly installed their OS and select GPG from "Seems that your system has no keys suitable for encryption. Please set-up at " "least one encryption key, then try again." to "No suitable keys for encryption found. To create a GPG key, you can:\n" "1. Option 1) Open Kleopatra and follow Kleopatra's documentation at: https://docs.kde.org/stable5/en/kleopatra/kleopatra/functions-newkey.html\n" "2. Option 2) Open Konsole and enter the command: gpg --full-gen-key, then follow the instructions." It's 100% nothing fancy. I even updated all of the translations (.po) files... but it turns out I can't really submit those very easily through the same process, and I'd really only be qualified to submit the German translation update anyways. The updated instructions (assuming the 'patch') actually makes it into KWallet eventually I hope are better than nothing. Also, I'm willing to put more effort into this to see it get done if this isn't sufficient. (In reply to Andrew from comment #29) > After seeing "any patch welcome"... I spent the morning working on this: > https://invent.kde.org/frameworks/kwallet/-/merge_requests/83 > > This merge request is for a change in knewwalletdialog.cpp, to change the > message displayed in KWallet when users have newly installed their OS and > select GPG from > "Seems that your system has no keys suitable for encryption. Please set-up > at " > "least one encryption key, then try again." > to > "No suitable keys for encryption found. To create a GPG key, you can:\n" > "1. Option 1) Open Kleopatra and follow Kleopatra's documentation at: > https://docs.kde.org/stable5/en/kleopatra/kleopatra/functions-newkey.html\n" > "2. Option 2) Open Konsole and enter the command: gpg --full-gen-key, then > follow the instructions." > > > It's 100% nothing fancy. I even updated all of the translations (.po) > files... but it turns out I can't really submit those very easily through > the same process, and I'd really only be qualified to submit the German > translation update anyways. The updated instructions (assuming the 'patch') > actually makes it into KWallet eventually I hope are better than nothing. > Also, I'm willing to put more effort into this to see it get done if this > isn't sufficient. That is absolutely a start, and it will help hundreds if not thousands of users to find a solution to this embarrasing problem. Thank you Andrew! Created attachment 169593 [details] attachment-1632853-0.html Bravo. On Sat, 18 May 2024 at 00:59, Lars Gottlieb <bugzilla_noreply@kde.org> wrote: > https://bugs.kde.org/show_bug.cgi?id=353960 > > --- Comment #30 from Lars Gottlieb <lars.gottlieb@gmail.com> --- > (In reply to Andrew from comment #29) > > After seeing "any patch welcome"... I spent the morning working on this: > > https://invent.kde.org/frameworks/kwallet/-/merge_requests/83 > > > > This merge request is for a change in knewwalletdialog.cpp, to change the > > message displayed in KWallet when users have newly installed their OS and > > select GPG from > > "Seems that your system has no keys suitable for encryption. Please > set-up > > at " > > "least one encryption key, then try again." > > to > > "No suitable keys for encryption found. To create a GPG key, you can:\n" > > "1. Option 1) Open Kleopatra and follow Kleopatra's documentation at: > > > https://docs.kde.org/stable5/en/kleopatra/kleopatra/functions-newkey.html\n > " > > "2. Option 2) Open Konsole and enter the command: gpg --full-gen-key, > then > > follow the instructions." > > > > > > It's 100% nothing fancy. I even updated all of the translations (.po) > > files... but it turns out I can't really submit those very easily through > > the same process, and I'd really only be qualified to submit the German > > translation update anyways. The updated instructions (assuming the > 'patch') > > actually makes it into KWallet eventually I hope are better than nothing. > > Also, I'm willing to put more effort into this to see it get done if this > > isn't sufficient. > > That is absolutely a start, and it will help hundreds if not thousands of > users > to find a solution to this embarrasing problem. > Thank you Andrew! > > -- > You are receiving this mail because: > You are on the CC list for the bug. (In reply to Andrew from comment #29) > After seeing "any patch welcome"... I spent the morning working on this: > https://invent.kde.org/frameworks/kwallet/-/merge_requests/83 [...] Excellent! Thank you! 👏🏻👏🏻 A possibly relevant merge request was started @ https://invent.kde.org/frameworks/kwallet/-/merge_requests/87 (In reply to Bug Janitor Service from comment #33) > A possibly relevant merge request was started @ > https://invent.kde.org/frameworks/kwallet/-/merge_requests/87 Just made a merge request that goes a bit more in depth and changes the default to Blowfish, which may be a bit contentious but it really isn't insecure to the point where users are at risk (why would it even be an option then), and, if Kleopatra is installed, prompts to create a new GPG keypair with it. Forgot to mention, but it also addresses the issue of the user being able to click finish even with no gpg certificates selected, in which it bugs out and spams errors that the gpg key is unusable, because it's just nullptr. (In reply to Andrew from comment #29) > After seeing "any patch welcome"... I spent the morning working on this: > https://invent.kde.org/frameworks/kwallet/-/merge_requests/83 Thank you so much for putting your time into improving this, Andrew 💪 sounds like an arch forum here. LOL but I am having this issue and not sure what I am suppose to do to remedy just like others here. (In reply to califool from comment #37) > sounds like an arch forum here. LOL but I am having this issue and not sure > what I am suppose to do to remedy just like others here. `gpg --full-generate-key`, follow the prompts, generally following defaults. Or you can use Kleopatra to do it with a graphical interface. |