Bug 406590

Summary: Setting max level of trust didn't allow to verify file signature
Product: [Applications] kleopatra Reporter: Germano Massullo <germano.massullo>
Component: generalAssignee: Andre Heinecke <aheinecke>
Status: RESOLVED NOT A BUG    
Severity: normal CC: kdepim-bugs, mutz
Priority: NOR    
Version: git master   
Target Milestone: ---   
Platform: Other   
OS: Linux   
Latest Commit: Version Fixed In:

Description Germano Massullo 2019-04-16 08:17:48 UTC 
SUMMARY
On a machine where I don't have a personal private/public key pair, I imported the key for KeepassXC (https://keepassxc.org/verifying-signatures/) in order to verify the sources.
(keepassxc-2.4.1-src.tar.xz + keepassxc-2.4.1-src.tar.xz.sig)

In order to let Kleopatra accept the KeepassXC devs key, I had to set trust level to "I belive that certificate are accurate". But it was not enough.
I had to use KGpg to set the maximum level of "trust of key owner".

Now if I open again the same key properties from Kleopatra, under the level of trust of the key, none of the available choices is selected


SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Fedora 29
(available in About System)
KDE Plasma Version: 5.14
KDE Frameworks Version: 5.55
Qt Version: 5.11.3

ADDITIONAL INFORMATION
Kleopatra 3.1.3
Comment 1 Andre Heinecke 2019-04-16 08:22:40 UTC 
Hi,

it's a bit of a usability issue here that causes confusion. But I think Kleopatra actually tries to explain it already in the dialog and by calling it "Certification trust".

In OpenPGP "Certification trust" and Validity are different things. "Certification trust" is only needed for the "Web of trust".

If you want to directly mark a key as "Valid" (green) then you have to certify it. This step basically means that you have verified that this is the right signing key and then from now on it will show all signatures of that signing key as green.

Regards,
Andre