Bug 481232

Summary: Kleopatra 3.2.0.231170 Trust level unknown after import, trust deactivated
Product: [Applications] kleopatra Reporter: steinblatt
Component: generalAssignee: Andre Heinecke <aheinecke>
Status: RESOLVED WORKSFORME    
Severity: normal CC: kdepim-bugs, kloecker, mutz, steinblatt
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Other   
OS: Microsoft Windows   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description steinblatt 2024-02-11 16:13:29 UTC 
Hello,

I created a key with kleopatra on Windows and the trust level was ultimate with a green checkmark. Someone else signed the key and sent it back to me. After importing both keys (the other persons public key aswell as the signed key) it shows as signed to all identites but the trust level is now unknown with a purple question mark.

If I try to set the level higher back to ultimate the verify (German "Beglaubigen") Button cannot be clicked and is deactivated. AS this is my personal Key I do not quite understand why the trust level is unknown. If I delete it and import it again without the signature the trust level is again ultimate. 

How can I solve this issue?

Kindly
Comment 1 Ingo Klöcker 2024-11-04 20:41:44 UTC 
I have no idea how that could happen.

I think you'll get better help if you either contact the Gpg4win forum (https://gpg4win.org/community.html). There you'll find people who know much more about Gpg4win and using Kleopatra on Windows than here.

Or you contact the gnupg-users mailing list (https://gnupg.org/documentation/mailing-lists.html) where you'll find people who know more about the GnuPG backend that's used by Kleopatra.
Comment 2 Bug Janitor Service 2024-11-19 03:46:26 UTC 
🐛🧹 ⚠️ This bug has been in NEEDSINFO status with no change for at least 15 days. Please provide the requested information, then set the bug status to REPORTED. If there is no change for at least 30 days, it will be automatically closed as RESOLVED WORKSFORME.

For more information about our bug triaging procedures, please read https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging.

Thank you for helping us make KDE software even better for everyone!
Comment 3 Andre Heinecke 2024-11-19 12:01:55 UTC 
Just as I saw this issue fly by. This can only happen in my opinion if the public key generated an error after the modification. E.g. if the added signature caused gnupg to run into an unexpected error. E.g. after the keyserver spam attacks where just thousands of signatures were added to a key, the key would gernerate an error when trying to validate it and had to be fixed by using export / import with either minimal export options or different import options to strip the bad signatures. It would be very interesting if the public key could be attached here for analysis. Since this is somewhat of a denial of service for people without support or expert knowledge.
Comment 4 Bug Janitor Service 2024-12-04 03:46:25 UTC 
🐛🧹 ⚠️ This bug has been in NEEDSINFO status with no change for at least 15 days. Please provide the requested information, then set the bug status to REPORTED. If there is no change for at least 30 days, it will be automatically closed as RESOLVED WORKSFORME.

For more information about our bug triaging procedures, please read https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging.

Thank you for helping us make KDE software even better for everyone!
Comment 5 Bug Janitor Service 2024-12-19 03:46:54 UTC 
🐛🧹 This bug has been in NEEDSINFO status with no change for at least 30 days. Closing as RESOLVED WORKSFORME.