Once, when I started kleopatra, a dialog was shown that asked me if I want to trust the root cert for signing user certs. Only the CN was displayed no finger print or a 'more ..' button that would point to more detailed key info. Because the kleopatra window was not visible yet, it was a question that could not decided at this moment, if the root key was really the one at: https://www.pki.dfn.de/wurzelzertifikate/globalroot/#c15065 Please add 'finger print' or 'Detail ..' or whatever way to allows to verify that the cert is really trustworth. Achim
Hi, Sorry for tossing the ball away but that sadly is not Kleopatra's fault. That dialog comes directly from the GnuPG System. On the command line you get the same dialog: export GNUPGHOME=$(mktemp -d) curl http://cdp.pca.dfn.de/global-root-ca/pub/cacert/cacert_sha1.pem | gpgsm --import gpgsm --with-validation -k I'm actually against asking the user if a certificate is trusted or not. This should be an administrative decision or maybe available in the certificate details but imo 90% of users will just click the dialogs away. Weirdly enough if you click yes in the first dialog you are asked in a second dialog to confirm the fingerprint. I believe the idea there is that you first are asked: Do you really want to trust "this CA". And in the second "Have you confirmed that "This Fingerprint" is correct. The upstream tracker is https://dev.gnupg.org/