https://bugs.kde.org/show_bug.cgi?id=322664
Bug ID: 322664 Summary: Result of file signature verification is misleading/confusing Classification: Unclassified Product: kleopatra Version: 2.1.1 Platform: MS Windows OS: MS Windows Status: UNCONFIRMED Severity: wishlist Priority: NOR Component: general Assignee: kdepim-bugs@kde.org Reporter: maddins...@gmail.com CC: m...@kde.org When you check a file that was signed with a key that has a low trust level (like not signed by yourself) you get the following output: "Not enough information to check signature validity," That is not very helpful. It would be nice to know, that the signature test was in fact successful but the used key is maybe not trustworthy and what can be done to change this. If you check a file that was changed after signing the certificate becomes suddenly unknown. "Invalid signature. Signed with unknown certificate 0x... The signature is bad" It would be better understandable with a clear statement, the file was not signed with the certificate 0x... of XY. The german text is even stranger: "Signatur ungültig. Signiert mit unbekanntem Zertifikat 0x... Die Signatur ist unbrauchbar." Unbrauchbar? Why state that the signature is useless? The signature is plain wrong! It may make sense from a cryptographers point of view but this is one of the little hassles that people think about when they say that cryptography is too complicated. Reproducible: Always Steps to Reproduce: 1. check file signed with valid but untrusted key 2. look at result 3. edit file and check again 4. look at result again -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ Kdepim-bugs mailing list Kdepim-bugs@kde.org https://mail.kde.org/mailman/listinfo/kdepim-bugs