I found that one of the gpg certificates I use to check content from a source had just become out of date. Using Kleopatra, I did a “lookup certificate on server” for the key id concerned.
Kleopatra found the certificate and I checked its details and it had been renewed by its owner so I clicked to import. Kleopatra seemed to go through the motions but the result was ‘0 keys imported’.
I retried several times and ended up using the key manager in enigmail for Thunderbird.
It seems a little strange that Kleopatra would not import an updated version of a key which I already had on the keyring.
The next step would be to try to make this reproducable for
developers, so they can fix it. Ideally this results in a problem report
in a tracker. This is the place the developers will look for unresolved issues first.
Maybe you still know which certificate it was (to check if this defect depends on a certain attribute.)
Did you check if the important had happened?
Because sometimes only a new subkey is imported. Because GPA and Kleo are likely to use the same import mechanism, it may be a reporting issue.
Bernard, the certificate in question is not expired now because at the time when Kleopatra wouldn’t import the update, I updated it using enigmail’s key manager. (in Thunderbird)
When Kleopatra found the certificate on the keyserver, I used the ‘details’ button on the lookup dialog to check whether the certificate life had been renewed. It had, so I clicked ‘import’.
Then Kleopatra produced the ‘Certificate Import Result - Kleopatra’ dialogue in which it declared :
‘Detailed results of importing OpenPGP Certificate Server’
Total number processed : 0
Imported:0
I repeated the operation a couple of times with same result and I checked that the certificate I had on the keyring was still out of date. Then I went to enigmail’s keyserver because Thunderbird was already open and running.
I only have 1 other expired certificate on the public keyring. I have tried the same procedure and nothing is imported. But in this case it might be correct because the certificate on the keyserver is still expired.
I get exactly the same results from Kleopatra if I look up a valid public key and try to re-import it. But maybe that is the way Kleopatra works for valid certs ?
It may be that the problem is of a more general nature because when Kleopatra ‘refuses’ to re-import a certificate, if I then use enigmail’s key manager to look up the same certificate (using their ‘refresh’ function for the single key) it downloads and reports whatever updated information it finds.
Since I cannot reproduce exactly the same conditions (expired key on my pc - renewed key available on the server), do you still think it worthwhile that I report this on the tracker ?