Kleopatra Settings
Kleopatra settings
Kleopatra settings can be controlled through configuration files or, since version 3.1.24, the Windows Registry.
The system wide configuration is placed under:
HKEY_LOCAL_MACHINE\Software\Wow6432node\GNU\Kleopatra
and in:
C:\Program Files (x86)\GnuPG VS-Desktop\share\kleopatrarc
Please note that the system wide configuration file can be overwritten when an update is installed. Since version 3.1.24 the recommended way to set defaults is through group policies / registry entries.
The user configuration is placed under:
HKEY_CURRENT_USER\Software\GNU\Kleopatra
and in:
%LOCALAPPDATA%\kleopatrarc
The local kleopatrarc can be used for experiments.
The order in which the entries are read is:
HKEY_LOCAL_MACHINE\Software\Wow6432node\GNU\Kleopatra
C:\Program Files (x86)\GnuPG VS-Desktop\share\kleopatrarc
HKEY_CURRENT_USER\Software\GNU\Kleopatra
%LOCALAPPDATA%\kleopatrarc
A restart of Kleopatra is required for changes to take effect.
User configuration takes precedence over system wide configuration
unless the marker [$i]
is set on a configuration group or entry
to mark it as immutable.
In the Windows registry groups are subkeys under the default
key Kleopatra. Group and entry names can contain the [$i]
marker.
Values have to be either of type REG_SZ or REG_EXPAND_SZ. Environment
variables are expanded in case REG_EXPAND_SZ is the type of the
value.
In the settings file the format is a key=value ini format.
A group is opened in []
above the key value pairs.
Unknown entries are ignored. Same Groups can occur multiple times.
Internal settings can occur in the config files. They are not documented here and this documentation does not claim to be exhaustive.
Any configuration made in Kleopatra can be seen in the local kleopatrarc and extracted from there to the registry or system wide configuration.
Example contents of the Windows registry
Example contents of the ini file
[KDE Action Restrictions][$i] action/help_check_updates=false action/help_about_kde=false action/file_export_certificates_to_server=false action/certificates_certify_certificate=false action/certificates_revoke_certification=false action/configure_backend=false action/options_configure=false [UpdateNotification][$i] NeverShow=true [Notification Messages][$i] CertifyQuestion=false
KDE Action Restrictions
[KDE Action Restrictions] is the group to disable user actions. All
actions that can be found under Settings -> Configure Toolbars
in
Kleopatra can be disabled.
The action names are defined in the source code and orient themself on the English menu structure.
To disable an action define the value to false and prepend the name
with action/
e.g.: action/file_new_certificate=false
certificates_add_userid certificates_certify_certificate certificates_change_expiry certificates_change_owner_trust certificates_change_passphrase certificates_delete certificates_distrust_root certificates_revoke_certification certificates_trust_root clipboard_menu configure_backend configure_groups crl_clear_crl_cache crl_dump_crl_cache crl_import_crl file_checksum_create_files file_checksum_verify_files file_decrypt_verify_files file_export_certificates file_export_certificates_to_server file_export_paper_key file_export_secret_keys file_import_certificates file_lookup_certificates file_new_certificate file_sign_encrypt_files file_sign_encrypt_folder help_check_updates help_show_compendium manage_smartcard pad_view settings_self_test tools_refresh_openpgp_certificates tools_refresh_x509_certificates tools_start_kwatchgnupg view_certificate_details view_certificate_overview view_redisplay view_stop_operations window_close_tab window_collapse_all window_duplicate_tab window_expand_all window_move_tab_left window_move_tab_right window_new_tab window_rename_tab window_view_hierarchical
Update check related settings
Group Name : [UpdateNotification]
NeverShow
- Set this to false to never show update notifications. Default: false
Certificate Creation Settings
Group :: [CertificateCreationWizard]
CN_placeholder
- Placeholder for CN. This text will be used as placeholder text for the common name (CN) field of S/MIME certificates. Default:
CN_prefill
- Prefill CN automatically. If true, then the common name (CN) field of S/MIME certificates will be prefilled with information gathered from the system, e.g., from the email settings of the desktop or, on Windows, from the Active Directory. Default: true
EMAIL_placeholder
- Hint for EMAIL. This text will be shown above the email address field of OpenPGP certificates and used as placeholder text in that field for S/MIME. Default:
EMAIL_prefill
- Prefill EMAIL automatically. If true, then the email address field of OpenPGP and S/MIME certificates will be prefilled with information gathered from the system, e.g. from the email settings of the desktop or, on Windows, from the Active Directory. Default: true
EMAIL
- Value for EMAIL.
This will be inserted into the email address field of
OpenPGP and S/MIME certificates. Overrides
EMAIL_prefill
. Use type REG_EXPAND_SZ. Default: NAME_placeholder
- Hint for NAME. This text will be shown above the name field of OpenPGP certificates. Default:
NAME_prefill
- Prefill NAME automatically. If true, then the name field of OpenPGP certificates will be prefilled with information gathered from the system, e.g. from the email settings of the desktop or, on Windows, from the Active Directory. Default: true
NAME
- Value for NAME.
This will be inserted into the name field of OpenPGP certificates.
Overrides
NAME_prefill
. Use type REG_EXPAND_SZ. Default: ValidityPeriodInDays
- Default validity period. This setting specifies how many days a new OpenPGP key is valid by default, or, in other words, after how many days the key will expire. It also applies when changing a keys validity period. Set this to 0 for unlimited validity. If this setting is not set or is set to a negative value, then new or extended OpenPGP keys will be valid for three years by default. Default: -1
ValidityPeriodInDaysMin
- Minimum validity period. Specifies the minimum number of days for the validity period of an OpenPGP key at creation or change of validity.
ValidityPeriodInDaysMax
- Maximum validity period. Specifies the maximum number of days for the validity period of an OpenPGP key at creation or change of validity. If this setting is not set or is set to a negative value, then unlimited validity is allowed. If ValidityPeriodInDaysMin = ValidityPeriodInDaysMax then this validity period can not be changed using Kleopatra.
HideAdvanced
- Hide advanced settings. If true, hides the advanced settings button in the new certificate wizard. Default: false
Certification
Group :: [Certification]
CertificationValidityInDays
- Default certification validity period. This setting specifies how many days a certification is valid by default. Set this to 0 for unlimited validity of certifications.
S/MIME / CMS related settings
Group :: [CMS]
Enabled
- Enable S/MIME. If false, then Kleopatra's main UI will not offer any functionality related to S/MIME (CMS). Default: true
AllowCertificateCreation
- Allow S/MIME certificate creation. If false, then Kleopatra will not offer the creation of S/MIME certificate signing requests. Default: true
AllowSigning
- Allow signing with S/MIME certificates If false, then Kleopatra will not offer functionality for creating signatures with S/MIME certificates. Default: true
Group :: [DN]
AttributeOrder
- DN-Attribute Order Specifies the display order of the DN attributes of X.509 certificates.
Configuration Dialog
Group :: [ConfigurationDialog]
ShowAppearanceConfiguration
- Show appearance configuration Default: true
ShowCryptoOperationsConfiguration
- Show crypto operations configuration Default: true
ShowDirectoryServicesConfiguration
- Show directory services configuration Default: true
ShowGnuPGSystemConfiguration
- Show GnuPG system configuration Default: true
ShowSMimeValidationConfiguration
- Show S/MIME validation configuration Default: true
ShowSmartCardsConfiguration
- Show smart cards configuration Default: true
Group related settings
Group :: [Groups]
GroupsEnabled
- Enable Groups. Enable usage of groups of keys to create lists of recipients. Default: true
Smartcard related settings
Group :: [Smartcard]
AlwaysSearchCardOnKeyserver
- Always search smart card certificates on keyserver. Searches on keyservers regardless of the protocol for the smart cards key, regardless of the keyserver protocol. Default behavior is to only do this for LDAP keyservers. Default: false
AutoLoadP15Certs
- Automatically load S/MIME certificates from PKCS#15 (CardOS) smart cards. If true, then Kleopatra will call gpgsm –learn if a PKCS#15 Smartcard is inserted with unknown certificates. This can take a while and blocks the smart card while the command is running. Default: true
File Operation settings
These can also be set in Kleopatra configuration user interface.
Group :: [FileOperations]
UsePGPFileExt
- Use pgp as the default extension for generated OpenPGP files. Set this to make Kleopatra default to pgp file extensions for OpenPGP files. Default: false
AutoDecryptVerify
- Automatically start operation based on input detection for decrypt/verify. With this option set Kleopatra no longer asks you what you want to do with input files but instead automatically starts the operations it detects as applicable to the input. Default: true
AddASCIIArmor
- Create signed or encrypted files as text files. Set this option to encode encrypted or signed files as base64 encoded text. So that they can be opened with an editor or sent in a mail body. This will increase file size by one third. Default: false
DontUseTmpDir
- Create temporary decrypted files in the folder of the encrypted file. Set this option to avoid using the users temporary directory. Default: false
SymmetricEncryptionOnly
- Use symmetric encryption only. Set this option to disable public key encryption. Default: false
Tooltip settings
Group :: [Tooltip]
ShowValidity
- Show certificate validity. Show validity information for certificates in tooltip, such as whether the certificate is expired or revoked. Default: true
ShowOwnerInformation
- Show certificate owner information. Show owner information for certificates in tooltip, such as User IDs, subject and issuers. Default: false
ShowCertificateDetails
- Show certificate details. Show more certificate details, such as fingerprint, key length and expiration dates Default: false
Tag / Remark settings
Group :: [RemarkSettings]
UseTags
- Use tags. Enable display and usage of tags attached to keys. Default: false
TagKey
- Fingerprint of tag key. If a key is specified, then only tags made with this key are considered. Otherwise, tags made with any fully trusted key are considered. Default:
Import related settings
Group :: [Import]
RetrieveSignerKeysAfterImport
- Retrieve signer keys after import If enabled, then Kleopatra will automatically try to retrieve the keys that were used to certify the user ids of newly imported OpenPGP keys. This is useful in combination with trusted introducers. Default: false [since 3.1.21.0]
QueryWKDsForAllUserIDs
- Query certificate directories of providers for all user IDs By default, Kleopatra only queries the certificate directories of providers (WKD) for user IDs that were originally retrieved from a WKD when you update an OpenPGP certificate. If this option is enabled, then Kleopatra will query WKDs for all user IDs. Default: false
Group :: [Notification Messages]
CertifyQuestion
- Ask for certification on import.
Set this false to avoid asking the user to certify an imported key.
Useful if the
certificates_certify_certificate
action is disabled. Default: true
Expiration related settings
Group :: [Notifications]
ShowExpiryNotifications
- Notify about upcoming certificate expiration If enabled, then Kleopatra will show notifications in some place when using certificates that are about to expire soon. Default: true