[UI/UX issue] PGP expiration dates aren't shown in File > Settings > Advanced Encryption, and it's not obvious how to do a transparent key swap

I used my normal PGP e-mail key also with Delta Chat, since I want people to be able to compare the fingerprint to my normal e-mails as well. However, as is common for normal e-mail keys, this key expires in a few years. This leaves me antsy since in the DeltaChat UI, it’s not obvious if it’s equipped to handle this situation.

Most importantly, the PGP expiration date doesn’t seem to be shown in File > Settings > Advanced Encryption, of the key currently in use. It doesn’t even seem to be possible to show the key that is currently in use with its fingerprint.

Furthermore, there is no obvious way to swap the secret key in a way where it’s signed with the old one, and distributed to all devices and trusted contacts in a signed verified way such that the key exchange works without everything breaking down. The “Import Secret Keys…” button could in theory do that, but it doesn’t really say if it transitions the keys in any way. Since it doesn’t state that, I’m guessing it doesn’t.

My apologies if this is just me missing something, in which case perhaps this post can inspire some UI clarifications.

  • Operating System (Linux/Mac/Windows/iOS/Android): Linux
  • Delta Chat Version: desktop 1.48.0 (git: flathub), core v1.148.7
  • Expected behavior: It’s obvious when a PGP key expires and how to update it with a newer one once the time comes
  • Actual behavior: It’s neither obvious when a PGP key expires, nor how to upgrade a key without just replacing it without any smooth key transition
  • Steps to reproduce the problem: 1. Open “File” > “Settings” > “Advanced”, scroll to “Encryption”. Try to find out when your key expires, or what to do once it does.
  • Screenshots:
  • Logs:

Thanks for the detailed report and suggestions!

Unlike some other PGP-incorporating software, Delta Chat does not expose anything about OpenPGP keys to users in the primary user interface. It ties back to various user research/UX findings and follows this design principle: “don’t talk to users about keys”. See also Background — Autocrypt 1.1.0 documentation

Moreover, there currently is no expiry for the default deltachat-generated ED25519 based keys. If you import a key with expiry (through advanced settings) then the result is undefined after expiry – delta chat might still use the key or error out.

It’s likely we go for implementing some form of (probably manually triggered) key-rotation (maybe along the lines you suggest, maybe differently) in 2025 but it’s not super-high on the priority list. So hopefully this comes in time for when your key expires :wink:

I still have a few years, thankfully :wink:

To follow the autocrypt principle, you could put expiry info into the fairly hidden “Encryption Info” dialog. I don’t think that would harm people when they go actively looking for it.

You might also additionally do a simple reminder popup if a key is about to expire in a few days. Users who don’t use expiring keys will then never see that one.

I hope those suggestions are helpful.