gpg's output indicates that gpg exits on the first invalid signature. This cannot be changed by Kleopatra. And I think it's irrelevant whether there are valid signatures if one signature is invalid. If you have a contract signed by multiple people then the contract won't be valid because two of three signatures are valid.

If no (OpenPGP) key servers (i.e. set to "none") and no (S/MIME) directory servers are configured then the lookup only allows queries for email addresses. Otherwise, any query with at least one non-whitespace character is allowed.

Yes, It was not my intention that WKD should not work when searching for keys, when keyserver is None. Although such a search could be handled by just entering the email address in the recipient dialog in the file encryption widget to trigger a locate key or in the case of GpgOL to enter the recipient mail but I think that feature is very hidden / not really discoverable for users. And yes an improvement for the search Window in that case would be to then switch to "Enter Email" and use an email validator on the input field for example. So let us handle this as part of T6493

I had a quick look at "Lookup on Server" with regard to doing WKD even if no key servers (neither for OpenPGP nor for S/MIME) are configured. This requires more work because WKD lookup is only possible if an email address is entered while key server lookup also works for arbitrary search terms. The users have to be informed about this restriction which is out of scope of this ticket. I think this fits nicely into T6493.

In T6761#179919, @ebo wrote:

This is not as intended. When doing a search, we wanted No error message and only WKD search should be executed.

This is not as intended. When doing a search, we wanted No error message and only WKD search should be executed.

The following operations were changed:

• Export OpenPGP key to key server now shows an error if key server is set to "none".
• Refresh OpenPGP keys now shows an error if key server is set to "none".
• If key server is set to "none" and no S/MIME directory servers are configured then you'll get an error when you try Lookup on Server.
• Kleopatra no longer stores the special value "none" as "hkps://none".

The fallback wasn't used/offered for any GnuPG versions after 2.1.19.

What if the second signer cannot verify the first signature because they don't have the required public key?

Use same priority as T6761

Fixed.

Hi Werner,
after I enabled more detailed logging, I found that the issue is whithin an "old" file what was encyrpted using an outdated key. Somehow the gpg-agent got stuck here while trying to decrypt the file. After removal of the file the issue is gone, thank you for your input!

Fixed. This regression was introduced with the fix for T5697: Kleopatra: Crashes or hangs on circular certificate chains.

Are you using the keyboxd - that is, is this a new installation with gpg 2.4.3 or an old installation w/o keyboxd enabled?

You may better ask on gcrypt-devel at gnupg.org for help.

Which certificate list? The list in the main view? Or the certificate list of a smart card?

It is okay for you to start with option so "akonadictl --migrate" but I would suggest deleting the old DB only as an option. Especially if error handling is not 100% perfect there should be also an easy way to restore your old config.