Today
Yesterday
Regarding the requirements for a key: The action shouldn't be enabled for keys not meeting the requirements. (Just like most other actions are only enabled for a suitable selection of keys.) The info which keys are suitable belongs into the manual and not as wall of text into Kleopatra.
You forget that multiple OpenPGP smart cards might be plugged in. Although it's probably not likely that multiple empty cards are plugged in. (For comparison: The subkey action to move a key to a card allows the user to choose a suitable slot. I think it also offers non-empty slots, but I agree that for the "simple copy" it's better to offer only empty cards to prevent a disaster.)
Nobody uses gpgtar for S/MIME
To clarify: this works for "Restart background processes", as was the aim of this ticket
Of course, it should be possible to toggle "disabled" in Kleopatra.
A (context) menu entry "disable certificate" (or "enable certificate") should be sufficient.
gpgme has a disabled flag (only set on the primary key) and taken from the --wwth-colon listing where it is the 'D' in the usage.
forgot to keep it open for test with gpg 2.4 branch versions...
restarting gpg-agent works in release version 3.2.2
Tue, Apr 16
Note for devs: In most places we can probably use Key::isBad() which excludes all kinds of keys that are not valid for use (revoked, expired, disabled, ...).
When working on filters the "disabled" flag should be considered as well, see T7089.
What is the current status of this issue?
+1 for Tobias proposal
I'd propose that we could:
- Always export the certificate and tell the user in the success dialog
- Have an extra button in the success dialog allowing the user to upload the certificate.
No, if you then find out that you cant reach anyone in the protocol you should be able to get back.
Yes I have pcsc-shared in my scdaemon.conf.
I've just tried removing both pcsc-shared and disable-application piv and PIN caching worked as expected.
Are you using PC/SC shared mode? If so, it may be the case of T7041.
Mon, Apr 15
I just wanted to report that I'm having this issue on Fedora 39, with GnuPG version 2.4.4.
I'm being asked for the PIN for every operation (Sign, Decrypt, Authenticate) I'm having this issue on 2 different laptops using YubiKey 5C NFC and YubiKey 5C Nano (Firmware version: 5.4.3).
I tried disabling PIV (disable-application piv) and then PIN caching started working again, so I just wanted to report this as it's marked as resolved.
Here comes a new test key along with its 3 secret parts (one for the primary and two for the composite Kyber subkey).
Backported to VSD 3.2
Panel Used By
Dashboard | Jab's Dashboard |