The gpgme logs show that the information for revoked keys should be there. We just need to check for it (and somehow visualize it).

pub:o:3072:1:3DA05D6B0A5998AF:1768822823:1863514800::::::::
fpr:::::::::C70F6D8F32DFE96F5C47C40B3DA05D6B0A5998AF:
uid:o::::::::search (valid) <search@gnupg.test>\r:

gpgme.log (vsd 3.3.4):

Fixed. The problem was that the selected sections were stored in the 64-bit registry (unless browser integration was installed; see T8038), but they were read from the 32-bit registry.

Fixed.

Let's give this Normal priority.

Meh! The installation of the browser integration explicitly enables the 32-bit registry. Obviously a leftover from gpg4win 4.

In T8039#211727, @timegrid wrote:

I wonder where the information of the previously installed components comes from, if not from the MementoSection_SEC_kleopatra fields.

Thanks for checking! So now we know why the line is missing. Looks like installing browser integration causes a broken installation (at least with respect to registry keys).

I searched the whole registry and found, that if browser integration is installed, this key still lives in WOW6432Node: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Gpg4win

Oh, surpisingly it's the other way around: if the information is given in the registry key, all components are preselected. If the key is missing (browser integration installed), only the installed components are preselected. I wonder where the information of the previously installed components comes from, if not from the MementoSection_SEC_kleopatra fields.

Fixed.

Another possibility would be to just add a revoked column (expiration date is already shown) to keep closer to the ldap schema.

Without browser integrations installed, the preselection works fine though.
Probably this happens, because the info in the registry is missing as soon as browser integration is installed, see T8038: NSIS: Updating line omitted if browser integration is installed

should properly uninstall the existing installation.

Regarding 32-bit and 64-bit installers: The installer looks in both registry trees for the relevant registry keys, i.e. 64-bit over 32-bit and vice versa should properly uninstall the existing installation.

I understood that this is done on purpose, i.e. all other components are explicitly always preselected.

gpg4win-5 has no idea that gpg4win-4 is installed because the former is a 64-bit installer/application and the latter a 32-bit installer/application, i.e. they use different registry trees. More important that the missing "Updating line" is very likely that the gpg4win-5 installer does not uninstall gpg4win-4. I haven't checked if NSIS is capable of detecting/uninstalling a 32-bit application from a 64-bit installer.

It works well for us. Thanks again.

Backports have been done in both (1.10/1.11) branches.

see also T8039: NSIS: Preselection of installed components on reinstall only works with browser integration installed

See the gnupg-devel mailing list for more discussions. Subject: libgcrypt P256 signature malleability via weak DER enforcement"

Windows7 has long reached end-of-life. Do not use it unless you have a fully air-gapped system. In this case, continue to use gpg4win 4.4.1 or resort to the command line of 5.0.0 which should still work.

I don't know how I'm supposed to change/fix this. Not even gpg does what the ticket wants (see the sub ticket). And gpg doesn't report sufficient information to Kleopatra via gpgme. In fact, gpg doesn't emit a STATUS_TRUST_* message if the signing key is expired. Hence, gpgme reports "unknown" validity for the signing key, so that Kleopatra would always print "The used key is not certified by you or any trusted person." for expired keys even if the key was fully certified before it expired.

Fixed. Some examples for the improved texts which are based on the texts that gpg prints.

• good signature with expired key

• good signature with revoked key

• good signature with uncertified key

• expired signature with certified key

• expired signature with uncertified key

Indeed, it looks this way. Thanks so much! Windows 10 and 11 in my case.

On gpg4win-5.0.0 @ win11 I created a bunch of smime certs:

• For each keyusage
  • keyEncipherment, dataEncipherment
  • digitalSignature
  • nonRepudiation
  • digitalSignature, nonRepudiation
• Alice's certs with different names, Bob's certs with same name for each key

If the group policy „Allow the use off connected experiences in Office“ is set like this:

I added a config setting for Windows only: work/tfry/autostart .

Is this is good enough or should the import cert list also inherit the layout (with or without additional columns) from the currently active tab?

Looks good to me on gpg4win-5.0.0 @ win11. Tested with 20 starts of each combination:

• with / without keyboxd
• quitting kleopatra / killing all processes

Looks good to me on gpg4win-5.0.0 @ win11. Tested with 20 starts of each combination:

• with / without keyboxd
• quitting kleopatra / killing all processes

Looks good to me on gpg4win-5.0.0 @ win11. Tested with 20 starts of each combination:

• with / without keyboxd
• quitting kleopatra / killing all processes

Another correction: I'm quite sure, that changing the width worked for a while (until i created that new tab), but I can't reproduce this anymore (even after deleting kleopatrastaterc). Now the import list again seems to have it's own memory (changing width in the import list will be kept on the next import)

Correction: On import, the width of the last created tab (not the current one) will be used, but additional columns won't be added.

EWS-API used in our code (CPP-wrappers -> description / our usage):

• EwsGetItemRequest -> get message(s) (one or several; mime content and parent folder id)
• EWSMessageDispatcher -> just a wrapper around:
  • EwsCreateItemRequest -> "Send message and save copy"
• Used by reencrypt, only:
  • EwsGetFolderRequest -> Apparently just gets the id and label of a folder
  • EwsCreateFolderRequest -> create new folder; includes indication whether that name already existed
  • EwsGetFolderContentRequest -> get all mails in a folder; additionally uses:
    • EwsFindItemRequest -> obtain list of messages in a folder (does not list subfolders)
  • These two just needed to create (reencrypted) messages without having them appear as new
    • EwsCopyItemRequest -> copy existing message from one existing folder to another
    • EwsUpdateItemRequest -> used to replace mime content of message, without change status (new/read...)

Screenshots how Kleopatra currently shows the result of the verifications: