Hi, as a contributor to NixOS I'd also like some guidance. I'm testing the 2.3 upgrade ahead of 2.4, and it "breaks" Yubikey UX that I know many of us use. This might be because we appear to not yet install gnupg's CCID udev rules installed. A few questions:

Please install the Gnome Key Ring prompter tool or use the plain GTK pinentry.

I do have the same Problem.
It started about 2 weeks ago.

Update:
It looks like OpenSSH version 8 now supports ssh-agent's handling REQUEST_IDENTITIES.

Thank you for the suggestion of disable-ccid that seems to have solved the problem.

https://docs.microsoft.com/en-us/windows/security/identity-protection/user-account-control/how-user-account-control-works has

Searching the web "Why UAC is important" finds a lot of explanations https://www.digitalcitizen.life/uac-why-you-should-never-turn-it-off/

I've also suggested 3.1.14, but the changelog for 3.1.15 lists two potential important defects fixed for GPGOL (the empty recipient and the auto-retrieve).

My suggestion would be to just keep using 3.1.14 But yeah there will be a 3.1.16 / 4 Beta soonish.

I can confirm disable-ccid works, thank you!

Please have a look at the log:

https://wiki.gnupg.org/Gpg4win/RunAsUser has more explanation about this, and I had to give this to quite a number of people in support. (An improvement to the could be a link to a very good external or official explanation, does somebody know one? I've searched briefly but was not successfull to find strong recommendations by Microsoft.)

Thank you.
I'll report the original message problem.
Applied and pushed.

Thanks for your review!

Thank you. Please confirm for one message translation. Others are all good.

You are right. The problem is that in a development version we use an envvar to locate the programs, so there is usually no problem because the software has already been installed and the final test doesn't catch this. We should add a version check to all components to catch such problems.

Given that we don't yet support TPM for Windows you should go ahead and apply this patch. tpm should also be removed from the list of components.

So I have talked with werner about this. The key-fpr is mostly required so that we can search for the public key belonging to the smarcard if we don't have it. This would also be something to do for the openpgp card.

6f03 = Data with specified length not supported.
Needs to be fixed in GnuPG :-(

Mmh, right I've used that but I still went with the key-fpr as I saw that and werner suggested this could be used by kleo. But it might be better to just ignore the key-fpr values which you have to explicitly query for PKCS#15 and just use

SCD GETATTR $SIGNKEYID returns the signing key ref. This information is read in get_card_status() and stored in the Card (see rKLEOPATRAd2bf514e4963: Fetch and store IDs of signing key and encryption key for card).

So, I've implemented a small widget and p15card class.

I'm currently working with Kleopatra and 2.3 and it works nicely.

Apparently only one of the secret keys is actually imported: the decryption key, but not the signing key.