I believe that this error is caused by a software bug of Gpg4win. Please get back to me if you need additional details about this issue, thanks

Please, Last chance to add a log with Included file names (Include data checkbox) before the next release. Me and a colleague reviewed the function and don't find an issue with it. Otherwise I will only add a MessageBox error in that case for the next release.

It turned out that this is pretty important if you use a current version of scute; That one uses gpg-connect-agent to list all smartcards. And gpg-connect-agent will start and take over a remote socket used for the card.

Not for this release. This needs changes in GPGME and we should check and parse the KEY-ATTR-INFO directly. My Yubikey 5.4 returns this, too. I think Ingo should implement this properly and well tested.

As discussed with werner we want to have it for the next release as yubikey is very important for us.

Fully done in my opinion.

This is in for so long we can mark it as resolved. I had tested it on Windows.

Fixed

Yes, that was sadly the case with the last release. It was fixed in: https://dev.gnupg.org/T6070 but not yet released. So the next version will work again. Until then you have to stick with the older version.

WKS re-publishing was requested for Windows again in: https://wald.intevation.org/forum/message.php?msg_id=8562

@SPYazdani But your log is also without the Data information. The issue is that I see the Problem that it tries to aquire a temporary file name and fails to get one. Then it runs into an unexpected state. But gpgol_string_107 is the pseudonomized debug output of the filename. Because the filename would include your username. And I need to see what GpgOL tries there and why this would fail.

@aheinecke I posted a link to the logs in T6158

This was reported again in T6158. The problem is still that I have not seen a log with Data debugging enabled. @SPYazdani could you maybe create one? Please enable logging and check the box below the logging filename where it says "Include Mail contents (decrypted!) and meta information." and then you might afterward look into the log file and post here the lines above "Could not get a name out of 100 tries" I am interested in the candidate names and also please then check if those files really exist and if so try to remove them.

Ah right, forgot about this issue. I merge it with the other one and answer there. I need a log with data debugging enabled of this issue.

T6142 was solved by rejecting expired root certificate.

I realized that some AEAD cipher (including GCM) allows arbitrary length for IV.
But it's not good for the API of setup_geniv and geniv.

rejecting an intermediate certificate too.

Pushed the change of mine to master, since I can confirm that it results validate_cert_chain working better, because of put_cert's rejecting an intermediate certificate too.

You get this error because the key has been created in gnupg mode (and not in de-vs) and thus it has these preferences.

That's a fair point, cheers!

In T6161#162306, @ikloecker wrote:

I'm not sure I understand. If you don't want pinentries depending on libX11, then simply disable those pinentries with --disable-pinentry-qt5, etc. For Wayland it may make sense to allow disabling it.

I'm not sure I understand. If you don't want pinentries depending on libX11, then simply disable those pinentries with --disable-pinentry-qt5, etc. For Wayland it may make sense to allow disabling it.

Let's turn this into a feature request.

I think we can close this one. Note also that we now have --no-user-trustlist and --sys-trustlist-name. in 2.2.37 and 2.3.7 which allows to entirely ignore the user trustlist and to define a global one..

I pushed the change with documentation.

I pushed the changes. It also cares about the case for --cflags.

@dkg: Thanks for the detailed description of the problem.

@orbea Thank you for your suggestions.