If you want this to happen, then you should consider contributing a patch. Please see doc/HACKING for the formal requirements.

Note to self: This cannot be fixed easily because inserting the updated certificates (the details dialog triggers a listing of the certificate with full details) into the key cache is implemented as removal followed by add (with the corresponding model signals).

I see no reason to force a certain order of actions on the users, i.e. first they have to certify a certificate and only then they can give this certificate certification power.

The timestamp problem may be fixed by moving the line

File ${prefix}/share/icons/breeze/icon-theme.cache

(and any other lines installing an icon-theme.cache) at the end of inst-breeze-icons.nsi (or the corresponding inst-*.nsi file).

I just learned that

Qt will make use of GTK's icon-theme.cache if present to speed up the lookup.

https://doc.qt.io/qt-5/qicon.html#fromTheme

Instead of using --enable-special-filenames and a separate FD the list of files is now passed to gpgtar's stdin. Similarly, we read from gpgtar's stderr instead of using a separate --logger-fd.

Now creation of OpenPGP certificates and CSRs from card keys in de-vs mode is only possible for RSA 3072, RSA 4096, and the Brainpool curves.

Back to WiP to also prevent usage of all non-brainpool curves (as requested by Werner in M9#117).

Kleopatra doesn't have any restrictions when generating smart card keys. When generating OpenPGP certificates or CSRs off-card or from card keys, then in de-vs mode only RSA 3072, RSA 4096 or any supported curve (without any restrictions) can be chosen. Except for RSA 2048, Kleopatra doesn't know which algos are compliant or not compliant.

Yeah, well, then the generation of ECC keys for smart cards is a 2.4 feature. I have implemented what you suggested: https://dev.gnupg.org/T4429#162056
If this suggestion doesn't work with 2.2, then it doesn't work with 2.2.

What about --logger-fd? Does gpgtar pass all FDs through to gpg?

Okay, I'll skip those for now.

What does "SCD GETATTR KEY-ATTR-INFO" give you? What "CARDTYPE" and "CARDVERSION" does "SCD LEARN --force" give you?

This screenshot looks like you clicked on "Schüssel erneuern". Why is the title "ECC CSR gen from Yubikey"?

Okay. It doesn't solve the problem that you want to run any application via the GnuPG VS-Desktop AppImage.

I think AppImageLauncher solves this already. And for discoverability there's AppImageHub (which the distribution-specific desktop installers may already support as source for applications).

Resigning as reviewer since I cannot close it, but want to have it off of my list.

Putting up for grabs and removing Kleopatra tag since for Kleopatra users this has been fixed (unless they manage to trigger multiple separate concurrent imports in Kleopatra).

Done for OpenPGP cards, PIV cards, and NetKey cards.

RSA-2048 can still be used in de-vs mode if it's listed in the RSAKeySizes config entry.

For the clipboard operations (encrypt and sign) we store the user's decision to keep the results open after the operation was completed. These settings cannot be changed in the UI currently.

Kleopatra now runs the gpg/gpgsm processes one after another if multiple files are imported. (In fact, since we always try to import with gpg and gpgsm, this actually already happens when a single file is imported.)