Done. The visibility of the advanced options is now remembered. For individual certifications the advanced options are not visible by default, for bulk/group certifications they are visible by default. Therefore, the state is stored separately for both cases.

This is finally done.

Only compliant algorithms are offered when (re)generating single keys or all keys. In de-vs mode, Brainpool 256 is preselected if the smart card supports it. Otherwise, RSA 3072 is preselected.

For the export of multiple certificates (i.e. not group export), this task is blocked by the wishlist issue T5847: Kleopatra: New Feature for bulk certify. Either this issue is also wishlist or the other issue is needs to become normal.

According to Werner this should work.

In high contrast mode the background should always be white or black.

I have added the confirmation to the following commands:

• Export Certificate(s)
• Publish on Server
• Export Group

You should see

org.kde.pim.libkleo: Reloading keycache with remarks enabled

in the debug output shortly after Kleopatra has finished the initial key listing (even if tags (aka remarks) are disabled in the configuration).

The original issue was about creating an encrypted archive. This code doesn't use Qt anymore for writing the result file, but delegates this to gpgtar.

Questions:

• What does "not certified" mean? Not certified by the user exporting the certificates (use case: I'm the "CA" for the exported group.)? Or not fully valid (i.e. not certified by a trusted certificate) (use case: I want to give some certificates to my co-workers and certification is centralized)?
• What about expired, revoked, or otherwise invalid certificates?

I have created T6766: Kleopatra: On export, inform user about uncertified user IDs for points 3 and 4 of T6469#174361.

The submenu is empty because the referenced actions don't exist outside of VSD builds, right?

Needed changes in Kleopatra are tracked in T6761.

The issue mentioned in T6469#176392 is fixed.

Some time ago, I have checked and hopefully fixed all usage of time_t in Kleopatra and GpgME to make sure we always use unsigned 32-bit integer arithmetic. Dates entered by the users are capped to some date in 2106 (a few days before the overflow date).

In T6702#176858, @aheinecke wrote:

We should probably also check KMail though. There might be a similar fix needed although there I am unsure if the old keyresolver does not do a crl check when a certificate is selected.

Fixed.

The issue should be fixed, i.e.

• groups containing only encryption-capable certificates (i.e. they have an encryption subkey) are expanded
• certificates which cannot be used for encryption because they (or just the encryption subkeys) are revoked or expired or otherwise invalid are marked with the error marker
• the OK button is disabled if any invalid encryption certificate is selected

Is executing a zip file really supposed to work on Windows?

Or is it an order problem in src/CMakeLists.txt?

add_subdirectory(core)
add_definitions(-DTRANSLATION_DOMAIN=\"libmimetreeparser5\")

Other possible reason: https://api.kde.org/frameworks/ki18n/html/prg_guide.html#before_qapp
Are the action texts initialized statically?

I'm wondering whether this could be caused by a wrong translation domain. We have mimetreeparser.{pot,po,mo}, but in src/CMakeLists.txt we have

add_definitions(-DTRANSLATION_DOMAIN=\"libmimetreeparser5\")

KEYPAIRINFO in 2.2 lacks the algorithm (and the fingerprint time). Kleopatra uses the algorithm to check if the algorithm is allowed in VSD.