FWIW, the Fileversion is actually the Git revision in decimal

You can't decrypt using the Esign application on such a card. Please provide more information off-tracker.

Testing in 2.4 will not be easy because it requires code modification just for testing. However, de-vs is not supported by 2.4 and the greater plan is to get 2.6 approved for de-vs.

I'd prefer to not use the spawn helper at all. All currrent Windows versions allow to decide which handles are to be inherited and thus there is no more need for the helper.

@gniibe: This is a pretty old bug; given all the changes of the last year, should we close it now?

You are creating a signed archiv? Why - gpgtar is used for encryption.

That's right: -K is merely a -k which prints only keys which have at least one secret key or a stub key (for smartcards) available.

Thanks for commenting from the other account. This allowed me to disable the account. Deleting and account is hard in Phabricator thus we do it only very rarely. But disable is basically the same.

I just verified the new account. Please delete (i.e. disable) it yourself - I can't easily figure out whether it is really your account.

Problem seems to be that there is no ~/trustedkeys.gpg file and that the fallback to the kbx file does not anymore work. I can replicate that with 2.40 and 2.4.4-beta.

That version of gpg is too old that I will look at it.

That sounds very good.

I disagree. We already talked about this and we should proceed as planned.

Further investigation showed that this was due to a bogus key creating during I wrote the code.

We consider rsa2048 as compliant until the end of this year; this is required due to the Telesec smartcards. However, we should never create such a key and kleopatra does not allow this.

Test version is available intern.

I think there is no configuration option to set the socket directory, it's hardcoded in homedir.c

That is convenience. Before we did this people were complaining that they first need to create a directory for the sockets. You should not need to use --create-socketdir unless you want to start something like watchgnupg on a socket in just this directory (using the shortcut socket://).

What is your problem with socket below /run/user ? In fact you will need it anyway if your socket file name is longer than something like 104 characters.

The second retry counter is used by current cards for the Reset Code error counter. It is zero if no reset code has been set. It was used by card specs 1.x for the CHV2 only available there.

It is a bit hard for us to decipher the Spanish diagnostics. Before we can try to help you please update to a deent version of gpg and libgcrypt. At least the version for Ubuntu is way too old; Libgcrypt is 5 years old, the current version of the lTS branch is 1.8.10. GnuPG is also 10 years old and in the mean time we have fixed several critical bugs; the current version of this legacy branch is 2.2.41! Note that Ubuntu might have fixed some bugs despit ethe version number - we just can't know.

We don't use or suggest the use of PIP or other insecure software distribution systems.