Yellow indicates a warning. In the old days we used yellow in too many cases and people barely got a green. This raised more user questioned than it was helpful. There is also a problem with accessibility if we overload colors too much.

I guess the agent was still running when you deleted and soon re-created the ~/.gnupg directory. The agent is responsible for the private keys subdir and it did not yet noticed that its homedir (and thie subdir) vanished. Depending on your system the agent should terminate itself after some time in case the homedirectory was deleted. Thus to remove the homedir please use

I created a pubkey (actually a subkey) for your above test keys:

I don't see a problem here. Of course Kleopatra could run a gpgconf -K all when it really exits but I doubt that we need to do that in this special elevated case

Pretty obvious. RENC is an allowed usage for an RSA key and thus set in the mask. I restricted this but allowed to set it anyway when using the "=sr" shortcut (here to set as signing and R-enc). Thanks for reporting.

This is long known and we won't fix this for gpg4win.

Please use

Tobias, if you find some time, can you please see how this can be done.

Please keep also in mind that the OpenPGP card specification has always and is still developed along with GnuPG . Thus if there are any uncertainties in the specification GnuPG's way of handling thing is the way to go. If there is a way to chnage things without risking any breakage we can of course fix that. In all other cases we need to continue wit the current way. For larger changes in the spec we can of course cleanup stuff - Achim is currently reworking on a revision.

Works for me using the latest vsd beta (3.1.92.39)

I am still not sure why I noticed the double signing but with the new stamp feature we have an effective way to avoid long delays due to authenticode signing. Some gmake macro guru might want to look at gpg4win.mk.in to get rid of the duplicate rule ignore messages.

strcasecmp is pretty standard on Unix. However, in GnuPG we test for it and mostly use our own ascii_strcasecmp to avoid fun with locales. Ralph Seichter is providing macOS builds for GnuPG (https://sourceforge.net/p/gpgosx/docu/Download/) . Maybe it is worth to contact him via the gnugp-devel mailing list and ask him whether he has experience with your toochain.

And we should also use timestamps for each signed file so that we don't need to re-sign all of them over and over during build process tweaking.

Use autogen.sh to keep version in sync

We also need to tweak the Windows installer and probably also Kleopatra. For example we use use standard registry entries for all products.

The reset was due to running gpg-connect-agent reset /bye. I am currently testing something elese will get back as soon as I can turn back to 2.4

New release due?

Note that this has also been ported to 2.4 and 2.2 and tested by looking at the status lines.

So, what is the state of this. Did a change already land in Kleopatra and how can we assure that all binaries have a W32INFO_PRODUCTNAME in their rc file?

See T7046 for the release info. Note that the mentioned fix for kwallet already landed.

Noteworthy changes in version 1.2.1 (2022-08-24)

AFAICS the bounce is correctly reported. You get the 550 at the mail from so that there won't be a need for several SPF checks if a sender wants to send to several recipients.

Thanks for reporting this. Returning error codes to upper layers is not always easy because the original logic is that we have a global error counter to decide whether an operation succeeded. My fix to check the error code before emitting the DECRYPTION_OKAY status,