Done for 2.6.

Backported to 2.4 and relevant parts also to 2.2

I think it would be cleaner to create a separate ticket for making gpg fetch the requested key from LDAP.

Although it is implemented in gnupg-2.2 we should add another feature: Iff this option is configured, gpg shall try to load the requested key from LDAP in the same manner as it does for a trusted-key.

This should not be configured in Kleopatra but an option to gpg because this is a core crypto functionality. Thus is now a gpg task.

Pushed the fix: rGbb57c808b2ad: scd:openpgp: Fix PIN pin2hash_if_kdf.

Thanks, that patch works for me.

See also rG40b85d8e8cecadf35e51e84b30de4fac820d714b for gnupg 2.4.

How to test:

In 2.4 we have rG1383aa475 which does

Pushed the change in: rGf50c543326c2: agent: Allow simple KEYINFO command when restricted.

No, thank you both for the speedy responses :)

Thanks a lot for your quick testing.
The commit rGff42ed0d69bb: gpg: Enhance agent_probe_secret_key to return bigger value. of GnuPG 2.2 introduced this bug.

Okay, backported to 2.2.

I was wrong for the semantics of proxy->outtoken. It is zero when run_proxy_connect is called and enabled during the negotiation.

@hlein Thanks a lot for quick testing.

Thank you @gniibe! Applied the rG848546b05ab0: dirmngr: Fix the regression of use of proxy for TLS connection. changes here, and 2.4.4 works here now.

IIUC, the code for keep_alive is for negotiation of proxy. If so, something like this is the fix:

Right. I was wrong assuming the code in 2.2 branch is stable (that is: well tested).

Werner wants the import via gpg-agent

We need to test the PIN, PUK and reset code stuff in 2.2

Is in 2.4.4 and will go into 2.2.43

Tested for 2.4

Fixed in 2.4.4 and 2.2.43 - see above for affected versions.

We need to fix 2.2.42 too. This because we backported the responsible patch.

The extra option --debug-allow-pin-logging was implemented with commit rGe43bd2a7a78.

This is due to the changed format of the VERSION file.

Tested on Windows with Kleopatra and 2.2 and with gpgme and 2.4 on Unix.

is now hidden in VS-Desktop-3.1.90.287-Beta

We decided that this is an invalid issue most likely related to the test cert / test card. We have tests done with real world Signature cards with brainpool and they worked.

Screenshot with details about the key in question. It might be a weird one since it does not have usage flags set. But this is the only brainpool key on my test card and it shows up for encryption in Kleopatra.

You can't decrypt using the Esign application on such a card. Please provide more information off-tracker.

works in VS-Desktop-3.1.90.277-Beta

Sorry @ebo tested this on Windows with 2.2. I myself should have tested it since the test is trivial and only took me about 30 seconds to type. Similar to T6701 this should have never reached the QA stage. I am including myself now that we have someone for QA that I test my own changes less. We need to talk / think about that in our whole team. We developers should test more before sending an issue into QA.

I edited the task description.

Ok maybe because of the task description with timeout. But for a Cancel to report "General Error" that is unacceptable.

In T6575#178532, @ikloecker wrote:

The same happens when the pinentry is canceled, i.e. General Error is reported although in this case the dialog should simply be closed (because the user canceled the operation).