In T6867#187289, @ebo wrote:

After discussion we concluded that showing all signatures in one detached signature file is something we want soon.

After discussion we concluded that showing all signatures in one detached signature file is something we want soon.

After talking with Werner, I edited T7155 to include displaying the protocol column, too, because this is useful in combination with his wishes regarding the origin keyword which are:

I'm wondering whether we are hit by undefined behavior. https://en.cppreference.com/w/cpp/algorithm/sort mentions some conditions that must be met for (un)defined behavior. Or it's a bug in gcc or gcc's STL. I added some debug logs to the comparison lambda. The first comparisons look fine but after a certain number of comparisons it crashes in the debug logging (when it tries to access the primary fingerprint).

Note that the origin stored for the key is for example required if a key is updated by fingerprint. In that case we don't known from which user ID to take the origin.

I updated the certificates of Werner, Andre and you and got as result "The certificates were updated.", i.e. plural, for both, keyserver and WKD. Singular could mean that only updates for one certificate were found.

That the first result is selected is a side effect of making the certificate list more accessible. When the lookup finished, then the certificate list gets focus so that the users can immediately interact with the result. When the list gets focus we unset and reset the current item which triggers the selection of the item. And that triggers an accessible event (so that the user knows than a list item was/is selected).

Looking only at the text used, you get exactly the same messages used for single certificate updates, "The certificate has been updated" or "The certificate was not found.", both in the singular.

Querying WKDs for keys not retrieved via WKD leaks information, i.e. a (fake) WKD could track who is looking for keys. KDE's privacy-by-default policy doesn't allow such a setting to be enabled by default. (In VSD you can enable it for certain customers who don't have a problem with this.)

Note for testing: To reduce the PUK counter to 0 you have to enter a wrong PUK for "Unlock Card". The wrong PUK must have at least 8 characters. Otherwise, gpg-agent will consider the PUK wrong without even asking the smart card so that the smart card doesn't get a chance to reject the PUK and decrease the PUK counter.

And "But "Update certificate" does still not query WKD (not even after restarting Kleopatra.)" seems to happen because the setting "Query certificate directories of providers for all user IDs" wasn't enabled.

Tested with Gpg4win-4.3.2-beta25:

When VSD33 has been updated to integrate the fix/commit then this can be closed (i.e. set to vsd-3.3.0) without manual test, in my opinion.

The (rather trivial) changes where reviewed by Sune. And it's not really a very important issue. Therefore, I'll set it directly to resolved.

Merged to VSD33.

Ok, follow up for the column is T7155.

I can confirm that Kleopatra reports "The certificate was updated." when updating the certificate werner.koch@gnupg.com although gpgme reports "unchanged: 1" as ImportResult. Kleopatra even reports "The certificate was updated." under WKD for a locally generated test key that's not available via WKD. This should be fixed.

Tested with Gpg4win-4.3.2-beta25:

gpg uses "Remaining attempts:" for the pinentry. I'll use this also in Kleopatra so that the users can more easily recognize that this is the same information.

One idea to solve this would be to use a different model because our KeyListModel doesn't allow multiple entries with the same fingerprint. This would also allow us to get rid of columns that make no sense in this workflow like the User IDs column (validity checks are impossible).

In T7067#187088, @ebo wrote:

Should I make a new ticket for making the origin column default for the search?

Note that signature notations are now always loaded (after the initial key listing which is done without them). I have enabled this to make features like T6766: Kleopatra: On export, inform user about uncertified user IDs which require all certifications just work, without having to remember to load certifications or signature notations when needed which would just lead to bugs because one would obviously forget to remember this.

For Gpg4win-4.3.2-beta25: Compendium is now listed before "More documentation".

I'd say "PIN counters:" is enough in combination with a tool tip. An additional documentation in a manual is always nice, of course. But do we really need the "PIN" here? As long as after the colon PIN, PUK, etc is listed, I think we could drop it here and say "Retry counters"
One could also contemplate using something like "No. of tries left".

Done. This is how it looks like:

Should I make a new ticket for making the origin column default for the search?

This depends on what this ticket was intended to cover.
I always see the tags in the main certificate view in VSD 2.2 as well as the current Gpg4win-4.3.2-beta25.

I gathered the CHV-STATUS information of a few cards.

This works for me. And it also seems to work for ebo with VS-Desktop. Setting to Testing, but I think it can as well be closed without another test given that ebo already tested it.

Works for me for a dark blue (R&S) smart card and a Genua smart card. See T6847: Kleopatra: Show S/MIME certs for PKCS#15 cards in smart card view.

Tested with Gpg4win-4.3.2-beta25

Noticed when looking at the MR that there seems to be no error handling for the case that no ADSK is configured (or something is wrong with the configuration). At least I did not see any strings informing the user about an error.

I've talked to ebo about this and yes she will create subtasks for at least GPGME log an qDebug logging the GnuPG Logs can already disabled in the config so we dont really need it. Currently it looks like this and I find it rather confusing:

Tested with 2025-05_gpg4win_Beta_23:

• "no certificates found" message shows as expected
• "Searching for matching certificates ..." is shown while searching
• Aborting search in the progress window works