The final (known) encoding problem with broken umlauts in German error descriptions should be fixed.

The ticket mentioned in the previous comment is T7190: Kleopatra: wrong claim of update in WKD for keys with no mail address.

If one or more keys are refreshed and none of the keys has non-revoked user IDs with email addresses then Kleopatra shouldn't report a result for WKD anymore.

Backported for VSD 3.3.

This should be tested as part of testing T5960 by checking that the German error description "Falscher Rückstellcode" is shown after entering a wrong reset code (PUK) for an OpenPGP smart card (https://dev.gnupg.org/T5960#188013).

Using/setting a value of 2 would work for Kleopatra.

Mark for backport to VSD 3.3

Done. Not relevant for VSD 3.3 because there we use a much newer GpgME anyway.

Some logs after entering a wrong reset code (PUK) for an OpenPGP smart card.

404.228467	2024/05/27 15:56:17.987	8056	kleopatra.exe	org.kde.pim.libkleo: sendCommand "SCD PASSWD --reset OPENPGP.2" failed: "Falscher R?ckstellcode" (code: 322, source: SCD)
404.230320	2024/05/27 15:56:17.987	8056	kleopatra.exe	org.kde.pim.libkleo: errorAsString gettext_use_utf8(-1) returns 1
404.230596	2024/05/27 15:56:17.987	8056	kleopatra.exe	org.kde.pim.libkleo: errorAsString error: Falscher R?ckstellcode
404.231068	2024/05/27 15:56:17.987	8056	kleopatra.exe	org.kde.pim.libkleo: errorAsString error (percent-encoded): "Falscher%20R%FCckstellcode"
404.231182	2024/05/27 15:56:17.987	8056	kleopatra.exe	org.kde.pim.kleopatra: ChangePinCommand::slotResult(): "Falscher R?ckstellcode" ( 322 )
404.231315	2024/05/27 15:56:17.987	8056	kleopatra.exe	org.kde.pim.libkleo: errorAsString gettext_use_utf8(-1) returns 1
404.231428	2024/05/27 15:56:17.987	8056	kleopatra.exe	org.kde.pim.libkleo: errorAsString error: Falscher R?ckstellcode
404.231850	2024/05/27 15:56:17.987	8056	kleopatra.exe	org.kde.pim.libkleo: errorAsString error (percent-encoded): "Falscher%20R%FCckstellcode"

Re 2.:

• I think expired user IDs should also be offered. Otherwise, people who forgot to extend the validity of their certificate won't find their certificate. Usability-wise it's better to offer the certificate and show a notice that the selected certificate has expired. I wouldn't differentiate between primary and additional user IDs.

In general, I question the usefulness of the tool tip for the certificate list. The information in the table is already very detailed and for more details there's the details view. Important information that's missing in the table shouldn't be hidden in the tool tip.

I guess we want to backport the above change for VSD 3.3.

First mock of new UI for PIV

As I wrote "That the first result is selected is a side effect of making the certificate list more accessible." and "When the lookup finished, then the certificate list gets focus so that the users can immediately interact with the result."

This also works for VSD 3.3 (because the required changes/patches are in gpg4win).

Fixed and backported for VSD 3.3.

I noticed a bug in the group config migration: T7181

The option "default-new-key-adsk" of gpg can now be read with Kleo::getCryptoConfigEntry, so that we can check if an ADSK is actually configured to decide whether it makes sense to offer the "Add ADSK" action.

Kleopatra and likely also gpg have no way to know what products are listed in some approval document. And it would be very problematic to hard-code such a list in Kleopatra/gpg because it wouldn't be possible to update the list if new products are approved (which is very likely).

I have improved the heuristic for detecting light high-contrast themes. Upstreaming this is still open.

For the white high-contrast mode we use the normal (black) Breeze icons now. I think for Qt 5 that's all we can do with reasonable effort. For Qt 6/KF6 we have to revisit this anyway because a lot has changed (see T6932).

Selection with unpatched Qt:

I found the following in this file. This looks as if everything should stay as it is.

/* Note for Windows: Ignore the incompatible pointer type warning for
   my_read and my_write.  Mingw has been changed to use int for
   ssize_t on 32 bit systems while we use long.  For 64 bit we use
   int64_t while mingw uses __int64_t.  It does not matter at all
   because under Windows long and int are both 32 bit even on 64
   bit.  */

Looks good to me

Backported for VSD 3.3

@werner Shall this be backported?

The import option "only-pubkeys" works for me/Kleopatra.

Backported for VSD 3.3

@werner Shall this be backported to VSD 3.3? The changes look more dramatic than they are. I mostly reordered existing code.