It's now possible to build the Qt 5 bindings and the Qt 6 bindings in the same build. In fact, it's the new default (if the needed Qt libraries are found).

It's not tagged vsd33 and I didn't plan to backport this since it depends on other changes (T6787) that are master-only.

Similarly, the table for NetKey cards.

For first feedback on the new slot/certificate table.

This behavior of the encrypt-to-others input field is intended. It avoids "Multiple matching certificates or groups found" errors if there is one current (good) certificate and one (or more) old expired certificates for an email address. There's a button to open a dialog listing all certificates so that the user can find a certificate they are missing in the input list's completion list. I think this is an acceptable compromise between making all certificates discoverable (even expired or revoked ones) and offering not too many irrelevant certificates. When the user selects a bad certificate in the selection dialog we should probably show a note that this certificate cannot be used instead of showing "Error: No matching certificates or groups found".

Just a small addendum to what Andre wrote: Obviously, no tab should be shown if nothing was imported (i.e. numConsidered is 0).

The final (known) encoding problem with broken umlauts in German error descriptions should be fixed.

The ticket mentioned in the previous comment is T7190: Kleopatra: wrong claim of update in WKD for keys with no mail address.

If one or more keys are refreshed and none of the keys has non-revoked user IDs with email addresses then Kleopatra shouldn't report a result for WKD anymore.

Backported for VSD 3.3.

This should be tested as part of testing T5960 by checking that the German error description "Falscher Rückstellcode" is shown after entering a wrong reset code (PUK) for an OpenPGP smart card (https://dev.gnupg.org/T5960#188013).

Using/setting a value of 2 would work for Kleopatra.

Mark for backport to VSD 3.3

Done. Not relevant for VSD 3.3 because there we use a much newer GpgME anyway.

Some logs after entering a wrong reset code (PUK) for an OpenPGP smart card.

404.228467	2024/05/27 15:56:17.987	8056	kleopatra.exe	org.kde.pim.libkleo: sendCommand "SCD PASSWD --reset OPENPGP.2" failed: "Falscher R?ckstellcode" (code: 322, source: SCD)
404.230320	2024/05/27 15:56:17.987	8056	kleopatra.exe	org.kde.pim.libkleo: errorAsString gettext_use_utf8(-1) returns 1
404.230596	2024/05/27 15:56:17.987	8056	kleopatra.exe	org.kde.pim.libkleo: errorAsString error: Falscher R?ckstellcode
404.231068	2024/05/27 15:56:17.987	8056	kleopatra.exe	org.kde.pim.libkleo: errorAsString error (percent-encoded): "Falscher%20R%FCckstellcode"
404.231182	2024/05/27 15:56:17.987	8056	kleopatra.exe	org.kde.pim.kleopatra: ChangePinCommand::slotResult(): "Falscher R?ckstellcode" ( 322 )
404.231315	2024/05/27 15:56:17.987	8056	kleopatra.exe	org.kde.pim.libkleo: errorAsString gettext_use_utf8(-1) returns 1
404.231428	2024/05/27 15:56:17.987	8056	kleopatra.exe	org.kde.pim.libkleo: errorAsString error: Falscher R?ckstellcode
404.231850	2024/05/27 15:56:17.987	8056	kleopatra.exe	org.kde.pim.libkleo: errorAsString error (percent-encoded): "Falscher%20R%FCckstellcode"

Re 2.:

• I think expired user IDs should also be offered. Otherwise, people who forgot to extend the validity of their certificate won't find their certificate. Usability-wise it's better to offer the certificate and show a notice that the selected certificate has expired. I wouldn't differentiate between primary and additional user IDs.

In general, I question the usefulness of the tool tip for the certificate list. The information in the table is already very detailed and for more details there's the details view. Important information that's missing in the table shouldn't be hidden in the tool tip.

I guess we want to backport the above change for VSD 3.3.

First mock of new UI for PIV

As I wrote "That the first result is selected is a side effect of making the certificate list more accessible." and "When the lookup finished, then the certificate list gets focus so that the users can immediately interact with the result."

This also works for VSD 3.3 (because the required changes/patches are in gpg4win).

Fixed and backported for VSD 3.3.

I noticed a bug in the group config migration: T7181

The option "default-new-key-adsk" of gpg can now be read with Kleo::getCryptoConfigEntry, so that we can check if an ADSK is actually configured to decide whether it makes sense to offer the "Add ADSK" action.

Kleopatra and likely also gpg have no way to know what products are listed in some approval document. And it would be very problematic to hard-code such a list in Kleopatra/gpg because it wouldn't be possible to update the list if new products are approved (which is very likely).

I have improved the heuristic for detecting light high-contrast themes. Upstreaming this is still open.