You mean that a disabled certificate with secret key isn't listed with bold font? That's probably because we have an appearance filter for disabled certificates which takes precedence.

Gpg4win-Beta-70:
Looks ok.

Gpg4win-Beta-70:
All 4 items in the task description are realized as described.

gpg4win-Beta-70: works.
I disabled a certificate, it was not shown anymore in the "all" view. Change to the "Disabled" filter and enabled it again -> it shows again with the "All" filter.
Disabling a private certificate does not allow it for signing and not for encrypting to it. It is also not offered for these any more.
But verifying files which were signed by it works.

@TobiasFella prepared the installation in https://dev.gnupg.org/rW9218ebfb7c01478a6fa7b2892fec4d9fd83ba273 . I left some comments on this commit.

right. the installer needs to install kleopatradebugcommandsrc next to libkleopatrarc

• Name is now: "Show GnuPG Configuration"
• When I choose that, the window which opens has a title and a close button, the file extension on saving is .txt

I've checked and can confirm this is working as intended.

Kleopatra just checks if the option "default-new-key-adsk" is set (i.e. it doesn't matter if it's an option with scalar value or list value). The other two options that were changed are not used by Kleopatra.

Alright, finally supported by gpgme (fot 1.24) For testing you may use

Solved for gnupg 2.2, 2.4 and 2.6. GPGME support still missing.

I created a branch: https://dev.gnupg.org/source/libgcrypt/history/gniibe%252Ft7340/

Autoconf archive has AX_TLS: https://www.gnu.org/software/autoconf-archive/ax_tls.html
Also, AX_GCC_VAR_ATTRIBUTE(tls_model) could be used: https://www.gnu.org/software/autoconf-archive/ax_gcc_var_attribute.html

I do not want to do that for 2.2.45 (T7255) because we want to do that release RSN

Test on a dedicated Windows box (T 460, i5-6300U@2.40GHz, harddisk):

Overall effect of these changes tested on a small Windows VM is only 47 -> 26 seconds. Did also tests with --kbx-buffer-size but that does not make it better than the default, either.

Backported for VSD 3.3 together with changes made for T6666.

Will be available in 2.2.45 and 2.5.2

Now we are at 4 seconds. Available in master and 2.2.

With that patch we are down to about 6 seconds.

I see only links to our own pages and to the emailselfdefense - which is a good resource.

Note: The code for this is in the work/mmontkowski branch but has not yet been merged with master. Before we take this bug up again, we need to look closer at the ribbon UI events as remarked by Andre on July 29.

I don't think it makes sense to add such a feature/bug fix to the old versions.

ok. For the tooltip I would now favor the same addition to all current tool tips where it applies:
"(w/o disabled ones)", e.g. "All certificates (except disabled ones)".

I would exclude them.

What about all other filters? For example "Not Certified", "Not Fully Certified", "My Own", "OpenPGP"? Should the disabled certificates also be excluded for those filters?

ok, discussed this with Werner and Alexander, result was:

Setting to Testing and WiP to reflect status of the subtasks and to get it removed from the Open Tasks list.

This was implemented by Tobias

Given that we backported it to gnupg22 we should go ahead and implement that flag. For example: if the flag is set for any root CA we will show compliance only if that flag is set for the specific root CA. This way we can introduce this feature w/o too much backward incompatibility. We could also hide the feature behind a compatibility flag. There is no reason why we should not add the de-vs trustlist flag to our vsd configuraion files, right away.

This has now been implemented for gnupg26 for public key encryption. However, symmetric key encryption, a man page, and the gpgme support are missing right now.

In T4060#190972, @werner wrote:

We need a way to pass --known-notation to gpgme_op_verify

We need a way to pass --known-notation to gpgme_op_verify

So we need a way to launch scdaemon via userv and make sure that the scdaemon user gives proper permissions to its socket file. gpg-agent also nees to check for a proper version of scdaemon and gpgme needs to be aware of this as well (if it want to directly connect to scdaemon).

Also added a new gpgme context flag "proc-all-sigs" and a --porc-all-sigs option to gpgme's run-verify.c tool.

The new option `--proc-all-sigs' will be available in 2.5.1, 2.4.6, and 2.2.45.

I made a ticket on bugzilla with ready-made tests for S/MIME, but on close inspection a different structure appears for S/MIME and another for qualified signature (openssl could not verify token extracted from CAdES-BASELINE-T signature). However, these tests can be very useful.