Ok with me. setting this to resolved, then.

keep in mind https://dev.gnupg.org/T7217#193778 when tackling this task

I like it better than the very long tool tip.

Changed in https://invent.kde.org/pim/kleopatra/-/merge_requests/316

Testing the removal of the appearance flag from this filter leads to this situation:

Hm, probably I would be for the html-tags, then. Is there an example where one could see how narrow tool tips really get with that option?

We shouldn't have to add explicit line breaks. Explicit line breaks will lead to bad formatting (German: Flattersatz) for people who use huge font sizes (a11y!) and Qt will wrap long tool tips so that they won't become wider than the screen. Alternatively, we wrap the tool tips (in the code that sets the tool tips) into <html> tags. Then (for whatever reason) Qt will make the tool tips much narrower. (Some people think too narrow, but we have to die one death.)

Fixed in https://invent.kde.org/pim/libkleo/-/merge_requests/163

setting this to open for the small fix in the tooltip.
I suggest as new text:
"Disabled certificates are not offered when selecting a certificate to sign with or to encrypt for.\nThey are not shown in the certificate list with most filters."
And I think there should be an additional newline somewhere, as I was shown a much too long tool tip. The German text is not that much longer…

Removing the appearance filter won't fix own disabled certificates not being bold; the problem here is that the "My certificates" filter doesn't trigger at all anymore for disabled certificates

Agree with removing the appearance filter

Yeah. so lets ditch that appearance filter. But that's for ticket T7217. So I'm setting this ticket to done for 4win.

You mean that a disabled certificate with secret key isn't listed with bold font? That's probably because we have an appearance filter for disabled certificates which takes precedence.

I agree that it doesn't make sense anymore because we never show disabled and not-disabled certificates next to each other.

Gpg4win-Beta-70:
Looks ok.

Gpg4win-Beta-70:
There is an appearance filter for disabled certificates now.
Though I wonder if it is really necessary / useful, as we now have regular filters, too. I would have thought we only need the regular filters. I think the appearance filter was to be a stopgap as we did not want to touch the filters at the time when this ticket was created.
What do you say?

Gpg4win-Beta-70:
All 4 items in the task description are realized as described.

gpg4win-Beta-70: works.
I disabled a certificate, it was not shown anymore in the "all" view. Change to the "Disabled" filter and enabled it again -> it shows again with the "All" filter.
Disabling a private certificate does not allow it for signing and not for encrypting to it. It is also not offered for these any more.
But verifying files which were signed by it works.

I managed to get the same "loading certificate" message several times in a row on this test instance by stopping and starting Kleopatra in a row twice. After removing the Signature Card 2.0 this did not happen again in 5-6 tries, although I collected 2 lingering listing processes again (not both started on the same startup). Even import of a X.509 certificate worked.

Next I managed to have one gpg and one gpgsm process each left over from the last execution of Kleopatra.
After starting Kleopatra new anyway, again "loading certificate cache" and an additional pair of gpg and gpgsm listing processes start.

Had a occurrence of the never ending "loading certificate cache" issue again.
There was a leftover gpgsm process from the previous tests (although Kleopatra warned when I closed it, that processes still running in the background were there and would be aborted).

In T7379#193696, @ikloecker wrote:

I assume by "do such things in the background" you mean that GnuPG should do this automatically in the background.

SCD SERIALNO serialno can move the first card in the list in scdaemon.

I assume by "do such things in the background" you mean that GnuPG should do this automatically in the background.

@ikloecker Using scdaemon with multiple cards, it is a connection which holds the card.

Support for NKS (Telesec NetKey card and Signature card v2, both based on TCOS) is very old and predates the support for multiple applications. They are also not as well separated as with Yubikey applications. Thus the auto switching between the NKS app and the SigG app.

@ikloecker Thank you sharing the problem. I don't know much aboug NKS card.

The whole learn-card thing is more a hack than a solid way to make cards known. We should do such things in the background when a new card has been seen.

I cannot reproduce the crash anymore. I guess this was fixed with the fix of T7372: Kleopatra: Crash when unplugging smartcard while operation is in progress. I'll close this ticket as duplicate of T7372.

@ebo I suspect that we want to fix this crash also for VSD 3.3 (if it is still reproducible). I found this ticket by accident while searching for READKEY.

I haven't added any project tags because I'm not sure for which projects this is relevant. Since GnuPG 2.2 doesn't support multiple smartcards it's likely not relevant for VSD 3.3.

@gniibe It seems that a keylisting (with gpg and gpgsm) interferes with a READKEY --card --no-data -- NKS-NKS3.4571 gpg-agent command and makes it hang until scdaemon is killed.

It looks as if a keylisting interfered with a gpg-agent/scdaemon command.

48458.670390	2024/11/06 12:43:04.238	5772	kleopatra.exe	org.kde.pim.kleopatra: ReaderStatusThread[GUI]::ping()

^ update of the smart cards is requested

48458.670695	2024/11/06 12:43:04.238	5772	kleopatra.exe	org.kde.pim.kleopatra: ReaderStatusThread[2nd]: new iteration command= "__update__"  ; nullSlot= true

^ background thread starts update of the smart cards

48459.147743	2024/11/06 12:43:04.728	5772	kleopatra.exe	org.kde.pim.kleopatra: ReaderStatusThread[GUI]::ping()

^ another update of the smart cards is requested (the request is queued)

48464.804883	2024/11/06 12:43:10.393	5772	kleopatra.exe	org.kde.pim.kleopatra: ReaderStatusThread: Card "89490171500022806460" with app "nks" was added
48464.805095	2024/11/06 12:43:10.393	5772	kleopatra.exe	org.kde.pim.kleopatra: ReaderStatusThread: Card "D2760001240100000006154932910000" with app "openpgp" was added
48464.807483	2024/11/06 12:43:10.393	5772	kleopatra.exe	org.kde.pim.kleopatra: ReaderStatusThread: Card "D2760001240100000006154932910000" with app "piv" was added

^ the background thread completed the update of the smart cards and found three card apps

48464.811286	2024/11/06 12:43:10.393	5772	kleopatra.exe	org.kde.pim.kleopatra: ReaderStatusThread[2nd]: new iteration command= "__update__"  ; nullSlot= true

^ background thread starts another update of the smart cards

48464.924701	2024/11/06 12:43:10.492	5772	kleopatra.exe	org.kde.pim.kleopatra: ReaderStatusThread[GUI]::learnCardsCMS()

^ learn cards is requested (and queued) -> Kleopatra shows the progress overlay

48465.796319	2024/11/06 12:43:11.291	5772	kleopatra.exe	org.kde.pim.libkleo: KeyCache::RefreshKeysJob start

^ a keylisting is started (OpenPGP and S/MIME)

48467.549251	2024/11/06 12:43:12.874	5772	kleopatra.exe	org.kde.pim.libkleo: sendStatusLinesCommand "SCD LEARN --force" : got ( status( "READER" ) = "SCM Microsystems Inc. SPRx32 USB Smart Card Reader 0"
[...]
48467.550423	2024/11/06 12:43:12.875	5772	kleopatra.exe	org.kde.pim.libkleo: sendCommand "READKEY --card --no-data -- NKS-NKS3.4531"
48467.895485	2024/11/06 12:43:13.187	5772	kleopatra.exe	org.kde.pim.libkleo: sendStatusLinesCommand "READKEY --card --no-data -- NKS-NKS3.4531" : got ( )
48467.896400	2024/11/06 12:43:13.188	5772	kleopatra.exe	org.kde.pim.libkleo: sendCommand "READKEY --card --no-data -- NKS-NKS3.45B1"
48468.209551	2024/11/06 12:43:13.471	5772	kleopatra.exe	org.kde.pim.libkleo: sendStatusLinesCommand "READKEY --card --no-data -- NKS-NKS3.45B1" : got ( )
48468.209660	2024/11/06 12:43:13.471	5772	kleopatra.exe	org.kde.pim.libkleo: sendCommand "READKEY --card --no-data -- NKS-NKS3.4571"

^ the background thread sends multiple commands to gpg-agent to gather information about the smart cards
^ the last READKEY command seems to hang

48468.598283	2024/11/06 12:43:13.822	5772	kleopatra.exe	org.kde.pim.libkleo: Kleo::KeyCache::RefreshKeysJob(0x63ccba8) RefreshKeysJob::done

^ the keylisting is done

Backported for VSD 3.3

Canceling the password prompt is now handled correctly, i.e. the operation is aborted without further feedback.

ok, looks good, Gpg4win-Beta-70:

Ok, gpg4win-Beta-70. Looks like this now:

This works with gpg4win-beta-70.

This has also been reported at https://bugs.kde.org/show_bug.cgi?id=477798 (although there a crash occurs). Porting the command to gpgme didn't help, but the remaining problems are in gpg and/or gpgme.

Thanks.

Fixed and backported for VSD 3.3

I'm now using the name "Compliance Check" for the test if no compliance is active/has been configured. I have also checked all other usages of DeVSCompliance::name() in libkleo and kleopatra to make sure it's only used if compliance is active.

Fixed and backported for VSD 3.3

If compliance is not active, the self-test dialog now shows the test for compliance with just "?" as the test name

Tested with Gpg4win-Beta-70: works for changing expiry date as well as key creation

Looking at the Windows "Problem reports" I saw that it lists many crashes of Kleopatra since 2024-06-19. An older Kleopatra (gpg4win-4.3.2-beta15, built on 2024-04-16) does not crash on exit. The next Kleopatra (gpg4win-4.3.2-beta23, built on 2024-07-05) does crash on exit. The reports point to the libkleo DLL.

In Gpg4win-Beta-70 it looks like this (audit log is redirected):

Tested with 4win-beta-64. In the subkey tab of the details of a secret key there is now an option "Add ADSK" in the burgher menu, iff the option default-new-key-adsk is set.

Kleopatra shows this option in GnuPG System because gpgconf --list-options gpg-agent lists this option.

ALright, let's go with that latest version (rKLEOPATRAab32b52a6cf8)

High priority since it affects accessibility and was mentioned as problem in the accessibility reports.

This isn't really important at the moment.

Ctrl+A + Ctrl+C to copy to clipboard and Ctrl+V do paste isn't exactly super complicated for people who know how to use the clipboard. -> Low

Applied Tobias installation patch to gpg4win master (vsd33)

We decided that Kleopatra should behave the same way as GnuPG when the user clicks "Wrong". Kleopatra should inform the user that the certificate has been marked as not trusted because of the wrong fingerprint.