Yeah, it's a dilemma. How about if we use the narrower formatting everywhere only starting from 6 or 7 words in the English string? Or some count of characters?

Shall we use the narrower tooltips in general? I'm undecided. On one hand, we'd avoid an unholy mix of wider (but not too long) one-line tooltips (at least for English and maybe German) and narrower multi-line tooltips. On the other hand, I think the multi-line tooltips are too narrow and a narrow two-liner might look uglier than a slightly wider one-liner.

A bunch more improvements (for gpg4win 5.0):

Ready for testing. Note that you also need gpgme master.

We should show the original algorithm name instead of "Unknown algorithm" if we don't have a pretty name for it. This way we can show the Kyber algorithms without adding pretty names for them. T7397: Kleopatra: Support Kyber generation

FWIW, there is some code in gpa which uses the event counter. It was introduced with
rGPA936825b4b994cdf5900fc987abd9be7889989627

This seems to be QWizard-specific behavior. One more reason to port away from that

Should be ready for testing

Backported for VSD 3.3

This bugfix shall be backported for VSD 3.3 as discussed with ebo

For Beta-75 it looks similar judging from my first tries.

keep in mind https://dev.gnupg.org/T7217#193778 when tackling this task

I managed to get the same "loading certificate" message several times in a row on this test instance by stopping and starting Kleopatra in a row twice. After removing the Signature Card 2.0 this did not happen again in 5-6 tries, although I collected 2 lingering listing processes again (not both started on the same startup). Even import of a X.509 certificate worked.

Next I managed to have one gpg and one gpgsm process each left over from the last execution of Kleopatra.
After starting Kleopatra new anyway, again "loading certificate cache" and an additional pair of gpg and gpgsm listing processes start.

Had a occurrence of the never ending "loading certificate cache" issue again.
There was a leftover gpgsm process from the previous tests (although Kleopatra warned when I closed it, that processes still running in the background were there and would be aborted).

I'm now using the name "Compliance Check" for the test if no compliance is active/has been configured. I have also checked all other usages of DeVSCompliance::name() in libkleo and kleopatra to make sure it's only used if compliance is active.

If compliance is not active, the self-test dialog now shows the test for compliance with just "?" as the test name

Kleopatra shows this option in GnuPG System because gpgconf --list-options gpg-agent lists this option.

ALright, let's go with that latest version (rKLEOPATRAab32b52a6cf8)

High priority since it affects accessibility and was mentioned as problem in the accessibility reports.

This isn't really important at the moment.

Ctrl+A + Ctrl+C to copy to clipboard and Ctrl+V do paste isn't exactly super complicated for people who know how to use the clipboard. -> Low

We decided that Kleopatra should behave the same way as GnuPG when the user clicks "Wrong". Kleopatra should inform the user that the certificate has been marked as not trusted because of the wrong fingerprint.

As discussed today let's use the following heuristic:

• If we find a certificate for the recipient (sub)key in the key cache (ignoring ADSK subkeys) then list this certificate as recipient.
• Else: If we find a single certificate for the recipient (sub)key in the key cache (including ADSK subkeys) then list this certificate as recipient.
• Else: In a second pass, check if any of the already known recipient certificates has a(n ADSK) subkey matching the unknown recipient (sub)key. In this case list this recipient again (so that formatRecipientsDetails doesn't assume an unknown recipient).
• Else: Count the recipient as unknown.

The option can be enabled/disabled via the GnuPG System configuration in Kleopatra (Private Keys -> Disallow clients to mark keys as "trusted"), i.e. you don't have to edit gpg-agent.conf by hand.

@ebo Thank you for your continuous testing.

Unfortunately, this seems not to have ended the sporadic hangs.
I just saw a hanging initial keylisting with gpg4win-beta-70 which has gpg 2.4.6

Kleopatra (master; KF6)

https://invent.kde.org/pim/kleopatra/-/merge_requests/309

ok, I confirm that this is removed in 4win-beta-70 and update the tags

Kleopatra now asks the same questions as the GnuPG backend. The choices the user can make are a bit different because the user already told Kleopatra that they want to trust (or distrust) a root certificate. Therefore, the first dialog only has "Yes" and "Cancel". And the fingerprint dialog (which is only shown for Trust but not for Distrust) only has "Correct" and "Wrong". Another difference is that in GnuPG clicking "Wrong" makes GnuPG mark the certificate as untrusted (which is a bit surprising). In Kleopatra the certificate is left unchanged if the user selects "Wrong".

If gpg-agent's option "no-allow-mark-trusted" is set then the actions "Trust root certificate" and "Distrust root certificate" won't be available. If the option is set while Kleopatra is running then it needs to be restarted to get rid of the actions. If one tries to use the actions then Kleopatra will tell you that you are not allowed to do this. Similarly one needs to restart Kleopatra to make the action available again after the option was unset.

Fix backported to 2.4

Passing ticket to werner to consider backports.

The new API isn't used anywhere. For now it can only be tested with the test runners. -> setting to resolved

Note for testing:
If the environment variable GNUPG_ASSUME_COMPLIANCE is set to "de-vs" and de-vs compliance is enabled then Kleopatra should show "VS-NfD compliant (beta)" instead of "VS-NfD compliant" everywhere. ("Not VS-NfD compliant" doesn't get the (beta) suffix.)

This is related to T6072: Kleopatra: Display "gpgconf -X"