I'll backport this for VSD 3.3 / Gpg4win 4.4.1. Regression risk is minimal.

T6109 is also closely related and I think it would be addressed by this ticket.

This addresses the same problem as T5950. We should either merge the tickets or just close T5950 (which was more of a support ticket and the reporter has fixed their problem) with reference to this ticket.

I tried to reproduce this with Gpg4win 4.4.0, but it worked for all PKCS#15 cards I tried (dark blue R&S, Genua, ipt.fraunhofer). As soon as the certificates were imported from the card (and a "Do you trust this root certificate" dialog was canceled) the buttons became enabled.

We have to take the list of OIDs to ignore into account that can be configured for gpgsm with ignore-cert-with-oid.

Fixed.

I also checked this on Windows 10 with light, dark and high contrast (theme No. 1) colors:

Fixed. After deleting the certificates belonging to the first two card slots the smartcard window shows

Kleopatra does now read the certificates from the card and import them itself instead of relying on gpgsm --learn-card.

Gpg4win-Beta-94: does not work here, but as the workaround still works, we have no regression. So I remove the vsd33 + gpgcom tag

Should probably be backported for VSD 3.3 because very likely this happens always when a new PKCS#15 card (with unknown certificates) is inserted. Workaround: Close and re-open the smart card window.

Yeah, it's a dilemma. How about if we use the narrower formatting everywhere only starting from 6 or 7 words in the English string? Or some count of characters?

Shall we use the narrower tooltips in general? I'm undecided. On one hand, we'd avoid an unholy mix of wider (but not too long) one-line tooltips (at least for English and maybe German) and narrower multi-line tooltips. On the other hand, I think the multi-line tooltips are too narrow and a narrow two-liner might look uglier than a slightly wider one-liner.

A bunch more improvements (for gpg4win 5.0):

Ready for testing. Note that you also need gpgme master.

We should show the original algorithm name instead of "Unknown algorithm" if we don't have a pretty name for it. This way we can show the Kyber algorithms without adding pretty names for them. T7397: Kleopatra: Support Kyber generation

FWIW, there is some code in gpa which uses the event counter. It was introduced with
rGPA936825b4b994cdf5900fc987abd9be7889989627

This seems to be QWizard-specific behavior. One more reason to port away from that

Should be ready for testing

Backported for VSD 3.3

This bugfix shall be backported for VSD 3.3 as discussed with ebo

For Beta-75 it looks similar judging from my first tries.

keep in mind https://dev.gnupg.org/T7217#193778 when tackling this task

I managed to get the same "loading certificate" message several times in a row on this test instance by stopping and starting Kleopatra in a row twice. After removing the Signature Card 2.0 this did not happen again in 5-6 tries, although I collected 2 lingering listing processes again (not both started on the same startup). Even import of a X.509 certificate worked.

Next I managed to have one gpg and one gpgsm process each left over from the last execution of Kleopatra.
After starting Kleopatra new anyway, again "loading certificate cache" and an additional pair of gpg and gpgsm listing processes start.

Had a occurrence of the never ending "loading certificate cache" issue again.
There was a leftover gpgsm process from the previous tests (although Kleopatra warned when I closed it, that processes still running in the background were there and would be aborted).

I'm now using the name "Compliance Check" for the test if no compliance is active/has been configured. I have also checked all other usages of DeVSCompliance::name() in libkleo and kleopatra to make sure it's only used if compliance is active.

If compliance is not active, the self-test dialog now shows the test for compliance with just "?" as the test name

Kleopatra shows this option in GnuPG System because gpgconf --list-options gpg-agent lists this option.

ALright, let's go with that latest version (rKLEOPATRAab32b52a6cf8)

High priority since it affects accessibility and was mentioned as problem in the accessibility reports.

This isn't really important at the moment.

Ctrl+A + Ctrl+C to copy to clipboard and Ctrl+V do paste isn't exactly super complicated for people who know how to use the clipboard. -> Low

We decided that Kleopatra should behave the same way as GnuPG when the user clicks "Wrong". Kleopatra should inform the user that the certificate has been marked as not trusted because of the wrong fingerprint.

As discussed today let's use the following heuristic:

• If we find a certificate for the recipient (sub)key in the key cache (ignoring ADSK subkeys) then list this certificate as recipient.
• Else: If we find a single certificate for the recipient (sub)key in the key cache (including ADSK subkeys) then list this certificate as recipient.
• Else: In a second pass, check if any of the already known recipient certificates has a(n ADSK) subkey matching the unknown recipient (sub)key. In this case list this recipient again (so that formatRecipientsDetails doesn't assume an unknown recipient).
• Else: Count the recipient as unknown.

The option can be enabled/disabled via the GnuPG System configuration in Kleopatra (Private Keys -> Disallow clients to mark keys as "trusted"), i.e. you don't have to edit gpg-agent.conf by hand.

@ebo Thank you for your continuous testing.

Unfortunately, this seems not to have ended the sporadic hangs.
I just saw a hanging initial keylisting with gpg4win-beta-70 which has gpg 2.4.6