a) and b) are both entirely gpg's responsibility. I'm using --status-fd 2 --command-fd 2 to see which messages would be passed to/parsed by gpgme.

$ gpg --version
gpg (GnuPG) 2.4.8-beta10

The point here is that I tried to reset with the resetting code, not with the Admin PIN.
As you said we do have an error code for the wrong reset code. Which does not come up.

We do not have an error code for Admin PINs. The Admin PIN is also an OpenPGP card specific termm and other cards use different terms. For example a NKS has no Admin PIN at all but an alternative PIN.

With Gpg4win-Beta60 before the Gpg4win 4.4. release it was "reset code", see https://dev.gnupg.org/T5960#191665, seems there was a change after that

New API gpgme_op_random_bytes is now in master (gpgme 2.0). Use tests/run-genrandom --help for testing. Extra features will come soon.

Remarks:

• This works now on Windows and with the AppImage. This was achieved by customizing the internal application name of Kleopatra: kleopatra-vsd for GnuPG VS-Desktop, kleopatra-gpd for GnuPG Desktop, kleopatra for everything else.
• As a side effect the different flavors of Kleopatra now use different names for the main config file and for the state file, i.e. Gpg4win uses kleopatrarc and kleopatrastaterc, GnuPG VS-Desktop will use kleopatra-vsdrc and kleopatra-vsdstaterc, and GnuPG Desktop will use kleopatra-gpdrc and kleopatra-gpdstaterc.
• The internal application name is also used for config entries retrieved from the registry. That means that for VSD and GPD different registry paths are used in future releases.
• Testing on Windows requires T7040: Make it possible to install GnuPG VSD and GPD in parallel.

Some remarks:

• All Kleopatras use GNUPGHOME/kleopatra for the config files, but they use different names for the main config file and for the state file, i.e. Gpg4win uses kleopatrarc and kleopatrastaterc, GnuPG VS-Desktop will use kleopatra-vsdrc and kleopatra-vsdstaterc, and GnuPG Desktop will use kleopatra-gpdrc and kleopatra-gpdstaterc. That's a side effect of the changes for T7528: Make it possible to run Kleopatra VSD and Kleopatra GPD in parallel where the internal application name is set to kleopatra, kleopatra-vsd or kleopatra-gpd for the different flavors.
• The Kleopatra configuration files are not migrated to the new location. (The group configuration should already have been migrated.)

By the way, this also works for different GNUPGHOME. Tested with a gpgconf.ctl file with content gnupg = gnupg-gpd next to gpgconf.exe.

Kleopatra now writes/reads all config files to/from GNUPGHOME/kleopatra.

The button for "Encrypt to others" is gone:

You have imported a certificate with secret key.

You have imported a certificate with secret key.

Fingerprint: XXX
User ID: ABC

Here are some ideas:

Also, we should not forget the context of the whole dialog in the window. So we get the wording right, especially regarding key / certificate.

"Exclusive user" sounds a bit odd and could still be misinterpreted. A native speaker would probably say "Are you the sole user of this secret key?“ or (even better and shorter) "Are you the only user of this secret key?"

Background of my "reminder" comment: we were discussing to establish a sane workflow for sharing keys. Which is quite commonly done e.g. for functional mail addresses, but usually people seem to share the whole secret key which is not advisable. We would want people to only share subkeys for that purpose.
It was the case that somebody gets a subkey for such an "offline" primary for the first time which I was thinking of.

Details should be the first action (since it's likely the most often used action by people who don't know about double-click). And I'd move the "destructive actions" to the bottom. And there are way to many separators.

In T7502#198141, @ebo wrote:

Reminder: we have to keep in mind the workflow of the import of secret subkeys. Do we need different behavior conditional on "is primary key present" or not?

Reminder: we have to keep in mind the workflow of the import of secret subkeys. Do we need different behavior conditional on "is primary key present" or not?

With my initial suggestions, modified by:

Another thing (should definitely go into a new ticket if we want to do something regarding this):

Okay. We now replace the standard Breeze icon of kleopatra with the red head for vsd and with a new blue head for gpd. The replacements are used for the About action and in the About dialog, but kwin (X11) insists on using the standard icon as window icon. And the system tray also shows the standard symbolic Breeze icon instead of the replacements. strace shows that the replacement icons embedded in the AppImage are loaded. No idea why kwin and the system tray still use the standard icons.

Shorter version:

Possible explanation text for the user regarding the background of the question (probably to long):

FWIW, for gpd and vsd we should use a different icon (blue head for gpd and red head for vsd)

Kleopatra with Breeze style:

I would keep the "create group", too.

In T7515#198012, @alexk wrote:

Regarding the suggest list I would change the following:
but keep:

• Enable/Disable Certificate

Regarding the suggest list I would change the following:

Needs to be tested/verified by other developers. In short you do

./autogen.sh
cd packages
./download.sh
cd ..
./build.sh --appimage --builddir=...

If you omit the --builddir=... option then ~/b/SRCDIRNAME-appimage will be used.

Building an AppImage including Kleopatra and Okular works now (again) in the gpg4win-5-branch.

aheinecke: Yeah, but I did quite some changes to build.sh for a real out-of-source build (w/o copying files)

Just so that its not overlooked and you are meaning something different. But I had the Qt6 / KF6 branch working with the --appimage parameter.

Fixed.

In T7515#197774, @TobiasFella wrote:

I'd suggest removing:

I'd suggest removing:

If a single OpenPGP certificate is updated then we now show the same detailed information for the update from WKD as for the update from a keyserver, i.e. if the certificate didn't change via WKD then we say so.

I think there's some confusion.

changed the workboard to gpd5x as this is still the case in Gpg4win 5.0-Beta versions.