Interesting. That means to replace hundreds of scripts in an average organization :-(.

Backported to 2.2 but not yes tested with 2.2

Can you please repeat this with gpg4win-5-beta using the keyboxd and also using the pubring.kbx (i.e. w/o use-keyboxd in common.conf)?

Sorry, I don't know Fedora packaging details. Please ask on gnupg-users for help if you want to build gpa yourself on that platform. This bug report is only read by very few people but on gnupg-users you can get the attention of several thousand users and developers.

Your first two issues are no issues. This is just usual output from a configure run.

Uses gpgme-2.0.0 with the above mentioned patches. I have seen no problems in my quick tests.

For the full fledged Windows installer see https://files.gpg4win.org/Beta/gpg4win-5.0.0-beta369/gpg4win-5.0.0-beta369.exe

Is that really the same bug? I would be interested in seeing a more detailed report. BTW, Windows or Linux? Used standard beta installer on Windows?

If this is indeed a bug it won't be fixed in gpg4win 4. Thus a test with gpg4win 5 beta is highly appreciated. It would also be interesting to see what what version of gpg comes with Git.

Note that disabling Auto-preview is not the default and has only been implemented to work around severe performance degradation with certain MalwareAnti-Virus software.

In contrast to gnupg22 master did not proper show OCB compliance - not everything has yet been forward ported. But we can do so now and test master by setting GNUPG_ASSUME_COMPLIANCE=de-vs

We will do a new gpg4win beta soon.

re 1: Only if the option --auto-key-upload is used/configured.
re 2: Do not configure --auto-key-upload but give it on the command line.
re 3: Do not use --auto-key-upload - maybe I should add a --no-auto-key-upload option.

@gniibe: Now that we use the KEM API, how do we proceed with this ticket?

The problem here is that we don't have the sha-2 fingerprint in our SQL tables. Thus we would not only need to do a full table search but also parse the actual blob to compute the sha-2 fingerprint.

We should change the key binding time from the ADSK creation time to the current time or the time the other self-signatures use.

I have done testing using my QES certificate with all combinations of the two options.

The culprit seems to be commit rO6cb4ccf4d8db03e9922984d9c5f5bf7f8806954d but a brief inspection does not show any problematic code. Thus this might be due to an Outlook peculiarity.

You may also specify a mail address in which case gpg tries to find the best matching key. For example the latest key with that mail address. See gnupg/g10/getkey.c:get_best_pubkey_byname

Thanks for reporting/requesting.

I see from your other report that you are running a proper libgcrypt. But I think I spotted the bug: ECC+Kyber should not be displayed when adding a key. It is used for creating a new key ECC as primary and Kyber as subkey.

Nope: There are many different error codes returned, Kleopatra may want to map them to a common one.

Can you please try with gpg4win-5 beta: https://www.gpg4win.org/version5.html this makes it easier for us to see the reason. Deinstall gpg4win first and note that version5 is 64 bit and installed under Program Files (w/o (x86)). If it still does not work please add