Interesting. I also wasn't able to reproduce this anymore, although I even created a new VM to make sure this is reproducible in a clean setup (and it was reproducible every time).
After restart of windows, it is reproducible again. This is the debugview output for an import without status update:
Feed Advanced Search
Jan 6 2026
Jan 6 2026
timegrid added a comment to T8015: Kleopatra: Status in certificate list not updated after import.
timegrid moved T7272: Kleopatra: Look up missing OpenPGP certificates for card keys from QA to Done on the gpd5x board.
Looks good to me on gpg4win-5.0.0-beta479 @ win11.
• ikloecker added a comment to T8015: Kleopatra: Status in certificate list not updated after import.
I cannot reproduce this on Linux. Here I see that the file system watcher notices that trustdb.gpg was changed and triggers a keylisting.
• ikloecker added a comment to T8015: Kleopatra: Status in certificate list not updated after import.
Also: What happens if you cancel the ownership question and then change the owner trust of the key on the command line?
• ikloecker added a comment to T8015: Kleopatra: Status in certificate list not updated after import.
Please attach the log output of Kleopatra
timegrid moved T7937: Kleopatra: Screenreaders stay silent when smartcard window is opened from QA to Done on the gpd5x board.
Done
- progress/busy indicator shown (probably also read, but loading was too fast, so it skipped the text)
alt+m Manage Smart Cards - Kleopatra window Loading smart cards... tab control OpenPGP - 0005 00009D58 tab Alt+ O
timegrid added a comment to T8017: Okular: Hang on signature with smime cert and distrusted root.
Maybe it would be better to just not offer S/MIME certs with distrusted root cert?
svuorela added a comment to T6731: Default save dir in okular/windows is wrong.
Note: It does not seem to be possible to open a pdf from an URL, at least not via CLI okular.exe <URL> (it says Unknown protocol 'https').
timegrid moved T7285: Okular: Improvement of error messages regarding signatures from QA to WIP on the gpd5x board.
I tried to get any error response but found those issues instead:
• ikloecker changed the status of T8014: Kleopatra: Incorrect handling of unset keyserver in configuration dialog from Open to Testing.
Fixed.
timegrid added a comment to T8017: Okular: Hang on signature with smime cert and distrusted root.
If all processes are killed before okular is opened, i get an error on "finish signing":
timegrid added a comment to T8017: Okular: Hang on signature with smime cert and distrusted root.
gpgsm.log (debug-all, whole process of signing)
timegrid moved T6731: Default save dir in okular/windows is wrong from QA to Done on the gpd5x board.
Looks good to me on gpg4win-5.0.0-beta479 @ win11. The default path is now the same as the path of the opened file:
• werner added a comment to T1825: Add a re-encrypt to additional key.
Regarding my comment T1825#191055 : The mane page has long been updated and gpgme support is also available. For the symmetric session key, see the feature request T8016
Looks good to me on gpg4win-5.0.0-beta479 @ win11:
- gpg --show-only-session-key --decrypt FILE shows only the session key
- gpg --add-recipients -r UID1 FILE adds recipients (tested with one or more uids)
- gpg --change-recipients -r UID FILE changes the recipients (tested with one or more uids)
timegrid moved T7983: gpg: the validity of a secret key is changed by making a certification with it from QA to Done on the gnupg26 board.
timegrid moved T7983: gpg: the validity of a secret key is changed by making a certification with it from QA to Done on the gpd5x board.
Looks good to me on gpg4win-5.0.0-beta479 @ win11.
I can't reproduce ebo's nor pl13's issue.
• ebo moved T6731: Default save dir in okular/windows is wrong from Backlog to QA on the gpd5x board.
• ebo moved T7285: Okular: Improvement of error messages regarding signatures from Backlog to QA on the gpd5x board.
• ebo moved T7983: gpg: the validity of a secret key is changed by making a certification with it from Backlog to QA on the gpd5x board.
• ebo moved T7983: gpg: the validity of a secret key is changed by making a certification with it from Backlog to QA on the gnupg26 board.
• ikloecker moved T8014: Kleopatra: Incorrect handling of unset keyserver in configuration dialog from Backlog to WIP on the gpd5x board.
• ebo moved T7427: Kleopatra: Crash after decryption if files has an embedded file name from Backlog to QA on the gpd5x board.
• ikloecker triaged T8014: Kleopatra: Incorrect handling of unset keyserver in configuration dialog as Normal priority.
• ebo moved T7439: Kleopatra: DecryptVerifyFilesDialog crashes when output folder does not exist from Backlog to QA on the gpd5x board.
• ebo moved T7549: Kleopatra: crash on click in certificate extension dialog from Backlog to QA on the gpd5x board.
• ikloecker changed the status of T7772: Kleopatra: Config option - only allow upload of certificates with private key to LDAP keyserver from Open to Testing.
Backported for VSD 3.4
• ikloecker added a comment to T7772: Kleopatra: Config option - only allow upload of certificates with private key to LDAP keyserver.
The option
[Export] AllowPublicKeyUpload=true
has been added. If this option is disabled (i.e. set to false) then Kleopatra only allows the upload of OpenPGP keys for which the user has the secret key.
Jan 5 2026
Jan 5 2026
• ikloecker changed the status of T7848: Kleopatra: Remove whitespace from suggested export filename from Open to Testing.
Backported for VSD 3.4
• ikloecker added a comment to T7848: Kleopatra: Remove whitespace from suggested export filename.
Fixed everywhere where we export some certificate or public/secret (sub)key. Additionally, to space characters we also replace /, \, and : everywhere in the (proposed) file names now.
• ikloecker changed the status of T7637: Kleopatra: certifications by available secret key which is *not* set to "ultimate" owner trust are disregarded from Open to Testing.
Fixed and backported for VSD 3.4
timegrid moved T7730: gpg: retrieve a certificate from an LDAP server before sending it to the LDAP server from QA to Done on the gnupg26 board.
timegrid moved T7730: gpg: retrieve a certificate from an LDAP server before sending it to the LDAP server from WIP to Done on the gpd5x board.
The problem was the keyserver configuration, which does not include a scheme (ldap:):
keyserver ldap.gnupg.test:389:uid=LordPrivySeal,ou=GnuPG Users,dc=gnupg,dc=test:pass:dc=gnupg,dc=test:
• ikloecker added a comment to T6453: Kleopatra: Show isQualified in Certificate details if true.
What does gpgsm -k --with-colons print for Werner's QES key? The usage / capabilities should contain s (for signing) and q (for qualified signing). If q is missing then something isn't set up correctly.
Jan 2 2026
Jan 2 2026
timegrid closed T8008: GpgEX: UI server already running, a subtask of T7528: Make it possible to run Kleopatra VSD and Kleopatra GPD in parallel, as Resolved.
The issue is resolved in gpg4win-5.0.0-beta479 @ win11:
- no error for opening .eml files
- no error for starting kleopatra while running (also not started twice anymore)
timegrid added a comment to T6939: File extensions for Mailviewer saving.
Notes:
- "Save encrypted" is only "Save" in the UI.
- This is still reproducible in gpg4win-5.0.0-beta476 @ win11
timegrid removed a project from T6299: Kleopatra: Updating key does results in "not changed" instead of "not found": LDAP.
Dec 23 2025
Dec 23 2025
• ebo changed the status of T6453: Kleopatra: Show isQualified in Certificate details if true from Testing to Open.
I've created a global trustlist.txt at C:\ProgramData\GNU\etc\gnupg with an entry for the RootCA for Werners QES key with the qual keyword. (The local config would not work, according to the man page.)
• ebo closed T7054: Kleopatra: Saving/restoring column layout in certificate lookup doesn't work as Resolved.
Adding a new column to the layout is now remembered.
The with of the newly added column (Key-ID, all others are shown by default) is not set to the width of the content. But I think that is ok, one can increase the width manually and that is then remembered.
I am surprised that the solution with the separate tab was chosen… Looks like this:
• ebo moved T7963: Kleopatra: Group configuration reset when certificate details window is opened from QA to Done on the gpd5x board.
works in Gpg4win-5.0.0-beta476
• ebo closed T7538: Kleopatra: Do only ask for confirmation twice when deleting a secret key as Resolved.
Ok, only 2 confirmations after the one above any more (for a standard key), they look like this:
• ebo closed T7886: Kleopatra: Enhance error on missing subkey, if set by default-new-key-adsk as Resolved.
Ok, my fault, I missed that in the beginning there was logging in the background which consumed gpg's error message.
If no logging is running in the background (that's something that often trips me…) on consecutive runs:
• ebo added a comment to T7886: Kleopatra: Enhance error on missing subkey, if set by default-new-key-adsk.
with Gpg4win-5.0.0-beta476
• werner changed the status of T7983: gpg: the validity of a secret key is changed by making a certification with it from Open to Testing.
• ebo moved T7886: Kleopatra: Enhance error on missing subkey, if set by default-new-key-adsk from WIP to QA on the gpd5x board.
• ebo moved T7913: Kleopatra: General error if designated revoker not in keyring from WIP to QA on the gpd5x board.
• ebo moved T7937: Kleopatra: Screenreaders stay silent when smartcard window is opened from WIP to QA on the gpd5x board.
• ebo moved T7538: Kleopatra: Do only ask for confirmation twice when deleting a secret key from WIP to QA on the gpd5x board.
• ebo moved T7963: Kleopatra: Group configuration reset when certificate details window is opened from WIP to QA on the gpd5x board.
Yes, Kleopatra quits again with the beta from yesterday:
• ebo moved T7989: GpgOL: Confusing message in dialog window "Conflicting crypto settings" from Backlog to Triage on the gpgol board.
• ebo triaged T7989: GpgOL: Confusing message in dialog window "Conflicting crypto settings" as Normal priority.
Dec 22 2025
Dec 22 2025
• werner triaged T7983: gpg: the validity of a secret key is changed by making a certification with it as High priority.
• werner moved T7982: Kleopatra, Okular: Process doesn't exit if the app is Quit from WIP to QA on the gpd5x board.
Fixed in gpg4win-5.0.0-beta476
• ikloecker renamed T7982: Kleopatra, Okular: Process doesn't exit if the app is Quit from Kleopatra: The kleopatra.exe process doesn't exit if the app is Quit to Kleopatra, Okular: Process doesn't exit if the app is Quit.
• ikloecker moved T7982: Kleopatra, Okular: Process doesn't exit if the app is Quit from Backlog to WIP on the gpd5x board.
• ikloecker changed the status of T7982: Kleopatra, Okular: Process doesn't exit if the app is Quit from Open to Testing.
Fixed by applying a patch to our version of MinGW. This affected all Qt programs build with Qt 6.10.
• werner added a comment to T7983: gpg: the validity of a secret key is changed by making a certification with it.
This has likely a similar cause as T1794
pl13 added a comment to T7983: gpg: the validity of a secret key is changed by making a certification with it.
I have been able to reproduce this on linux with gnupg 2.5.14.
I had two users (named Alice and Bob in the example), each generating a key pair.
These are the steps:
- Both users have the "use-keyboxd" option in their common.conf (i could not reproduce the bug without this option)
Dec 18 2025
Dec 18 2025
• ikloecker moved T7528: Make it possible to run Kleopatra VSD and Kleopatra GPD in parallel from QA to WIP on the gpd5x board.
Back to WIP because I had to fix a regression.
• werner moved T7730: gpg: retrieve a certificate from an LDAP server before sending it to the LDAP server from WIP to QA on the gnupg26 board.
• werner added a comment to T7730: gpg: retrieve a certificate from an LDAP server before sending it to the LDAP server.
Well, I tested this again. I created a new key and saved a copy. The I updated the expiration date to 2035 and sent the key to the LDAP server. Then I deleted the updated key locally and imported the old copy. Thus I have now:
• TobiasFella added a comment to T7107: Kleopatra: Option "PublicKeyEncryptionOnly".
• werner added a comment to T7983: gpg: the validity of a secret key is changed by making a certification with it.
Yesterday I was able to reproduce it once. But despite more than a dozen more tries yesterday and this morning, I could not anymore replicate it. I tested on Unix and one oddity was that I forgot to kill the keyboxd for a clean new test and thus it could serve old keys despite that the pubring.db was already deleted (but the inode still open by keyboxd).
• ebo updated subscribers of T6299: Kleopatra: Updating key does results in "not changed" instead of "not found".
@timegrid I would not tag this ticket with LDAP, as it is not LDAP specific
• ebo moved T6299: Kleopatra: Updating key does results in "not changed" instead of "not found" from Restricted Project Column to Restricted Project Column on the Restricted Project board.
• ebo closed T6299: Kleopatra: Updating key does results in "not changed" instead of "not found" as Resolved.
State in Gpg4win-5.0.0-beta446 and vsd 3.3.4 is this:
So the message is "Update Failed" for keyserver and "not found" for WKD.
In light of that the ticket is this old, I'll leave it at that instead of discussing further improvements beyond this single phrase.
These would have to go in a new ticket.
• ebo closed T7809: Kleopatra: Save of audit log viewer is html without an .html extension as Resolved.
Dec 17 2025
Dec 17 2025
• ebo lowered the priority of T7763: Draft: Kleopatra: Add option to decrypt a file at the target location (instead of temp) from Normal to Low.
• ebo added a comment to T7983: gpg: the validity of a secret key is changed by making a certification with it.
This is really weird behavior. It seems other secret keys in the keyring may also change to "undefined" validity when the certification is done with another key. And something about the key which is certified is important.
But it can also happen that it is enough to just import a secret key without certifying anything with it for it to be shown as "undefined" validity.
• ebo added a comment to T7981: Draft: Kleopatra: Show "No secret key" error for S/MIME protocol.
The aim of this ticket is to map the message in Kleo for the corresponding gpg case to the "Not found" error in gpgsm and thus show the other message instead.
• ebo renamed T7981: Draft: Kleopatra: Show "No secret key" error for S/MIME protocol from Kleopatra: Show "No secret key" error for S/MIME protocol to Draft: Kleopatra: Show "No secret key" error for S/MIME protocol.
Dec 16 2025
Dec 16 2025
• ebo triaged T7980: Draft: Kleopatra: Add long KeyID to recipient listing (ADSK related) as Normal priority.
• ebo updated the task description for T7831: Kleopatra: Configuration of the initial status of all checkboxes in the sign/encrypt dialog.
• ebo lowered the priority of T7831: Kleopatra: Configuration of the initial status of all checkboxes in the sign/encrypt dialog from High to Normal.
ok, yes, looks like this was not thought through. How about "Sign/Encrypt settings"?
• TobiasFella added a comment to T7831: Kleopatra: Configuration of the initial status of all checkboxes in the sign/encrypt dialog.
for clarity: the current "password based encryption only" and "public key encryption only" are not about defaults, but completely disable the respective functionality. should they really be under "Sign/Encrypt defaults"?
• TobiasFella added a comment to T6939: File extensions for Mailviewer saving.
I can't reproduce your problems. Can you get me the exact test files you used?
m.eik added a comment to T7774: Add reencrypt option to mail and folder encryption to output a list of encrypted mails.
timegrid moved T7973: Kleopatra: Add qt patch to make the AutomationId property accessible from Backlog to Done on the gpd5x board.