Looks good to me on gpg4win-5.0.0-beta479 @ win11:

Was anything changed? What to test here?

I've changed this now to "GnuPG VS-Desktop" (and "GnuPG Desktop").

Am I right that for VSD we use:

We set the following organization names for the different products:

• Gpg4win: Gpg4win
• GnuPG Desktop: GnuPG Desktop
• GnuPG VS-Desktop: GnuPG VS-Desktop

i.e. the registry path for Kleopatra settings will be for example
SOFTWARE\Gpg4win\Kleopatra\<config group>\<config entry>

Thanks, looks good to me:

• Saving to c:\
  
• Saving with removed signing key
  

On gpg4win-5.0.0-beta479 @ win11 the registry settings are not read due to the organization name not set.

A way to trigger some errors could be trying to save to c:\windows or some other place you can't do.
Or while you have the key list open in okular, remove the key underneath everything and then continue.

We now have a filter for qualified signatures if there is any in the list

Fixed upstream with https://invent.kde.org/graphics/okular/-/merge_requests/1301 - not yet in our packaging

@werner: gpg fails to batch import secret Kyber keys:

$ GNUPGHOME=/home/ingo/dev/g10/.gnupghomes/empty gpg --batch --import --verbose ~/dev/g10/testdata/exported/Kyber768_0xDD89C34EF2B69576_SECRET.asc 
gpg: WARNING: unsafe permissions on homedir '/home/ingo/dev/g10/.gnupghomes/empty'
gpg: enabled compatibility flags:
gpg: sec  brainpoolP256r1/DD89C34EF2B69576 2024-11-14  Kyber768 <kyber768@example.net>
gpg: using pgp trust model
gpg: key DD89C34EF2B69576: public key "Kyber768 <kyber768@example.net>" imported
gpg: key DD89C34EF2B69576/DD89C34EF2B69576: secret key imported
gpg: key DD89C34EF2B69576/D07DD3BF9F1AAF4F: error sending to agent: IPC parameter error
gpg: error reading '/home/ingo/dev/g10/testdata/exported/Kyber768_0xDD89C34EF2B69576_SECRET.asc': IPC parameter error
gpg: import from '/home/ingo/dev/g10/testdata/exported/Kyber768_0xDD89C34EF2B69576_SECRET.asc' failed: IPC parameter error
gpg: Total number processed: 0
gpg:               imported: 1
gpg:       secret keys read: 1

Importing the same files via cli does work:

Screenshots of different imports:

gpgme.log (import of kyber team key with signing key):

gpgme.log (import of normal non team key kyber cert):

or maybe for the fist one "_ENC_ONLY"

Setting to resolved, as I think it should be

Backported for VSD 3.4

Done. I've used the following script to create clear-signed test messages with good/bad signature signed with certificates with different validity and status (expired, revoked).

All sub tickets are done.

This is ready for testing and available in 5.0.0-betaX since about a year.

Should be ready for testing. This is available in 5.0.0-beta479.

This has finally been merged.

In the meantime we don't show the imported certificates anymore in the main window as tabs but in a separate window, i.e. import tabs are no longer an issue. Please retest.

I'm pretty sure that this is done. For gpd5 the changes have been merged upstream and kconfig reads the config keys in the desired order.

Thanks Eva and Ingo. It seems 2.5.17 is not too far away.

I can reproduce this on the command line:

C:\Users\g10code>"c:\Program Files\GnuPG\bin\gpgsm.exe" --export --armor 579BAF3DF16AD462457BCC0897ADBC143D76EA7B 5A2B80F98F518D50891B1F0C7C6131AD107F9938 DB625D2BBBB5A3FD985C0233249B03090E85D402
Issuer ...: /CN=CA IVBB Deutsche Telekom AG 20/OU=Bund/O=PKI-1-Verwaltung/C=DE
Serial ...: 02195D190EBE34
Subject ..: /CN=iOS Test-Smartcard iostest01.sc/OU=BSI/O=Bund/C=DE/SerialNumber=2
    aka ..: iostest01.sc@bsi.bund.de
Keygrip ..: 527CE32FD0552D18479442EF90DD5E434C036329

I can reproduce the issue only (!!!) with keyboxd (on Windows).

was tested already by timegrid

Looks good to me on gpg4win-5.0.0-beta479 @ win11:

I assume, that testing the functionality is the only thing I can do here.

That was also fixed in gnupg 2.2.50 and thus vsd 3.3.3

Looks good to me on gpg4win-5.0.0-beta479 @ win11

Tested with gpg4win-5.0.0-beta479 @ win11

@tfry tested this, and it seems fine.

What I did wrong was that I did not include the global trustlist.txt (which is not read by default in Gpg4win) in the user trustlist.
This can be done by putting "include-default" at the beginning of the trustlist.txt in the users GNUPGHOME.

Okay. Confirmed and understood. The problem is that file system watcher doesn't watch the trustdb.gpg file because the file did not yet exist when the watcher was initialized. And during the import we disable the file system watcher so that it doesn't notice the creation of the file and therefore doesn't start watching it.

Looks good to me on gpg4win-5.0.0-beta479 @ win11.

Ebo was also able to reproduce it like this:

In Gpg4win-5.0.0-beta479 the dialog no longer exists. Problem solved ;-)

Gpg4win-5.0.0-beta479: works, no crash any more

I have verified (by looking at QTextEdit's code) that, on paste, QTextEdit splits the text for the internal representation into lines and discards any CR and LF characters.

It turns out that Kleopatra's notepad converts the CR characters of the spoofed file to LF characters when pasting the text so that Kleopatra doesn't really verify the content of the spoofed file but different content. And this results in a bad signature. The confusing bit is that Kleopatra also says "Successfully verified the notepad" and that it shows the claimed-to-be-signed text although the signature is bad which could lead an inattentive user to the assumption that the signature of the displayed text was actually good (because "Successfully verified").

works, with Gpg4win-5.0.0-beta479 on Win11.
Now after hitting "save" a dialog is shown asking under which name the file shall be saved. Saving works with both options.