If only the secret encryption subkey is exported and there is a signing subkey then, additionally, to the secret subkey export a public export is added to the created file, i.e. in the created file there's a PUBLIC KEY BLOCK and a PRIVATE KEY BLOCK. (With the next version of gpgme the public key block only contains the primary key and the signing subkey. Currently, it's a full public key export of the team key.)

In gpg4win-5.0.0-beta479 @ win11

• I can confirm, that a new tab will inherit the layout from the currently active tab
• On import
  • The layout of the main tab is kept
  • The import cert table has it's own layout though (default columns/widths) - should this be different? see next comment
    

In T7455#211465, @timegrid wrote:

Notes:

• The "Encrypt..." and "Sign..." operations might not be needed anymore now, that "Sign/Encrypt ..." is available?

Mostly looks good to me on gpg4win-5.0.0-beta479 @ win11.

Looks good to me on gpg4win-5.0.0-beta479 @ win11:

Was anything changed? What to test here?

I've changed this now to "GnuPG VS-Desktop" (and "GnuPG Desktop").

Am I right that for VSD we use:

We set the following organization names for the different products:

• Gpg4win: Gpg4win
• GnuPG Desktop: GnuPG Desktop
• GnuPG VS-Desktop: GnuPG VS-Desktop

i.e. the registry path for Kleopatra settings will be for example
SOFTWARE\Gpg4win\Kleopatra\<config group>\<config entry>

Thanks, looks good to me:

• Saving to c:\
  
• Saving with removed signing key
  

On gpg4win-5.0.0-beta479 @ win11 the registry settings are not read due to the organization name not set.

A way to trigger some errors could be trying to save to c:\windows or some other place you can't do.
Or while you have the key list open in okular, remove the key underneath everything and then continue.

We now have a filter for qualified signatures if there is any in the list

Fixed upstream with https://invent.kde.org/graphics/okular/-/merge_requests/1301 - not yet in our packaging

@werner: gpg fails to batch import secret Kyber keys:

$ GNUPGHOME=/home/ingo/dev/g10/.gnupghomes/empty gpg --batch --import --verbose ~/dev/g10/testdata/exported/Kyber768_0xDD89C34EF2B69576_SECRET.asc 
gpg: WARNING: unsafe permissions on homedir '/home/ingo/dev/g10/.gnupghomes/empty'
gpg: enabled compatibility flags:
gpg: sec  brainpoolP256r1/DD89C34EF2B69576 2024-11-14  Kyber768 <kyber768@example.net>
gpg: using pgp trust model
gpg: key DD89C34EF2B69576: public key "Kyber768 <kyber768@example.net>" imported
gpg: key DD89C34EF2B69576/DD89C34EF2B69576: secret key imported
gpg: key DD89C34EF2B69576/D07DD3BF9F1AAF4F: error sending to agent: IPC parameter error
gpg: error reading '/home/ingo/dev/g10/testdata/exported/Kyber768_0xDD89C34EF2B69576_SECRET.asc': IPC parameter error
gpg: import from '/home/ingo/dev/g10/testdata/exported/Kyber768_0xDD89C34EF2B69576_SECRET.asc' failed: IPC parameter error
gpg: Total number processed: 0
gpg:               imported: 1
gpg:       secret keys read: 1

Importing the same files via cli does work:

Screenshots of different imports:

gpgme.log (import of kyber team key with signing key):

gpgme.log (import of normal non team key kyber cert):

or maybe for the fist one "_ENC_ONLY"

Setting to resolved, as I think it should be

Backported for VSD 3.4

Done. I've used the following script to create clear-signed test messages with good/bad signature signed with certificates with different validity and status (expired, revoked).

All sub tickets are done.

This is ready for testing and available in 5.0.0-betaX since about a year.

Should be ready for testing. This is available in 5.0.0-beta479.

This has finally been merged.

In the meantime we don't show the imported certificates anymore in the main window as tabs but in a separate window, i.e. import tabs are no longer an issue. Please retest.

I'm pretty sure that this is done. For gpd5 the changes have been merged upstream and kconfig reads the config keys in the desired order.

Thanks Eva and Ingo. It seems 2.5.17 is not too far away.

I can reproduce this on the command line:

C:\Users\g10code>"c:\Program Files\GnuPG\bin\gpgsm.exe" --export --armor 579BAF3DF16AD462457BCC0897ADBC143D76EA7B 5A2B80F98F518D50891B1F0C7C6131AD107F9938 DB625D2BBBB5A3FD985C0233249B03090E85D402
Issuer ...: /CN=CA IVBB Deutsche Telekom AG 20/OU=Bund/O=PKI-1-Verwaltung/C=DE
Serial ...: 02195D190EBE34
Subject ..: /CN=iOS Test-Smartcard iostest01.sc/OU=BSI/O=Bund/C=DE/SerialNumber=2
    aka ..: iostest01.sc@bsi.bund.de
Keygrip ..: 527CE32FD0552D18479442EF90DD5E434C036329

I can reproduce the issue only (!!!) with keyboxd (on Windows).

was tested already by timegrid

Looks good to me on gpg4win-5.0.0-beta479 @ win11:

I assume, that testing the functionality is the only thing I can do here.

That was also fixed in gnupg 2.2.50 and thus vsd 3.3.3

Looks good to me on gpg4win-5.0.0-beta479 @ win11

Tested with gpg4win-5.0.0-beta479 @ win11

@tfry tested this, and it seems fine.

What I did wrong was that I did not include the global trustlist.txt (which is not read by default in Gpg4win) in the user trustlist.
This can be done by putting "include-default" at the beginning of the trustlist.txt in the users GNUPGHOME.

Okay. Confirmed and understood. The problem is that file system watcher doesn't watch the trustdb.gpg file because the file did not yet exist when the watcher was initialized. And during the import we disable the file system watcher so that it doesn't notice the creation of the file and therefore doesn't start watching it.

Looks good to me on gpg4win-5.0.0-beta479 @ win11.

Ebo was also able to reproduce it like this: