I also tested to add the qual flag to the root cert in the global trusted.txt, as using qualified.txt is considered legacy, but still the same behavior

The first time Okular was included is gpg4win-4.2.0:

See here for how it should look like:

• https://invent.kde.org/graphics/okular/-/merge_requests/1120
• https://invent.kde.org/graphics/okular/-/merge_requests/1121

I see. I added the root cert to C:\ProgramData\GNU\etc\gnupg\qualified.txt and the usage of the signing certs does include a qualified signature in Kleopatra now. Still I don't see any highlight/filter in Okular:

The "ca" root cert is not on the ldap, if that matters

In T8048#211860, @ikloecker wrote:

some other certificates, but I guess those are from other tests

It also happens on CLI:

• gpg4win 5.0.0 @ win11

Note: This does not happen on vsd-3.3.4

gpgme.log (vsd 3.3.4):

In T8039#211727, @timegrid wrote:

I wonder where the information of the previously installed components comes from, if not from the MementoSection_SEC_kleopatra fields.

I searched the whole registry and found, that if browser integration is installed, this key still lives in WOW6432Node: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Gpg4win

Oh, surpisingly it's the other way around: if the information is given in the registry key, all components are preselected. If the key is missing (browser integration installed), only the installed components are preselected. I wonder where the information of the previously installed components comes from, if not from the MementoSection_SEC_kleopatra fields.

Another possibility would be to just add a revoked column (expiration date is already shown) to keep closer to the ldap schema.

Without browser integrations installed, the preselection works fine though.
Probably this happens, because the info in the registry is missing as soon as browser integration is installed, see T8038: NSIS: Updating line omitted if browser integration is installed

should properly uninstall the existing installation.

see also T8039: NSIS: Preselection of installed components on reinstall only works with browser integration installed

I created a bunch of smime certs (via OpenSSL) and imported them in gpg4win-5.0.0 @ win11:

• For each keyusage
  • keyEncipherment, dataEncipherment
  • digitalSignature
  • nonRepudiation
  • digitalSignature, nonRepudiation
• Alice's certs with different names, Bob's certs with same name for each key

Is this is good enough or should the import cert list also inherit the layout (with or without additional columns) from the currently active tab?

Looks good to me on gpg4win-5.0.0 @ win11. Tested with 20 starts of each combination:

• with / without keyboxd
• quitting kleopatra / killing all processes

Looks good to me on gpg4win-5.0.0 @ win11. Tested with 20 starts of each combination:

• with / without keyboxd
• quitting kleopatra / killing all processes

Looks good to me on gpg4win-5.0.0 @ win11. Tested with 20 starts of each combination:

• with / without keyboxd
• quitting kleopatra / killing all processes

Another correction: I'm quite sure, that changing the width worked for a while (until i created that new tab), but I can't reproduce this anymore (even after deleting kleopatrastaterc). Now the import list again seems to have it's own memory (changing width in the import list will be kept on the next import)

Correction: On import, the width of the last created tab (not the current one) will be used, but additional columns won't be added.

In gpg4win-5.0.0-beta479 @ win11

• I can confirm, that a new tab will inherit the layout from the currently active tab
• On import
  • The layout of the main tab is kept
  • The import cert table has it's own layout though (default columns/widths) - should this be different? see next comment
    

Mostly looks good to me on gpg4win-5.0.0-beta479 @ win11.

Looks good to me on gpg4win-5.0.0-beta479 @ win11:

Was anything changed? What to test here?

Thanks, looks good to me:

• Saving to c:\
  
• Saving with removed signing key
  

On gpg4win-5.0.0-beta479 @ win11 the registry settings are not read due to the organization name not set.

Importing the same files via cli does work:

Screenshots of different imports:

gpgme.log (import of kyber team key with signing key):

gpgme.log (import of normal non team key kyber cert):

The behaviour might have changed a bit because of the ldap: prefix i use now, or i have missed this case the last time:
Given some cert on the "download" server, I can find it, if dirmngr.conf contains only the "download" server, or if the "download" server is listed first:

Looks good to me on gpg4win-5.0.0-beta479 @ win11:

Looks good to me on gpg4win-5.0.0-beta479 @ win11:

I assume, that testing the functionality is the only thing I can do here.

Looks good to me on gpg4win-5.0.0-beta479 @ win11

Tested with gpg4win-5.0.0-beta479 @ win11

@tfry tested this, and it seems fine.

Looks good to me on gpg4win-5.0.0-beta479 @ win11.

Ebo was also able to reproduce it like this:

Looks good to me on gpg4win-5.0.0-beta479 @ win11.
Both without and with DeviceInfoWatcher (via configuration as shown in https://dev.gnupg.org/T7045#186162 ):

• Removal of smart card -> smart card is removed in smart card view
• Insertion of smart card + gpg-card -> smart card is added in smart card view

I'm not sure, how to reproduce this. On gpg4win-5.0.0-beta479 @ win11 I quit Kleopatra with a smartcard inserted, the process exits with code 0, so it looks fine and I'm setting this to resolved.

Does not work on gpg4win-5.0.0-beta479 @ win11:

• Open encrypted mail and open attachments in outlook + reboot
  • All temporary files in "C:\Users\g10\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\ODXPL3A9" are still present after reboot (files with 002 ending additionally opened)
    
  • Temporary files are still present after opening and closing Kleopatra and Outlook
• Open encrypted attachment in kleopatra/mailviewer (via .eml file) + reboot
  • All temporary files in "C:\Users\g10\AppData\Local\Temp\kleopatra.XXXXXX" are still present after reboot (one folder per opened file)
    
  • Temporary files are still present after opening and closing Kleopatra
• Decrypt archive in kleopatra + reboot during the success dialog with the save button
  • Temporary folder "C:\Users\g10\AppData\Local\Temp\kleopatra.XXXXXX" with extracted tarball still present after reboot
  • Temporary files are still present after opening and closing Kleopatra

to make sure we talk about the same thing, it's about the status column:

The imported cert was berta`s in this case.

Other observations:

• after removing the smartcard reader again it's still not reproducible
• after win restart it's not always reproducible
• best chances to reproduce by killing all gpg related processes and deleting gnupghome and Gpg4Win folders first, then import

after attaching a smartcard reader with a smartcard, i can't reproduce this issue anymore

In T8015#210727, @ikloecker wrote:

Also: What happens if you cancel the ownership question and then change the owner trust of the key on the command line?

Interesting. I also wasn't able to reproduce this anymore, although I even created a new VM to make sure this is reproducible in a clean setup (and it was reproducible every time).
After restart of windows, it is reproducible again. This is the debugview output for an import without status update:

Looks good to me on gpg4win-5.0.0-beta479 @ win11.

Done

• progress/busy indicator shown (probably also read, but loading was too fast, so it skipped the text)

alt+m
Manage Smart Cards - Kleopatra  window
Loading smart cards...
tab control
OpenPGP - 0005 00009D58  tab  Alt+  O

Maybe it would be better to just not offer S/MIME certs with distrusted root cert?

I tried to get any error response but found those issues instead:

• T8017: Okular: Hang on signature with smime cert and distrusted root
• T8018: Okular: No error on signature with wrong passphrase

If all processes are killed before okular is opened, i get an error on "finish signing":

gpgsm.log (debug-all, whole process of signing)

Looks good to me on gpg4win-5.0.0-beta479 @ win11. The default path is now the same as the path of the opened file:

Looks good to me on gpg4win-5.0.0-beta479 @ win11:

• gpg --show-only-session-key --decrypt FILE shows only the session key
• gpg --add-recipients -r UID1 FILE adds recipients (tested with one or more uids)
• gpg --change-recipients -r UID FILE changes the recipients (tested with one or more uids)

Looks good to me on gpg4win-5.0.0-beta479 @ win11.
I can't reproduce ebo's nor pl13's issue.

The problem was the keyserver configuration, which does not include a scheme (ldap:):

keyserver ldap.gnupg.test:389:uid=LordPrivySeal,ou=GnuPG Users,dc=gnupg,dc=test:pass:dc=gnupg,dc=test:

The issue is resolved in gpg4win-5.0.0-beta479 @ win11:

• no error for opening .eml files
• no error for starting kleopatra while running (also not started twice anymore)