Please add the hint you mentioned.

Changing the position needs some more thought. There can be up to four buttons displayed next to the result:

• Force decryption is shown if decryption failed due to a missing integrity check (MDC)
• Show Audit Log is always shown (unless retrieving the audit log failed)
• Show Email is shown if the decrypted content is something that can be opened in the mail viewer
• Close is always shown in the notepad

"Show audit log" is already a button (probably changed for another ticket). I'll look into the remaining points.

The workaround is ready for testing. Kleopatra shouldn't show duplicate LDAP servers in the settings dialog. As a side effect global ldapserver entries should no longer multiply in the local dirmngr.conf each time the LDAP servers are changed, but one copy of the global ldapserver entries is still written to the local dirmngr.conf.

Backported for VSD 3.4

Done.

The fix is only a workaround, the duplicate entries are no longer shown in Kleopatra, they still exist and multiply on save.

How about "Certification includes that you check the fingerprint against a trusted source."? "Means" seems wrong to me. @hej, please comment

ok, lets do this. I'll update the description

I'm fine with just dropping it.

One doesn't even need a global config file to reproduce the duplication.

I'm okay with omitting the list of suggestions for shared secret keys. The person distributing the key should have told the recipients how to import and certify them properly.

Also backported for VSD 3.4.

Now also available in Gpg4win 5.

Ready for testing in VSD 3.3

How about changing the text after sentence two simply to:

Do we agree to drop bolt font for QES certificates?
Will we change this for VSD 3.4?

What about always using PEM for all generated CSRs? As far as I can see, gpgsm command line always uses PEM when generating CSRs.

Backported for VSD 3.4

For all tables where the visible columns can be configured via the context menu of the table header the visible columns can now also be configured via the context menu of the table cells/rows. (The only exception is the result table in the selftest where it doesn't really make sense to change the visible columns. Instead we should disable the context menu of the table header.)

Note for mails with 2 attachments, where the warning is displayed: Those mails can't be moved in Outlook/GpgOL

Regarding 8. encrypted/signed vcard attachment:

Maybe we could show instead the text "No keyserver is configured."? Need not be in the same place. This would also be helpful in the other case, where you go to the search via "Lookup on Server". Showing which keyservers are configured would be nice too, of course.

Make all table column headings accessible (see Update 2025-10-27).

Fixed and backported for VSD 3.4.

The settings should work again. They are described at https://docs.kde.org/trunk_kf6/en/kleopatra/kleopatra/admin.html#admin-certificate-request-wizard-keys , but note that the documentation is severely outdated. Note that those settings are not officially supported by GnuPG (VS-)Desktop (see https://gnupg.com/vsd/kleopatra-settings.html).

Should work now.

This was fixed in Qt 6.10.0 by adding compatibility code that's "hidden" behind a compiler flag, i.e. we just need to enable this compiler flag. See https://codereview.qt-project.org/c/qt/qtbase/+/629255 for details.

I'm pretty sure that this has already been fixed with the changes made for T8083: Kleopatra: Use blue icon for Gpg4win and GPD. build-appimage.sh now always replaces the Breeze icons shipped with the AppImage with the appropriate head icon.

Won't fix for vsd3x

At least for an expired data signature I would suggest to have an info button to further expliah this. Maybe to a FAQ or KB article. The case is too rare that we should not discuss endlessly the pros and cons of expiring signatures. I hope that Kleo does not provide an option to crerate such a signature.

Physical experiment feature support should better not be widely used.

Note: In vsd it must be restricted to the bp algorithms then

If the user clicks the "No, others also use this key" button they get the following dialog

You are totally correct, confirmed with VSD 3.3.5.

I was curious: Similar to the kiosk/immutable feature of kconfig, gpgolconfig allows to flag values as immutable by appending a '!' to the value set in the registry. If autoencryptUntrusted is set to 0! via the registry then the checkbox should be disabled.

This ticket is only for ignoring the autoencryptUntrusted setting. For the gpgolconfig.exe part see T8090

To test in gpgol after the fix (see T7836: GpgOL: Both disable and prefer S/MIME does not work):

1. Make sure you have both secret openpgp and smime certs for ted (both split S/MIME keys)
2. Deactivate "Always show security approval dialog"
3. Enable S/MIME and activate "Prefer S/MIME"
4. Kill background processes and restart Outlook (just to be sure)
5. Send an encrypted/signed mail form and to ted => should be S/MIME encrypted