didn't seem to work with 1.9.x

Thanks! Interestingly didn't seem to work with 1.9.x but it does with 1.10x. Maybe I made some error when testing.

Thank you. Applied.

The buttons in the main toolbar can now be selected with Tab and Shift+Tab.

Backported to GnuPG 2.2.

Applied the changes.

Now, it also supports a reader with pinpad.

Also applied to 1.10.

This feature is implemented in different way, by T5099.

Pushed the solution which doesn't require new flag for libassuan.

In T5975#158113, @werner wrote:

I can imagine thar there are use cases for this. Thus I see no problems for the first part.

The second part is imho not a good idea. Libgcrypt is a building block for all kind of software and there are for sure legitimate reasons to use rsa512 (MCUs, short living keys, etc). Thus I think that the decision on the key size should be done by the software using libgcrypt.

Pushed the change (master and 1.10).

I do not claim I understand anything of this assembler syntax :)

For the second, I wonder if newer xlclang++ compiler works with 1.9.

Thank you for the bug report.

Pushed the change.

To detect these kinds of bugs, possibly, we can use new GCC option: -ftrivial-auto-var-init=0xFEFEFEFE.
https://gcc.gnu.org/gcc-12/changes.html#uninitialized

Editing a formatted password should work now as expected.

The change improve error handling for possible other errors by device: rG53eddf9b9ea0: scd: Fail when no good algorithm attribute.

Thank you, @gniibe. That's what I was missing: installing libsqlite3-dev made the difference.

Pushed the change. Also, it's backported to 1.10 branch.

Applied to 2.2 branch, too.

Pushed the change to master.

Pushed the fix.

Proper accessible error reporting will be done with the accessibility related tasks.

For the same reasons "Print Secret Keys..." is now also disabled for keys stored on smart cards. No other command seems to require access to the secret key data.

The Certificate Details window now has an Update button.

This can be bypassed by entering the date manually, was reported by a customer and I have just confirmed this.

Fixed in GnuPG 2.3.5.

Nitrokey Start uses Gnuk as its firmware. You need to upgrade its firmware to version 1.2.16 or newer.
Please note that when upgrading the firmware, your keys will be removed.

Its a nitrokey start. I gave it another spin just to make sure, and again when updating to openssh 9.0 and "gpg (GnuPG) 2.3.6-unknown", it fails (again with careful gpgconf --kill gpg-agent etc. Double checked the downloaded source code by arch's makepkg, appears to have that patch applied. Also tried adding -o KexAlgorithms=-sntrup761x25519-sha512@openssh.com to the ssh command, which didn't help.

Please describe what token is used. For my use cases with rGe8fb8e2b3e66: scd: Don't inhibit SSH authentication for larger data if it can., both of Gnuk (>= 1.2.16) and Yubikey (>= 5) work well.

this looks similar to https://dev.gnupg.org/T5935 and https://bugs.debian.org/1008573

Tested

FYI, I built 2.3.6 using a modified archlinux PKGBUILD (& disabling patches to avoid conflicts), then did:
gpgconf --kill gpg-agent
gpgconf --launch gpg-agent
but ssh still fails as before

Fixed. Until the lookup is completed, a question mark icon should be shown and no error should be displayed.

My Yubikey (Yubico.com Yubikey 4/5 OTP+U2F+CCID) (key Ed25519) works fine with OpenSSH using kex of sntrup761x25519-sha512@openssh.com.

Works together with the changes for T5939: Kleopatra: Better error for wrong password in symmetric decryption. Tested with symmetric encrypted file and with symmetric+pk encrypted file.

Sorry, I was confused. For RSA-4096, data is hashed by gpg-agent and hashed data is signed by a card.

We are using rsa-4096 on smartcard for quite some time; so I wonder what's the problem here. Is that that we don't use our Assuan hack for large key material with OpenPGP.3?