Starting to understand KIO architecture a bit better. We can easily add more protocols if we want to. For now I have just added the file plugin. I tested with moving.

Adding @werner @aheinecke to get their feedback especially on the options at the end of the previous comment.

@Angel thanks for the valuable feedback

I will review the issue. A likely outcome will be to follow your suggestion but to add an option for the old behaviour to avoid further security discussions.

Option #1 is good from a descriptional POV, but in most cases both the main key and the subkeys will be expired, so it would end up not updating any subkey.

The user tried to sneak in an ad link and he has thus been banned. Here is his probably AI generated comment for documentation:

That comment was used to sneak in an ad. For documentation here is the comment w/o the link:
The changes made to the code have improved the workflow when verifying detached signature [redacted] without a corresponding signed file from Kleopatra's UI, which should make the process more intuitive for users. It is possible that users who experienced this issue in the past may express their satisfaction with the fix in the comments, while others may provide feedback on the usability of the updated workflow.

I don't see a reason backing off the original commit. A fix for macOS is now available (rCfa21ddc158b5) and will be in the next release. No reason for other changes.

I see the point of use of int.
For backward compatibility, the semantics of 0 should remain as default timeout (let kernel decide == 120 sec, usually), -1 would be meaning immediately (only success when local).

Thank you for your report. Good catch.

The fix is in 2.4.1.
It's not perfect fix, but it catches the problem when it's not encrypted secret key.

The code for the file Job etc. is definetly in there. I think it somehow tries to intospect supported protocols maybe even through dbus and this fails then. My current expectation is that we need to identify where this happens and then to hardcode some supported jobs / workers etc.

Yes most definetly I am looking it at next

works, Gpg4win-4.1.1-beta295

fixed

This is basically working as intended by gpg --quick-set-expire. With a first call of gpg --quick-set-expire the validity of the primary key is extended. With a second call of gpg --quick-set-expire with third option * gpg is asked to update the expiration time "of all non-revoked and not yet expired subkeys".

the option works

Closing. A small change in Kleopatra (T6472) should help to avoid using this hack in common cases.

Setting priority to high because this should be fixed before the next release.

I have checked that we now switch back to openpgp (if necessary) after every use of ReaderStatus::startSimpleTransaction and ReaderStatus::startTransaction. The only uses of those functions outside of subclasses of CardCommand are by PGPCardWidget for which switching back to openpgp isn't needed.

Why can't we keep the signed int? Do we ever need such a long timeout. We could for example define -1 as use default timeout.

assuan_sock_connect_byname may be extended to change the third argument (now int reserved) to unsigned int timeout.
It's a kind of API change, but ABI wise, the impact is minimum.

in gpg.conf

This has been fixed for gnupg24 and gpg4win.

!ebo: Did you set a log-file into gpg.conf or common.conf ?

This works, basically.

Note that this change has the inconvenient consequence for the users that they will have to (re-)enter the PIV Authentication Key for each operation that requires authentication, e.g. for each write operation (generate key, write key, write certificate), because switching to openpgp seems to reset the PIV authentication.

works now, Gpg4win-4.1.1-beta295

works

works with Gpg4win-4.1.1-beta295

The workaround works.

I learned that Unix build environment needs Wine emulation (with winepath) for MinGW host (when uninstalled executable should run correctly).
https://www.gnu.org/software/libtool/manual/html_node/File-name-conversion.html

I imported only a secret key file generated by "Backup secret key"

Fixed for libgcrypt, updating copyright notices and license files.