hmm, almost. With VS-Desktop-3.1.90.258-Beta I do not get an error any more, a key is generated. But the "vaild until" date is off by one day, it is one day later as the one given at key generation.

works, the secret part is now imported, too, tested with VS-Desktop-3.1.90.258-Beta

works: my brainpool X509 testcertificate is shown as compliant

For the VSD branch it works, VS-Desktop-3.1.90.258-Beta

In VS-Desktop-3.1.90.258-Beta it is "no space left on device" now in the encrypt/verify window.

At the moment we have a green background for the results of a decryption and/or verification, if it was successful.
This does not work with high contrast mode.

and it is also confusing that you can choose the key for signing in Kleopatra, it is displayed with a green check mark but then you run into an error:

yes, fixed

The original issue was to unclear to analyse and it was likely meanwhile fixed. For the other issue see the follow up ticket.

The debug/workaround option works: When the option is checked, opening the msg file will not change its date.

With VS-Desktop-3.1.90.246-Beta I can not import the secret part of the edward.tester@demo.gnupg.com.p12 Testkey (ECC brainpool).
I do not see any error message.

works: installed VS-Desktop-3.1.90.246-Beta with

it was decided to write the encrypted archive with ending .part and only rename it at the end. In this way the users can't think they have a valid encrypted archive

Well I have looked at this ticket and posted a comment. We should talk about if there is anything left to do or not. I suspect that the gpg side is done and I should open one (or probably better several) ticket(s) for the kleopatra side.

works now with VS-Desktop-3.1.90.246-Beta

The error message in Kleo is now (with VS-Desktop-3.1.90.246-Beta) "Broken pipe". But in the linked error protocol you can find the gpg error message "no space left on device". So I would find this message acceptable.

As what I see is similar as what Andre saw, I'll describe it here. Please check if this is relevant.
After the above mentioned Ticket was resolved, I tried the exact same encryption in Kleopatra on the same Test-VM.

works!

Well, neither OpenPGP certifcate nor CSR creation from a key on a card is offered for any of the cards I tried.
But that is not only for RSA2048, but for all types of keys.

This is probably a duplicate of T6325

works

related to T6325

For Yubikey it looks the same for me, the CSRs creation buttons are always greyed out (checked for RSA 2048, 3072, brainpool)

On Yubikey and OpenPGP card, OpenPGP creation is possible for RSA2048, too.
Key creation on Yubikey with Curve25519 fails with "General error", it is not disabled in Kleo.
On the Zeitcontrol OpenPGP card it is not offered (but it does not have the capability, anyway, AFAIK)

As I have installed several test versions on Windows since and did never notice a self test during usage, this obviously works

TeleSec NetKey v3 cards are accepted, for NetKey v2 you get the error message "NetKey v2 cards are not supported".

With current VS-Desktop-3.2.0.0-beta229/231 this does not work for me. Neither for RSA 2048 nor 3072.
The CSR buttons are greyed out

Choosing Curve 25519 results in a general error btw.

works, either name or email is enough

fwiw: For a Netkey 3.0 card with expired RSA 2048 certificates, CSR creation is not offered.

closing this ticket, diagnostic output is there, for improvements see T6749

The error dialog has the "Show Audit Log" button now and it shows error messages but now the user gets two audit logs:

And the filter for the key selection has to be checked. Also compare T6743

We decided what aheinecke wrote before: The key group name should be displayed with a red X and the encryption button should be disabled as long as encryption is not possible.

We decided to use the blue symbol for such a not compliant key in the VSD version

We discussed and decided that "can encrypt" should determine if an encryption subkey exists for a key in the keyring associated with the given email address.

works. In current VSD-testing-Beta.

Works, the expected behavior from the description is shown.

With the current Beta VS-Desktop-3.2.0.0-beta229/231 the tags in the tags column in the certificate list are always shown, regardless of the configuration option "show tags of certificates". Only the tag of the primary UID is shown there (which makes sense, IMHO).

The new "no 509 certificate" message box comes up always when restarting Outlook and then immediately composing and sending a message, even when the user has a certificate.
-> add a check if the cache is already loaded in GpgOL

For the Berta Key in the Testversion: *After* entering the Password for the signature, the new GpgOL message does show. When I choose "Retry" in spite of the warning, the mail is send out encrypted.
So I was only confused because I did expect another order of events. Something seems redundant and confusing here:
First you are shown the security confirmation dialog an click on OK (with the small warning sign and "not compliant" next to it), then you are asked for your password (if it is not in the cache) and then you get the new Warning message with the option to "Retry". Although you already in the first dialog chose to encrypt non-compliant.
Btw: The error message from gpg is for me not "end of file" instead it is: "Syntax error in URI"

If I repeat this with a totally empty keyring, I get the new message regarding the missing signing certificate.

With this certificate I do get the security confirmation dialog without "always show" on, but still no new message box.

Without "always show" I get a pinentry immediately after hitting "Send". So no warning.

I realized that I still had "always show confirmation dialog" on... When I turn that off I get the default error message, but with encoding errors:

I do not see the default error message, not even with a new, totally empty keyring.
I immediately get:

I had a look at the current state (VS-Desktop-3.2.0.0-beta229/231 from 2023-09-29):

again aheinecke:

aheinecke wrote regarding not showing the group at all (https://dev.gnupg.org/T6401#175847):

This is in contrast to the behavior for "single" keys. An expired key is not listed as available for encryption at all.

This looks nice! One down...

Yes, works now ( VS-Desktop-3.2.0.0-beta from today):

works, I only see the error in debugview.
Furthermore, I use the occasion to point to T6493, Improvements on search window ;-)

works: After generating a PIV key

gpg --edit-card

nevertheless shows the OpenPGP keys. Tested with gpg4win 4.2.0.

works as described

For me with Gpg4win 4.2.0 it works as expected, that is all UIDs which have a checkmark are certified in one go, entry of password only once. Used the key given in description for the test.

After the fix everything after the Signature block is now silently discarded