Confirmed with two other cards. in the gpg-agent log I also see MARKTRUSTED not supported lines while the card is inserted - this is cause by the loop in Kleo.

This is a generic parent task and does not require workboards for specific branches.

FWIW, the Fileversion is actually the Git revision in decimal

You can't decrypt using the Esign application on such a card. Please provide more information off-tracker.

Testing in 2.4 will not be easy because it requires code modification just for testing. However, de-vs is not supported by 2.4 and the greater plan is to get 2.6 approved for de-vs.

I'd prefer to not use the spawn helper at all. All currrent Windows versions allow to decide which handles are to be inherited and thus there is no more need for the helper.

@gniibe: This is a pretty old bug; given all the changes of the last year, should we close it now?

You are creating a signed archiv? Why - gpgtar is used for encryption.

That's right: -K is merely a -k which prints only keys which have at least one secret key or a stub key (for smartcards) available.

Thanks for commenting from the other account. This allowed me to disable the account. Deleting and account is hard in Phabricator thus we do it only very rarely. But disable is basically the same.

I just verified the new account. Please delete (i.e. disable) it yourself - I can't easily figure out whether it is really your account.

Problem seems to be that there is no ~/trustedkeys.gpg file and that the fallback to the kbx file does not anymore work. I can replicate that with 2.40 and 2.4.4-beta.

That version of gpg is too old that I will look at it.

That sounds very good.

I disagree. We already talked about this and we should proceed as planned.

Further investigation showed that this was due to a bogus key creating during I wrote the code.

We consider rsa2048 as compliant until the end of this year; this is required due to the Telesec smartcards. However, we should never create such a key and kleopatra does not allow this.

Test version is available intern.

I think there is no configuration option to set the socket directory, it's hardcoded in homedir.c

That is convenience. Before we did this people were complaining that they first need to create a directory for the sockets. You should not need to use --create-socketdir unless you want to start something like watchgnupg on a socket in just this directory (using the shortcut socket://).

What is your problem with socket below /run/user ? In fact you will need it anyway if your socket file name is longer than something like 104 characters.

The second retry counter is used by current cards for the Reset Code error counter. It is zero if no reset code has been set. It was used by card specs 1.x for the CHV2 only available there.