Thank you. All applied and pushed to master.

In 2.4, a user need to specify disable-ccid in scdaemon.conf when scdaemon is built with integrated CCID driver (using libusb) but the user wants to use PC/SC driver instead.

A workaround seems to be to configure disable-ccid in scdaemon.conf.

Hi Werner,
after I enabled more detailed logging, I found that the issue is whithin an "old" file what was encyrpted using an outdated key. Somehow the gpg-agent got stuck here while trying to decrypt the file. After removal of the file the issue is gone, thank you for your input!

Fixed. This regression was introduced with the fix for T5697: Kleopatra: Crashes or hangs on circular certificate chains.

Are you using the keyboxd - that is, is this a new installation with gpg 2.4.3 or an old installation w/o keyboxd enabled?

Which certificate list? The list in the main view? Or the certificate list of a smart card?

I am heavily tending towards tagging this ticket as invalid as it sounds super individual, but I would like to understand the reason. Not sure how to triage this. Maybe lets give it a low.

No, I didn't make any special localization settings or environment variables on my computer. The only multi-lingual use case I have is that I used for some time the spanish version of Microsoft Office.

I think it's something special in Kleopatra in combination with your system. Kleopatra is deployed on loads of computers in Germany and you are the first one to report this problem. I understand that you do software development. Did you maybe set some localization settings or environment variables to test/debug things you develop? Can you try some other KDE application, e.g. Kate? You can get it from the Microsoft Store or alternatively at https://binary-factory.kde.org/job/Kate_Release_win64/.

The system language is German, the entire system is a German PC, German keyboard layout etc. Other languages used are English and Spanish.
The system is heavily used with different applications including SW development tools, etc.
Never noticed issues like this, so I am pretty sure it's something special in Kleopatra...

To me this looks more like a ki18n/Qt issue than a font issue. In particular, the key size drop down doesn't use a monospace font. The code uses the default locale to localize the number representation. What's the system language of your Windows?

Thank you for the fast response!

The numbers in this dialog come from system font setting for monospace fonts and that might be broken for you. But you should then have problems in other applications, too. There is nothing special here and it works for all our other users.

I am closing this as resolved for now. I would need a completely new client or mess with the registry keys in which outlook stores the performance data to test this. But I would bet it still lists us as responsible for the slow start of outlook. But the time it will then show should now be 0ms since we absolutely do nothing anymore in our DLLMain.

I don't really know how to test this though since it tracks this over time and history. Let us see if my change fixes this, It may be that outlook does not measure the DLLMain (which I am pretty sure it does) but the actual COM initialization, in which case my change did nothing. But I don't see any way in which my change could make things worse.

I think outlook shows any native addin there. As you can see by the empty bar we don't really do anything in there to slow it down. But let me check if I can move the extremely little code we have in there somewhere else.

On Linux, gpgme already passes the locale (set with gpgme_set_locale) to gpg which should pass it with every session to gpg-agent. No idea if this also happens on Windows because there are some ifdef's. The gpgme documentation mentions that the locale should be set immediately after gpgme has been initialized and that gpgme doesn't do it itself because it wouldn't be thread safe.

In GpgOL at least I have an API call to query the display language of outlook. I just need to pass it through to gpgme early and forgot about it. Also I don't think this would actually help completely if gpg-agent is running already.

Some technical details:

• KDE's ki18n uses the LANGUAGE variable to set/get the language to use. On Unix, we simply use QLocale::system(), but on Windows and macOS we look directly at the LANGUAGE variable because Qt ignores this variable on those systems. See https://invent.kde.org/frameworks/ki18n/-/blob/kf5/src/i18n/main.cpp#L63
• KDE's kxmlgui reads the application-specific override language from the file QStandardPaths::GenericConfigLocation + "/klanguageoverridesrc" and sets the LANGUAGE variable accordingly (which is then picked up by ki18n). Example from my system:

[Language]
kmymoney=@ByteArray(de)

Regarding the format, =de would probably also work.
See https://invent.kde.org/frameworks/kxmlgui/-/blob/kf5/src/kswitchlanguagedialog_p.cpp#L64

works with VS-Desktop-3.1.90.302-Beta:

works with VS-Desktop-3.1.90.302-Beta, very nice!

Raising prio in reaction to some customer feedback

Fyi, Carl already, asked me to include that in our build so I will add this.

In T6832#179438, @ebo wrote:

VS-Desktop-3.1.90.300-Beta: The executable is now found.
Therefore now the details of the signing key are listed when clicking on "keys".

But the keys for which the message are encrypted are not listed after clicking on "Details" in the first blue frame.

After clicking all "links":

The "Load Certificates" button still remains greyed out if nothing changed, i.e. if no new certificates could be loaded from the card. This could be changed, but pressing "Load Certificates" multiple times won't magically fix loading the broken certificates.

Should really work now.

Looks like ReaderStatusThread assumes that the data for the card didn't change. Therefore the card view is not updated (as before the changes for this issue).

Aha, the certificates are listed in the certificate view, though. And when you remove the smart card and re-insert it the keys are then listed without having to press the "load certificates" button.

For the X509 brainpool test cards I used it does not work in VS-Desktop-3.1.90.300-Beta . After clicking "load certificates" the button remains greyed out:

VS-Desktop-3.1.90.300-Beta: The executable is now found.
Therefore now the details of the signing key are listed when clicking on "keys".

It's true that for KEYTOCARD command, there is optional argument for ECDH.
My point is that for PKDECRYPT command, it will be needed to add mechanism for getting such a parameter (when we use KEM API in gpg-agent).

Nope, The gpgconf --kill keyboxd hangs too, if I see right, while waiting for agent:

$ strace gpgconf --kill keyboxd
[...]
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f2d74fe2a10) = 3244
wait4(3244, 0x7ffc9836e364, 0, NULL)    = ? ERESTARTSYS (To be restarted if SA_RESTART is set)

We already have the ECDH parameters for OpenPGP in the gpg-agent API. The question is how large the data for PQC will be - likely we need to use an inquire already for this reason.

Considering the design of gpg-agent which focuses on private key operations and data, it would be better to enhance the gpg-agent protocol to inquire public key data of any format defined by the client (including ECDH KDF parameters of OpenPGP). I mean, instead of storing data in the key file (originally designed for private key + some additional data), we will enhance the protocol.

That is a feature. Consider the case that ~/.gnupg is on network file system and thus possible in use on several boxes. Thus before we remove stale lock files we do not only compare the PID but also the hostname. Granted, this is rare but we have had such cases in the past with locks.

Oh sorry, no that did slightly not make it in when I created the tarball for the current beta.

Now the Learn Certificates button is shown if at least one card key is unknown. And the list of certificates is shown if at least one certificate of a card key is known.

No change in VS-Desktop-3.1.90.295-Beta

VS-Desktop-3.1.90.295-Beta: now there is no button any more... So still no learn key possible.

Merge request was merged for both MimeTreeParser and MessageLib

We should really fix that quickly.

I guess this was high priority.

Suggested patch{F5300480}

Applied to 2.4, too.

Testing in 2.4 will not be easy because it requires code modification just for testing. However, de-vs is not supported by 2.4 and the greater plan is to get 2.6 approved for de-vs.

works in VS-Desktop-3.1.90.277-Beta

The fix is in 1.10.3.

Fix is in 1.10.3.

Thanks for commenting from the other account. This allowed me to disable the account. Deleting and account is hard in Phabricator thus we do it only very rarely. But disable is basically the same.

and before you say there's just a "remove my account" button on the home screen, using it gives an error:

It's virtually impossible to find any "delete account" (or "disable account") button.