This is long known and we won't fix this for gpg4win.

Please use

Tobias, if you find some time, can you please see how this can be done.

Please keep also in mind that the OpenPGP card specification has always and is still developed along with GnuPG . Thus if there are any uncertainties in the specification GnuPG's way of handling thing is the way to go. If there is a way to chnage things without risking any breakage we can of course fix that. In all other cases we need to continue wit the current way. For larger changes in the spec we can of course cleanup stuff - Achim is currently reworking on a revision.

Works for me using the latest vsd beta (3.1.92.39)

I am still not sure why I noticed the double signing but with the new stamp feature we have an effective way to avoid long delays due to authenticode signing. Some gmake macro guru might want to look at gpg4win.mk.in to get rid of the duplicate rule ignore messages.

strcasecmp is pretty standard on Unix. However, in GnuPG we test for it and mostly use our own ascii_strcasecmp to avoid fun with locales. Ralph Seichter is providing macOS builds for GnuPG (https://sourceforge.net/p/gpgosx/docu/Download/) . Maybe it is worth to contact him via the gnugp-devel mailing list and ask him whether he has experience with your toochain.

And we should also use timestamps for each signed file so that we don't need to re-sign all of them over and over during build process tweaking.

Use autogen.sh to keep version in sync

We also need to tweak the Windows installer and probably also Kleopatra. For example we use use standard registry entries for all products.

The reset was due to running gpg-connect-agent reset /bye. I am currently testing something elese will get back as soon as I can turn back to 2.4

New release due?

Note that this has also been ported to 2.4 and 2.2 and tested by looking at the status lines.

So, what is the state of this. Did a change already land in Kleopatra and how can we assure that all binaries have a W32INFO_PRODUCTNAME in their rc file?

See T7046 for the release info. Note that the mentioned fix for kwallet already landed.

Noteworthy changes in version 1.2.1 (2022-08-24)

AFAICS the bounce is correctly reported. You get the 550 at the mail from so that there won't be a need for several SPF checks if a sender wants to send to several recipients.

Thanks for reporting this. Returning error codes to upper layers is not always easy because the original logic is that we have a global error counter to decide whether an operation succeeded. My fix to check the error code before emitting the DECRYPTION_OKAY status,

But only if you can figure out in a transaction or locked sytate whether the card needs a verify. Otherwise we have a race between changing the PIN and verifying a PIN.

We need to see whether we can use the gpgconf.ctl feature also for Windows here. Registry entries for gpd and vsd also require a change.

It could have been discussed whether this makes sense. However, we can't change it anymore because it would change the behaviour. Consider a cron job which looks into a directory with keyids and imports them from a keyserver. It is totally fine if the script returns success if no keys are available.

Your above excerpt for the log is not a bounce. Can you please give me an example from a rejected bounce? Noet that BATV is also in use.

That is on purpose. Please add an SPF record to your site. If there is really really a problem for you with that, write me off tracker.

See T7034

Sorry, this is not a help line but a bug tracker. If you lost or forgot your password you are screwed up.