I like it. BTW, even the unblocking should not be easy to access because users will anyway enter the wrong PUK and then the card is bricked (ready for a factory reset).

I'd say go it it.

Actually we should get rid of stdio functions and use the es_foo replacements from libgpg-error.

Well, backup and restore oddity. I don't think that that we can have a full solution here unless we provide dedicated backup and restore scripts.

FWIW, I received that mail but I hope that this bug is at least fixed with today's fix for T7213. Thus not re-opening.

This patch has a new fix for T5793 which is now only used where needed.

I don't think that we can do much manual testing here because we have all test cases anyway in the regression test suite and our local non-public regression tests (which has the p12 files we are not allowed to publish)

Alright. Done for master; backport will come soon.

Is a solution to this problem by an organization using pass for a log time with quite some users.

Sounds like a good idea.

Please see the quote from Knuth which explains this.

Please name the smartcard tab column Slot and use Smartcard instead of Token. Most users either have a “Smartcard” or a “Yubikey” and they don't known what we mean by “Token”.

Sorry, I can't resist to quote Knuth from his homepage:

Alright: Call gettext_use_utf8 (3) to set the current thread to utf8 and init all new threads to utf8 as well. This function with that value (actually bit 1 is relevant) can be used several times but it will never switch back the initialization to utf8. However, switching back and force to utf8 per threads is still possible.

The garbled data might be due to a bug in dumpasn1 (version 2021-02-12).

Fixing this is important for getting the next release out.

Is the QIcon API available in QT5 ? If not we can't phase that out.

Not for a broken compiler but for several CC versions which consumed lots of memory for unrulling stuff. iirc, this was not only gcc.

All given data files are concatenated; not sure whether this is a good feature but iirc pgp 2 did it the same way.

BTW, gpgme does not yet use --quick-set-ownertrust which can also be used to set the disabled flag. We should replace the interactor by the new command. See rG21f7ad563d for the new command.

iirc, we once disabled the trustdb check because it was run for each imported certificate which took long and was superfluous die to changes introduced by the next certificates. GPGME has a "no-auto-check-trustdb" flag to allow for this.
See T6261

@TobiasFella: This is on purpose: The key might be expired because the user does not have the primary address anymore and thus it makes no sense to show the name. Anyway the listing of the name is more a convenience thing and it might be better if the frontend takes it from its own cache. But it is pretty old code and things and ideas may have changed meanwhile.

The data looks garbled:

gpg makes it pretty hard to delete a secret key; thus having a (user settable) option in Kleopatra makes a lot of sense to me.

In case you run into problems installing the bzip2 part w/o root rights, you need to apply rGc333e9dad66 to set the PREFIX make variable also for bzip2.