Tested wit 4win Beta-70:

The last two usages of KIconLoader have been remove in kleopatra master. (libkleo was already good.)

Sorry, I've pasted the wrong link, I wanted to paste this one: https://lists.gnupg.org/mailman/listinfo/gnupg-users

Why would I turn to the Windows mailing list when I am a Linux user?

Note that Kleopatra already has clipboard integration via its tray icon, i.e. you can directly sign/encrypt/decrypt/import the clipboard content from there. Unfortunately, it uses a complete different UI for selecting the recipients. Lots of room for improvement/consolidation.

Some follow up tasks: T7361: notepad: Move to an external window T7355: Keyboard navigation inside the Notepad text editor and T7362: notepad: Clipboard and filesystem integration

Kleopatra (master; KF6)

https://invent.kde.org/pim/kleopatra/-/merge_requests/309

ok, I confirm that this is removed in 4win-beta-70 and update the tags

I removed a duplicated comment above.
Please do not duplicate information (no top posting) and keep your descriptions short and to the point.

"BTW, GnuPG 2.3.4 is a very old version."

In the story of my life, you are a mythological figure.

The possibility to drag certificates from Kleopatra to somewhere else has been disabled for Windows builds. The change has also been backported for vsd33. In the vsd33 AppImage it should still be possible to export certificates by dragging them from Kleopatra to, for example, Dolphin. Maybe we still want to remove the vsd33 tag.

Kleopatra now asks the same questions as the GnuPG backend. The choices the user can make are a bit different because the user already told Kleopatra that they want to trust (or distrust) a root certificate. Therefore, the first dialog only has "Yes" and "Cancel". And the fingerprint dialog (which is only shown for Trust but not for Distrust) only has "Correct" and "Wrong". Another difference is that in GnuPG clicking "Wrong" makes GnuPG mark the certificate as untrusted (which is a bit surprising). In Kleopatra the certificate is left unchanged if the user selects "Wrong".

If gpg-agent's option "no-allow-mark-trusted" is set then the actions "Trust root certificate" and "Distrust root certificate" won't be available. If the option is set while Kleopatra is running then it needs to be restarted to get rid of the actions. If one tries to use the actions then Kleopatra will tell you that you are not allowed to do this. Similarly one needs to restart Kleopatra to make the action available again after the option was unset.

Fix backported to 2.4

As the tabs were never part of a official release, I remove the workboard tags

gpg4win-beta-64: The smart card tab introduced by T7020: Kleopatra: add "Smart Card" tab to certificate detail view is gone again

It was decided to remove the tab again: T7249: Kleopatra: Remove tab "Smartcard" in the certificate details window, so its gone in 4win-Beta-64

Backported for vsd33

Thus the rule is that all our Qt applications except for pinentry need to fist initialize gpgme to get the actually used GNUPGEHOME. gpgconf either takes this from the GNUPGHOME envvar or from its default or via its gpgconf.ctl file.
The latter can eventually be used to move the default homedir to %APPDATA%\gnupg-vsd so to allow using different versions of the gnupg engine.

Backported for vsd33

Backported for vsd33 (as discussed with ebo)

This bug exists since Kleopatra offers "Trust root certificate" (i.e. since 2010). allow-mark-trusted seems to be default since Gpg4win 2.1.0. If admins really want to prevent users from messing with the trustlist then they anyway have to use the no-user-trustlist option.

I can still reproduce case 2 with gnupg 2.4. I have to check how my local setup differs from gpg4win-Beta-64.

If we fix this bug for 2.2 we need to have a configure way to revert to the old behaviour. That needs to be a kleopatra config. Or we just don't fix this bug for current vsd but only for gpg4win and the next generation vsd.

If you use a tabbed layout you will always have the problem that some tabs have lots of whitespace and other tabs have little whitespace or even a scrollbar.

I just saw that gpg-agent has a MARKTRUSTED command which takes care of asking the question and of modifying the trustlist.txt. I guess it makes sense that Kleopatra uses this command for the "Trust root certificate" action.

In T7349#192860, @werner wrote:

Kleopatra should also not offer to add a root CA if gpg-agent's mark-trusted feature has been disabled.

Saw it in a screenshot somewhere, can't find it now. I do not have a version with that commit.

In T7329#192861, @ebo wrote:

Regarding the removal of the stretch: Now there seems to be no space at all before the description. Could we have a one-line space before it?

As this ticket is for vsd33, the nice design tweak has to go into another ticket, it will not be backported to kf5.

iirc, Kleopatra modifies the trustlist.txt on its own. The import case is handled by gpgsm which pops up boths dialogs.
Kleopatra should also not offer to add a root CA if gpg-agent's mark-trusted feature has been disabled.

When checking this out with gpg4win-Beta-64 I can reproduce case 1 (and of course 3) but not case 2:

Regarding triage: This is not widely encountered and a workaround exists

Passing ticket to werner to consider backports.

A bunch of related merge requests:

This is now merged into master

I like this patch, I created a MR based on it (with some additional simplication) https://invent.kde.org/pim/kleopatra/-/merge_requests/299

What about the simplification below. Add more authors and sort-lines as you like. There is no legal necessary to show a full list of copyright holders. Authors are not a legal term in the context of software because software is not considered a piece or art. From the GNU coding standards related to the version/about output:

The line

Please use https://bugs.kde.org to report bugs.

seems to be hard-coded into the Authors tab. I see it in all KDE applications. Maybe it can be customized.

We could simplify the copyright lines to (if we make sure that the current names are listed as authors)

Copyright 2002-2024 The Kleopatra authors
Copyright 2002, 2004, 2007-2009 Klarälvdalens Datakonsult AB
Copyright 2016-2018 Intevation GmbH
Copyright 2010-2024 g10 Code GmbH

alternatively using © instead of "Copyright". (Using both as in KMail is nonsense because © is the official abbreviation of the word "Copyright".)

and why is the link to the bug tracker in the authors tab?
We could also discuss it the KDE Bugtracker is the best place to link to for that…

When we change the About-dialog we should change some other things there, too, not only the author information.

Making pinentry issue "fully canceled" if the user clicks Cancel breaks decryption of data that is encrypted with multiple keys of the owner. The user woudn't be asked for the password of their second key if they canceled the pinentry for the password of the first key.

Note for testing:
If the environment variable GNUPG_ASSUME_COMPLIANCE is set to "de-vs" and de-vs compliance is enabled then Kleopatra should show "VS-NfD compliant (beta)" instead of "VS-NfD compliant" everywhere. ("Not VS-NfD compliant" doesn't get the (beta) suffix.)

For the second case, I think that gcry_kdf_defive should not be called with pw="". The result of FAILURE gpg-exit 33554433 comes from the log_error after failure of gcry_kdf_derive.