An easy solution seems to be to just tell the overlay to not be always on top. It still blocks the outlook window, but other windows can then be shown on top of it.

my win10 vm was also installed with german language

issues split into new tickets:

• T7644: Kleopatra: 'Show Audit Log' in signature verification needs two clicks to open
• T7645: Kleopatra: Encoding errors in signature verification audit log (timestamps)

If the file data is next to the file data.sig then Kleopatra should automatically use data.sig with data. If you run kleopatra --verify data.sig or start the verification by selecting data.sig in the Windows Explorer then Kleopatra does automatically use data (at least on Linux).

Note that screenshot was made with a gpg from the 2.2 branch.
And on a Windows VM which was (I'm quite sure) installed in German from the start.
In case it matters…

We are using the style already since quite some time for gpg4win-5. I keep this ticket open for now for further adjustments (e.g. removal of workarounds added for other styles).

I'm wondering how we display valid signatures with not certified certificates. Those should probably be white (because there's no problem with signature or certificate, but signatures of uncertified certificates are as good as no signature at all.)

In T6869#200687, @ikloecker wrote:

Most of the texts (most are proper sentences) lack a full stop. It's unclear whether this is a bug in the German translation or also in the original texts. This should be fixed.

I can't see any documentation that a value of 0 disables the cache. The user might have used some undefined behaviour. For example in the old code we did a housecleaning when we were idle but the new code uses a timer and another thread for flushing the cache. We could open a feature request to entire disable the cache but I bet that we will get a lot of new bug reports because users will then need to enter their passphrase too often for one operation.

i added single/valid/disabled and single/valid/revsubkey to the screenshot table:
https://dev.gnupg.org/T6869#200682

It's not my intention. I didn't know the feature of disabling caching by max-cache-ttl to 0.
Well, it's a regression if a user intends so.

btw, my clue was that in that last --check-sigs, if i used --debug-all i got this:

This affects certification-only primary keys when doing web-of-trust calculations.

works for me, thanks

In T6869#200695, @timegrid wrote:

so the non working automatic match of data.sig -> data is another bug?

You cannot trust any signatures made with a compromised key because the signature creation date can easily be forged.

Then why don't we add at least the red background (and maybe an X) instead of the warning sign symbol and no color?

Backported for VSD 3.3.x

so the non working automatic match of data.sig -> data is another bug?

You cannot trust any signatures made with a compromised key because the signature creation date can easily be forged.

In T6869#200687, @ikloecker wrote:

Most of the texts (most are proper sentences) lack a full stop. It's unclear whether this is a bug in the German translation or also in the original texts. This should be fixed.

In T6869#200689, @timegrid wrote:

It's weird that in the "multiple / mixed / split" case the full paths of the files is used even though all files seem to be in the same folder. This isn't really that important.

This is always the case, when the sig file is selected for verification (compared to the verified file itself). Makes probably sense, as the file to be verified needs to be selected explicitly and could be in a different path.

In T6869#200688, @ebo wrote:

One thing: The message for the valid signature from a revoked key looks less worrisome from the user perspective as an invalid signature. Is this intended?
One does not see here if the signature was made before or after the revocation. In the latter case the signature can not be trusted for sure. In the first case it might be ok.

Could we maybe add the time of the expiry or revocation in the message?

In T6869#200682, @timegrid wrote:

• the Show Audit Log link will open the log only on the second click

It's weird that in the "multiple / mixed / split" case the full paths of the files is used even though all files seem to be in the same folder. This isn't really that important.

One thing: The message for the valid signature from a revoked key looks less worrisome from the user perspective as an invalid signature. Is this intended?
One does not see here if the signature was made before or after the revocation. In the latter case the signature can not be trusted for sure. In the first case it might be ok.

Most of the texts (most are proper sentences) lack a full stop. It's unclear whether this is a bug in the German translation or also in the original texts. This should be fixed.

tests with vsd still needs to be done

the changes themself look good to me on gpg4win-5.0.0-beta167@win10

Lucas Mülling commented yesterday on gnupg-devel:

yes please!

looks good to me on gpg4win-5.0.0-beta167@win10

The status bar is now updated in case the VERSION file is loaded after the main window was created.

Kleopatra does not show version information in the status bar. It does show whatever is stored in the VERSION file under the key statusline in the group [Kleopatra].

looks good to me on gpg4win-5.0.0-beta167@win10

In libgcrypt/cipher/ecc-ecdsa.c, we have:

mpi_mulm (s, k_1, sum, ec->n);    /* s = k^(-1)*(hash+(d*r)) mod n */

Hi Werner, I submitted a patch right after this bug report using AC_CHECK_DECLS([_sys_siglist]) [1].

To avoid further noise on this ticket, i've done as requested and posted to gnupg-devel : (https://lists.gnupg.org/pipermail/gnupg-devel/2025-May/035875.html