Page MenuHome GnuPG
Feed Advanced Search

Advanced Search
Use Results
Hide Query

Fri, Jan 23

timegrid edited projects for T6633: GPGME: Add API for extended key usage flags like nonRepudation, added: gpgme, gpd5x; removed Restricted Project.

@werner: Is this resolved?

Fri, Jan 23, 11:27 AM · gpd5x, gpgme, okular

Wed, Jan 21

timegrid added a comment to T6632: Okular: Highlight / preselect "nonRepudiation" certificates for qualified signatures.

I also tested to add the qual flag to the root cert in the global trusted.txt, as using qualified.txt is considered legacy, but still the same behavior

Wed, Jan 21, 2:02 PM · gpd5x, okular
timegrid added a comment to T6732: Visual representation of signature is a bit ugly.

The first time Okular was included is gpg4win-4.2.0:

Wed, Jan 21, 1:57 PM · gpd5x, okular
timegrid added a comment to T6632: Okular: Highlight / preselect "nonRepudiation" certificates for qualified signatures.

See here for how it should look like:

Wed, Jan 21, 1:33 PM · gpd5x, okular
timegrid added a comment to T6632: Okular: Highlight / preselect "nonRepudiation" certificates for qualified signatures.

I see. I added the root cert to C:\ProgramData\GNU\etc\gnupg\qualified.txt and the usage of the signing certs does include a qualified signature in Kleopatra now. Still I don't see any highlight/filter in Okular:

Wed, Jan 21, 12:46 PM · gpd5x, okular

Tue, Jan 20

svuorela added a comment to T6632: Okular: Highlight / preselect "nonRepudiation" certificates for qualified signatures.

None of these certificates are for qualified signatures.

Tue, Jan 20, 1:27 PM · gpd5x, okular
svuorela added a comment to T6732: Visual representation of signature is a bit ugly.

Try compare with a gpg4win 3.latest.

Tue, Jan 20, 1:27 PM · gpd5x, okular

Jan 15 2026

timegrid added a comment to T6632: Okular: Highlight / preselect "nonRepudiation" certificates for qualified signatures.

I created a bunch of smime certs (via OpenSSL) and imported them in gpg4win-5.0.0 @ win11:

  • For each keyusage
    • keyEncipherment, dataEncipherment
    • digitalSignature
    • nonRepudiation
    • digitalSignature, nonRepudiation
  • Alice's certs with different names, Bob's certs with same name for each key
Jan 15 2026, 4:26 PM · gpd5x, okular

Jan 14 2026

timegrid added a comment to T6732: Visual representation of signature is a bit ugly.

Was anything changed? What to test here?

Jan 14 2026, 10:44 AM · gpd5x, okular

Jan 13 2026

ebo moved T8018: Okular: No error on signature with wrong passphrase from Backlog to WIP on the gpd5x board.
Jan 13 2026, 4:16 PM · Bug Report, gpd5x, okular
timegrid added a comment to T7285: Okular: Improvement of error messages regarding signatures.

Thanks, looks good to me:

  • Saving to c:\
  • Saving with removed signing key
Jan 13 2026, 3:30 PM · test on hold, gpd5x, okular
ebo moved T6732: Visual representation of signature is a bit ugly from Backlog to QA on the gpd5x board.
Jan 13 2026, 2:43 PM · gpd5x, okular
ebo added a project to T6732: Visual representation of signature is a bit ugly: gpd5x.
Jan 13 2026, 2:43 PM · gpd5x, okular
svuorela added a comment to T7285: Okular: Improvement of error messages regarding signatures.

A way to trigger some errors could be trying to save to c:\windows or some other place you can't do.
Or while you have the key list open in okular, remove the key underneath everything and then continue.

Jan 13 2026, 2:40 PM · test on hold, gpd5x, okular
ebo moved T6632: Okular: Highlight / preselect "nonRepudiation" certificates for qualified signatures from Backlog to QA on the gpd5x board.
Jan 13 2026, 2:39 PM · gpd5x, okular
svuorela changed the status of T6632: Okular: Highlight / preselect "nonRepudiation" certificates for qualified signatures from Open to Testing.
Jan 13 2026, 2:38 PM · gpd5x, okular
svuorela added a comment to T6632: Okular: Highlight / preselect "nonRepudiation" certificates for qualified signatures.

We now have a filter for qualified signatures if there is any in the list

Jan 13 2026, 2:38 PM · gpd5x, okular
svuorela changed the status of T8018: Okular: No error on signature with wrong passphrase from Open to Testing.

Fixed upstream with https://invent.kde.org/graphics/okular/-/merge_requests/1301 - not yet in our packaging

Jan 13 2026, 2:36 PM · Bug Report, gpd5x, okular
ebo edited projects for T7658: Okular: Dirmngr startup timeout on signature validation, added: gpd5x (gpd-5.0.0); removed gpd5x.
Jan 13 2026, 12:32 PM · gpd5x (gpd-5.0.0), Bug Report, okular
ebo edited projects for T6731: Default save dir in okular/windows is wrong, added: gpd5x (gpd-5.0.0); removed gpd5x.
Jan 13 2026, 12:32 PM · gpd5x (gpd-5.0.0), okular
ebo edited projects for T7697: Okular: No valid smime certs found, added: gpd5x (gpd-5.0.0); removed gpd5x.
Jan 13 2026, 12:32 PM · gpd5x (gpd-5.0.0), Bug Report, okular
ebo edited projects for T7706: Okular: "Save as" does not work, added: gpd5x (gpd-5.0.0); removed gpd5x.
Jan 13 2026, 12:32 PM · gpd5x (gpd-5.0.0), Bug Report, okular
ebo edited projects for T7829: w32: daemon (gpg-agent/keyboxd/dirmngr) startup and connection race when there is a socket file already, added: gpd5x (gpd-5.0.0); removed gpd5x.
Jan 13 2026, 12:32 PM · gpd5x (gpd-5.0.0), gnupg22 (gnupg-2.2.52), Bug Report, okular
ebo edited projects for T7717: Location of qt-application config files, added: gpd5x (gpd-5.0.0); removed gpd5x.
Jan 13 2026, 12:31 PM · gpd5x (gpd-5.0.0), Windows, kleopatra, vsd34, okular
ebo moved T7982: Kleopatra, Okular: Process doesn't exit if the app is Quit from Done to gpd-5.0.0 on the gpd5x board.
Jan 13 2026, 12:25 PM · gpd5x (gpd-5.0.0), Windows, okular, kleopatra

Jan 9 2026

werner closed T7829: w32: daemon (gpg-agent/keyboxd/dirmngr) startup and connection race when there is a socket file already, a subtask of T7658: Okular: Dirmngr startup timeout on signature validation, as Resolved.
Jan 9 2026, 11:21 AM · gpd5x (gpd-5.0.0), Bug Report, okular
werner closed T7829: w32: daemon (gpg-agent/keyboxd/dirmngr) startup and connection race when there is a socket file already as Resolved.

That was also fixed in gnupg 2.2.50 and thus vsd 3.3.3

Jan 9 2026, 11:21 AM · gpd5x (gpd-5.0.0), gnupg22 (gnupg-2.2.52), Bug Report, okular
werner moved T7829: w32: daemon (gpg-agent/keyboxd/dirmngr) startup and connection race when there is a socket file already from QA to gnupg-2.2.52 on the gnupg22 board.
Jan 9 2026, 11:19 AM · gpd5x (gpd-5.0.0), gnupg22 (gnupg-2.2.52), Bug Report, okular
timegrid updated the task description for T7285: Okular: Improvement of error messages regarding signatures.
Jan 9 2026, 10:49 AM · test on hold, gpd5x, okular
timegrid added a project to T7285: Okular: Improvement of error messages regarding signatures: test on hold.
Jan 9 2026, 10:48 AM · test on hold, gpd5x, okular

Jan 8 2026

timegrid moved T7717: Location of qt-application config files from WIP to Done on the gpd5x board.

Looks good to me on gpg4win-5.0.0-beta479 @ win11.

Jan 8 2026, 12:15 PM · gpd5x (gpd-5.0.0), Windows, kleopatra, vsd34, okular

Jan 7 2026

werner triaged T8017: Okular: Hang on signature with smime cert and distrusted root as High priority.
Jan 7 2026, 12:06 PM · Bug Report, S/MIME, gpd5x, okular
werner triaged T8018: Okular: No error on signature with wrong passphrase as Normal priority.
Jan 7 2026, 12:04 PM · Bug Report, gpd5x, okular
timegrid added a comment to T8017: Okular: Hang on signature with smime cert and distrusted root.
>gpgsm -v --sign --local-user "Edward Tester" test.pdf > test.gpg.p7s
gpgsm: enabled compatibility flags:
gpgsm: looking up issuer from the Dirmngr cache
gpgsm: number of matching certificates: 0
gpgsm: dirmngr cache-only key lookup failed: No data
gpgsm: issuer certificate {04A0A7E932B29D43A9B6673139AF52C0A5FC467BF5A64D044D1AC33613ABBB73CA532569F5779999114C0118CD66FDF6E92B1B0EEE2A4D5A815DA7FD892DDDE9C1} not found using authorityKeyIdentifier
gpgsm: looking up issuer from the Dirmngr cache
gpgsm: number of matching certificates: 0
gpgsm: dirmngr cache-only key lookup failed: No data
gpgsm: certificate is good
gpgsm: root certificate is not marked trusted
gpgsm: fingerprint=D4:EC:A6:B4:69:AB:B5:44:08:27:CB:3F:C7:D7:91:08:3C:10:27:DB
gpgsm: DBG: BEGIN Certificate 'issuer':
gpgsm: DBG:      serial: 01
gpgsm: DBG:   notBefore: 2020-03-26 19:41:01
gpgsm: DBG:    notAfter: 2063-04-05 17:00:00
gpgsm: DBG:      issuer: CN=Root-CA 2020,OU=GnuPG.com,O=g10 Code GmbH,C=DE
gpgsm: DBG:     subject: CN=Root-CA 2020,OU=GnuPG.com,O=g10 Code GmbH,C=DE
gpgsm: DBG:   hash algo: 1.2.840.113549.1.1.11
gpgsm: DBG:   SHA1 Fingerprint: D4:EC:A6:B4:69:AB:B5:44:08:27:CB:3F:C7:D7:91:08:3C:10:27:DB
gpgsm: DBG: END Certificate
gpgsm: after checking the fingerprint, you may want to add it manually to the list of trusted certificates.
gpgsm: validation model used: shell
gpgsm: can't sign using 'Edward Tester': Not trusted
[GNUPG:] FAILURE gpgsm-exit 50331649
Jan 7 2026, 9:33 AM · Bug Report, S/MIME, gpd5x, okular
svuorela added a comment to T8017: Okular: Hang on signature with smime cert and distrusted root.

How does gpgsm react if you try to sign with the certificate?

Jan 7 2026, 9:09 AM · Bug Report, S/MIME, gpd5x, okular

Jan 6 2026

timegrid added a comment to T8017: Okular: Hang on signature with smime cert and distrusted root.

Maybe it would be better to just not offer S/MIME certs with distrusted root cert?

Jan 6 2026, 2:42 PM · Bug Report, S/MIME, gpd5x, okular
svuorela added a comment to T6731: Default save dir in okular/windows is wrong.

Note: It does not seem to be possible to open a pdf from an URL, at least not via CLI okular.exe <URL> (it says Unknown protocol 'https').

Jan 6 2026, 2:35 PM · gpd5x (gpd-5.0.0), okular
timegrid moved T7285: Okular: Improvement of error messages regarding signatures from QA to WIP on the gpd5x board.

I tried to get any error response but found those issues instead:

Jan 6 2026, 2:33 PM · test on hold, gpd5x, okular
timegrid created T8018: Okular: No error on signature with wrong passphrase.
Jan 6 2026, 2:28 PM · Bug Report, gpd5x, okular
timegrid added a comment to T8017: Okular: Hang on signature with smime cert and distrusted root.

If all processes are killed before okular is opened, i get an error on "finish signing":


gpgsm-error.log102 KBDownload

Jan 6 2026, 2:15 PM · Bug Report, S/MIME, gpd5x, okular
timegrid added a comment to T8017: Okular: Hang on signature with smime cert and distrusted root.

gpgsm.log (debug-all, whole process of signing)

gpgsm.log132 KBDownload

Jan 6 2026, 2:11 PM · Bug Report, S/MIME, gpd5x, okular
timegrid created T8017: Okular: Hang on signature with smime cert and distrusted root.
Jan 6 2026, 2:03 PM · Bug Report, S/MIME, gpd5x, okular
timegrid moved T6731: Default save dir in okular/windows is wrong from QA to Done on the gpd5x board.

Looks good to me on gpg4win-5.0.0-beta479 @ win11. The default path is now the same as the path of the opened file:

Jan 6 2026, 1:40 PM · gpd5x (gpd-5.0.0), okular
ebo moved T6731: Default save dir in okular/windows is wrong from Backlog to QA on the gpd5x board.
Jan 6 2026, 11:28 AM · gpd5x (gpd-5.0.0), okular
ebo moved T7285: Okular: Improvement of error messages regarding signatures from Backlog to QA on the gpd5x board.
Jan 6 2026, 11:28 AM · test on hold, gpd5x, okular

Dec 23 2025

ebo closed T7982: Kleopatra, Okular: Process doesn't exit if the app is Quit as Resolved.

Yes, Kleopatra quits again with the beta from yesterday:

Dec 23 2025, 10:44 AM · gpd5x (gpd-5.0.0), Windows, okular, kleopatra

Dec 22 2025

werner moved T7982: Kleopatra, Okular: Process doesn't exit if the app is Quit from WIP to QA on the gpd5x board.

Fixed in gpg4win-5.0.0-beta476

Dec 22 2025, 5:29 PM · gpd5x (gpd-5.0.0), Windows, okular, kleopatra
ikloecker renamed T7982: Kleopatra, Okular: Process doesn't exit if the app is Quit from Kleopatra: The kleopatra.exe process doesn't exit if the app is Quit to Kleopatra, Okular: Process doesn't exit if the app is Quit.
Dec 22 2025, 4:59 PM · gpd5x (gpd-5.0.0), Windows, okular, kleopatra
ikloecker moved T7982: Kleopatra, Okular: Process doesn't exit if the app is Quit from Backlog to WIP on the gpd5x board.
Dec 22 2025, 4:58 PM · gpd5x (gpd-5.0.0), Windows, okular, kleopatra
ikloecker changed the status of T7982: Kleopatra, Okular: Process doesn't exit if the app is Quit from Open to Testing.

Fixed by applying a patch to our version of MinGW. This affected all Qt programs build with Qt 6.10.

Dec 22 2025, 4:58 PM · gpd5x (gpd-5.0.0), Windows, okular, kleopatra

Dec 15 2025

ikloecker closed T7584: Okular: Move config files to GNUPGHOME as Wontfix.

Yes, this is obsolete with T7717: Location of qt-application config files. Closing as Wontfix because we use product-specific folders outside of GNUPGHOME.

Dec 15 2025, 5:07 PM · Feature Request, okular

Dec 12 2025

svuorela changed the status of T6731: Default save dir in okular/windows is wrong from Open to Testing.
Dec 12 2025, 4:16 PM · gpd5x (gpd-5.0.0), okular
ebo edited projects for T6632: Okular: Highlight / preselect "nonRepudiation" certificates for qualified signatures, added: gpd5x; removed Restricted Project.
Dec 12 2025, 3:47 PM · gpd5x, okular
ebo edited projects for T6731: Default save dir in okular/windows is wrong, added: gpd5x; removed Restricted Project.
Dec 12 2025, 3:46 PM · gpd5x (gpd-5.0.0), okular
svuorela changed the status of T7285: Okular: Improvement of error messages regarding signatures from Open to Testing.
In T7285#209655, @ebo wrote:

@svuorela Isn't this done already for KF6?

Dec 12 2025, 3:33 PM · test on hold, gpd5x, okular
ebo edited projects for T7285: Okular: Improvement of error messages regarding signatures, added: gpd5x; removed Restricted Project.

@svuorela Isn't this done already for KF6?

Dec 12 2025, 3:25 PM · test on hold, gpd5x, okular
timegrid updated subscribers of T7584: Okular: Move config files to GNUPGHOME.

Is this ticket obsolete with T7717: Location of qt-application config files?

Dec 12 2025, 12:38 PM · Feature Request, okular
timegrid raised the priority of T7705: Okular: Error on signature if the original file is overwritten from Normal to High.

This should better be fixed in the v5 release

Dec 12 2025, 11:43 AM · Bug Report, okular, gpd5x

Dec 9 2025

ikloecker removed projects from T7962: Okular: Allow setting a custom application name: kleopatra, vsd34, gpd5x.
Dec 9 2025, 5:04 PM · Windows, okular
ikloecker closed T7962: Okular: Allow setting a custom application name, a subtask of T7717: Location of qt-application config files, as Wontfix.
Dec 9 2025, 4:46 PM · gpd5x (gpd-5.0.0), Windows, kleopatra, vsd34, okular
ikloecker closed T7962: Okular: Allow setting a custom application name as Wontfix.

With the product-specific standard locations implemented for T7717: Location of qt-application config files it's now longer necessary to customize the application name of Okular. Closing as wontfix.

Dec 9 2025, 4:46 PM · Windows, okular
ikloecker changed the status of T7717: Location of qt-application config files from Open to Testing.

The new approach has been implemented and backported for VSD 3.4.

Dec 9 2025, 4:43 PM · gpd5x (gpd-5.0.0), Windows, kleopatra, vsd34, okular
ikloecker changed the status of T7717: Location of qt-application config files from Testing to Open.
Dec 9 2025, 9:41 AM · gpd5x (gpd-5.0.0), Windows, kleopatra, vsd34, okular

Dec 8 2025

ikloecker updated the task description for T7717: Location of qt-application config files.
Dec 8 2025, 11:05 AM · gpd5x (gpd-5.0.0), Windows, kleopatra, vsd34, okular
ikloecker added a comment to T7717: Location of qt-application config files.

New new plan (after discussion on 2025-12-08):

Dec 8 2025, 10:58 AM · gpd5x (gpd-5.0.0), Windows, kleopatra, vsd34, okular
ikloecker moved T7962: Okular: Allow setting a custom application name from Backlog to WIP on the gpd5x board.
Dec 8 2025, 9:10 AM · Windows, okular
Next