This ticket is now obsolete, as we will force the setting of autoencryptUntrusted=0 via the registry in Ticket T8090

This ticket is only for ignoring the autoencryptUntrusted setting. For the gpgolconfig.exe part see T8090

It looks like we get a specific "Invalid public key algorithm" error from gpgme so that we can add helpful information with likely reasons to the error message.

I might add that we recently had a customer support contact where they had that error and asked how they could make using their S/MIME certificates work.

Backported for VSD 3.4

Fixed. Kleopatra now looks for programs given as plain name (i.e. without any path) first in the GnuPG installation path (as reported by gpgme) and then next to the kleopatra executable. If the program is found at neither location it is run as-is.

a) Here's a log anyway (ignore it, if decryption does always work):

We'll go with solution no 2 (which is in effect the same as no 1 anyway)

a) "Prefer S/MIME" only applies to encryption, not decryption. If you do not want to decrypt with GpgOL you have to disable S/MIME in GpgOL.

Backported for VSD 3.4

Done. Example (with default text in English and German translation):

[Welcome]
welcome-text[$i]=<h2>Hello, World!</h2>
welcome-text[$i][de]=<h2>Hallo, Welt!</h2>

testing with 2.5/2.6 will wait for special build

Given that the 2.2 fix has been tested and resolved and we don't have another ticket for 2.6, we can close this one.

works in Gpg4win-5.0.0-beta476

If no logging is running in the background (that's something that often trips me…) on consecutive runs:

Indeed. We would need to add different entries to the context menu for each installation. Given that GpgEX needs to be replaced anyway and we will drop the need for a UI server socket (which is anyway only a trigger and no full communication).

Fixed and backported for VSD 3.4.

Ranking as discussed with @ebo

The root cause is that opening the details reloads the certificate. This triggers a change of the key cache. And that triggers are reload of the group.

This also happens in vsd 3.3.2 and gpg4win-5.0.0-beta413 @ win11

Ok, then this is only an issue in the VSD versions. (I confirmed with a quick test with Gpg4win-5.0.0-beta413)

It would be possible as a workaround in Kleopatra to show any identical entries only once. Saving after that will not add any more entries.

Good catch. My guess is that get_uid_for_sender returns the last matching UID without checking for revocations. The matching was done on the mailbox part only. For reference:

This seems to apply only for non vsd compliant algos. Importing and certifying a

• rsa/brainpool cert results in security level 4
• cv25519 cert results in security level 2

I rechecked: the revoked userid has to match the email address of the sender. Still there's another non revoked userid with the same email address:

Do you mean one of the user-ids has been revoked or the one matching the mail sender?

Best test this with a newer installer than gpg4win-5.0.0-beta413 to avoid the regression with the raw HTML (see T7886#208675).

The error dialog now has a button to show the audit log (named Diagnostics).

@werner sees no reason to define a new status error for everything in gpg. So let's stick with this Kleopatra ticket and adding the "Audit Log"/"Diagnostics" button.

Conclusion: gpg needs to emit a more useful status error. -> subticket

gpgme logs:

2025-11-13 11:22:26 gpgme[28014.6de1]   _gpgme_io_read: check: [GNUPG:] KEY_NOT_CREATED <LF>
2025-11-13 11:22:26 gpgme[28014.6de1]   _gpgme_io_read: check: [GNUPG:] FAILURE gpg-exit 33554433<LF>

where 33554433 means (GPG_ERR_SOURCE_GPG, GPG_ERR_GENERAL) = (GnuPG, General error)

For Kleopatra we need to add an "Audit log" button to the error dialog. And we need to check if gpg is giving us a useful error that we (gpgme) are ignoring or if gpg doesn't throw a useful error. What do the gpgme logs say?

meanwhile it looks like this in Kleopatra, it has now the blue sign but the issue is still the same:

what do we want here? "No public key" would be better that "General error" but then we would still have the same issue as here: T7886: Kleopatra: Enhance error on missing subkey, if set by default-new-key-adsk.

This here is resolved, for timegrids findings see other ticket, the issue is not related to the one from this ticket and no regression, as it turned out. And difficult to trigger.

In T7911#207826, @timegrid wrote:

So, for the current vsd docs (3.3): https://gnupg.com/vsd/kleopatra-settings.html
This would be more correct, if i understood it right?

HKEY_LOCAL_MACHINE\Software\Wow6432node\GNU\Kleopatra
HKEY_CURRENT_USER\Software\Wow6432node\GNU\Kleopatra