BTW, do we really need a C++ API for this? Might make sense due to the need for a context.

Well I finally did some more tracing and removeOurAttachments_o is not called when the attachments vanish.

5.0Beta:145: OK and works, both for signing and encryption

Please grey out the "Anyone …" sentence, too.

The option is available now and it works:

If RestorePositionForNextInstance=false is still there after gpgpass has been quit then either KMainWindow::closeEvent() didn't run or the dirty state config wasn't sync'd to disk. When reading the code in KMainWindow I was wondering if a sync() was missing, but in Kleopatra it worked without this.

Version 4.0.0.250370 (Gpg4win-5.0.0-beta125):

After testing the feature again with Beta 5.0.0-125 I repeat myself: this works.
There is the action "Unblock card" for unblocking the card with the rest code / PUK.

New API gpgme_op_random_bytes is now in master (gpgme 2.0). Use tests/run-genrandom --help for testing. Extra features will come soon.

VSD 3.3.0: OK.

ok in VSD 3.3.0, too

Removed in https://invent.kde.org/pim/kleopatra/-/merge_requests/369

We do support "Decrypt & Verify" for multiple files (including the presentation of the status) so that it would be easy to do the same for all files in a folder (question is if this should even be recursive). Digging into the history I found that the desktop file was added shortly before Kleopatra 2.0.0-rc1, but that there wasn't any code for iterating a folder, i.e. this can never have worked.

As I am delving a bit into cryptocurrencies and since i have a ledger security token and a bip32 24 word mnemonic now backed up as stamped metal i have stumbled accross this topic:

I'm glad that inotify is already in use, that's a reasonable thing on the Linux platform.

This is the old code from gnupg-2.0/agent/gpg-agent.c:

inotify is already used used on Linux to check for a lost homedir. The once-in-a-minute check should be the same as with the other daemons and has proved to be very useful. The whole thing has been discussed over and over again a long time ago and - as with other system daemon - we agreed on scheduling at the full second.

I think there's some confusion.

changed the workboard to gpd5x as this is still the case in Gpg4win 5.0-Beta versions.

Gpg4win-5.0.0-beta32
Works!

Ok, then this will not be included in the VSD versions until we switch away from gpg 2.2

21f7ad563d9b was not backported to gnupg 2.2, so this can't be done yet

It's missing a check for the required gpg-2.2 version. I will add that

If you encounter real world certificates with these parameters we can bump up the priority.

In VS-Desktop-3.2.94.481-Beta the feature is not available in the context menu in Kleopatra.
So in VSD 3.3.0 this will be missing. What works is disable/enable on the command line and Kleopatra will then not list a disabled certificate with most filters.

I think I can understand you, too much complexity.

See this comment which is related to T4538:

Hm, "Names for the certificate" seems wrong to me. Shouldn't it better be "Names in the User IDs [of this certificate]"? I would leave of the part in [] as redundant. Likewise for the mail addresses.

Thinking about this some more, i came up with some more ways of showing some nice-to-have information in the tooltips:

https://invent.kde.org/pim/kleopatra/-/merge_requests/355 makes both components use the same tooltips; we can then change both when we decide on what exactly to show in the tooltips in general

Fixed in 2.5.2.

it would be best to add an API to gpgrt to iterate over registry entries.

Works. Tested with VS-Desktop-3.2.94.474-Beta and Gpg4win 4.4 by moving only the signature key to a smartcard and then changing the password of the certificate via the context menu.

This was now added as disableAutoPreview (the option was renamed after 26c2fc196bb73d9bd96c91ea7cc12679d925b376 )

Since codesigning for all dlls was added this is fully resolved.

(ignore the last commit, I assigned the wrong task to it)

Here are changes for gcry_md_open and its friends.

My idea in https://dev.gnupg.org/T7338#195529 doesn't work well when a function call is done multiple times.
Assuming SUCCESS, and marking all non-compliant places in the code works, and it would be good because libgcrypt so far maintains non-compliant path with rejection.

Or maybe not. I just did 0.11.0 (T7449) and will do more releases if there is demand for it or we have collected enough patches.

Pushed the change for adding hash tests in rC7faf542f1573: fips,tests: Add t-digest.

Gpg4win 4.4:

It seems that the internal API (as of 2024-12-06) is not enough.
Now, we have _gcry_md_hash_buffer function with the new FIPS service indicator.
It's used for public key crypto, too.
The compliance for hash function is a part of public key crypto, but not all.

A change for gcry_md_hash_* functions are pushed by rC3478caac62c7: fips,md: Implement new FIPS service indicator for gcry_md_hash_*..
It doesn't have tests with FIPS service indicator yet.

Better a new ticket for the rest, see T7441

A workaround exists with the new option --ignore-crl-extensions.

New external API is by GCRYCTL_FIPS_SERVICE_INDICATOR and/or the new macro gcry_get_fips_service_indicator.
This change is pushed by rCf51f4e98930e: fips: Introduce GCRYCTL_FIPS_SERVICE_INDICATOR and the macro.

New internal API is introduced with T7340 by the commit rCe1cf31232825: fips: Introduce an internal API for FIPS service indicator.

Change is pushed by rCe1cf31232825: fips: Introduce an internal API for FIPS service indicator.

Looks like there's something not correct in the completion model. Or we use different criteria for showing the blue "i" (as "information") which doesn't make it better. Reopen?

Tested Gpg4win 4.4:
Interesting, when you search for the UID, it looks as before, with the green check mark: