In T6117#205379, @ikloecker wrote:

I guess this is a typo because the CSR looks like an encryption-only certificate.

Upstream MR: https://codereview.qt-project.org/c/qt/qtbase/+/676173

I found and fixed a bug (likely a regression in the new code): When CN_prefill or EMAIL_prefill is configured as true and no fixed CN or EMAIL is configured then Kleopatra should prefill Name and Email with values taken from CONFIGDIR/emaildefaults (used by KDE apps on Linux), from the Windows user or from the EMAIL environment variable. This didn't work anymore.

In T6117#205277, @timegrid wrote:

Notes (probably as intended):

• [$i]mmutable does not work for CN or EMAIL

In T6117#205277, @timegrid wrote:

• All fields (signing only, rsa4096)

Certificate Request:

[...]

X509v3 Key Usage: critical
    Key Encipherment, Data Encipherment

Looks good to me on gpg4win-5.0.0-beta369 @ win10

Looks good to me on gpg4win-5.0.0-beta369 @ win10:

Looks good to me on gpg4win-5.0.0-beta369 @ win10:

Notepad  window
Text to process  edit  Either enter a text you want to sign or encrypt, or an encrypted or signed text you want to decrypt or verify. You can also enter certificates in text form to import them.  blank
t
e
s
t
Signing and encrypting notepad...
Successfully encrypted and signed the notepad

Looks good to me on gpg4win-5.0.0-beta369 @ win10

Looks good to me on gpg4win-5.0.0-beta369 @ win10 (no lines omitted or duplicate readings):

pinentry-qt  dialog  Enter passphrase
Passphrase:  edit  protected  blank
[...]
does not match - try again  dialog
OK  button  Enter

Notes for testing (and maybe documentation update):

• A few features (?) of the old CSR creation have been removed:
  • The different choices offered after CSR creation (e.g. save to file, send to CA, create signing/encryption CSR with same settings, etc.) have been removed; now a file save dialog pops up when the CSR has been generated
  • Custom labels for the RSA key sizes ([CertificateCreationWizard]RSAKeySizeLabels); we use GnuPG's algorithm IDs as labels (items in the drop down box)
  • Custom key type ([CertificateCreationWizard]CMSKeyType); CSR creation supported (and still supports) only RSA as "key type"; by marking the config key as immutable one could force the creation of signing+encryption CSRs which makes little sense for S/MIME and might have been "copied" from OpenPGP key creation where forcing the generation of keys for signing & encryption does make some sense.
  • Specification of the CA's email address ([CertificateCreationWizard]CAEmailAddress); the generated CSRs are now always written to disk; the users will have to create an email themselves

In the meantime pinentry has been updated also for VSD 3.4.

Backported for VSD 3.4

the issue is the same in Gpg4win-5.0.0-beta357:

Looks good to me on GnuPG-VS-Desktop-3.3.90.8-Beta-Standard.msi (3.3.3 betaversion) @ win10

nr.1
nr.2
schwarz
weiß

This task is not really actionable. Moreover, it proposes a technical solution instead of just stating the problem that needs to be solved. There may be better solutions, e.g. in the Notepad I decided to move the focus to the message widget that contains the result to make the screen reader read the result.

After studying the logs created by NVDA and its source code I strongly suspect that the problem needs to be fixed in NVDA. NVDA tries to avoid repeating the text of common ancestors of the old and the new focus object, but it fails to detect the Create OpenPGP Certificate dialog as common ancestor of the text edit field in this dialog and the Error (child) window.

Fixed by adding a patch for Qt 6 (and a patch for Qt 5 in gpg4win-4-branch for VSD 3.4).

Logging all

works in vsd3.3.3, tested with VS-Desktop-3.3.90.8-Beta

Fixed and backported for VSD 3.4

Solved by focusing the result message after the notepad operation is complete. I think that's an acceptable compromise for ensuring that users of assistive tools are informed about the result even if the focus is moved to a different UI element (which, in general, should be avoided because users can get lost).

The gold rule of tab order is that tab order follows the usual reading direction, i.e. line by line from left to right. If you press Enter after entering the password in the first input field then the focus should jump to the second input field.

Looks good to me on gpg4win-5.0.0-beta357 @ win10:

The fix should be available in gpg4win-5.0.0-beta350.

Ideally, this will be solved for VSD 3.4.

not sure if this really is an issue, maybe for a person proficient with a a screenreader the behavior ist ok, after the fix of the show/hide button is done?

Other duplicate texts:

• Enter some characters for Password and some other characters for Repeat and press Return.
• Message box pops up to inform user that the two entered texts don't match. NVDA reads

does not match - try again  dialog
OK  button  Enter (not audible)
does not match - try again  dialog

This has been fixed in pinentry-qt5 (which is used by VSD 3.x).