You are totally correct, confirmed with VSD 3.3.5.

I was curious: Similar to the kiosk/immutable feature of kconfig, gpgolconfig allows to flag values as immutable by appending a '!' to the value set in the registry. If autoencryptUntrusted is set to 0! via the registry then the checkbox should be disabled.

This ticket is only for ignoring the autoencryptUntrusted setting. For the gpgolconfig.exe part see T8090

To test in gpgol after the fix (see T7836: GpgOL: Both disable and prefer S/MIME does not work):

1. Make sure you have both secret openpgp and smime certs for ted (both split S/MIME keys)
2. Deactivate "Always show security approval dialog"
3. Enable S/MIME and activate "Prefer S/MIME"
4. Kill background processes and restart Outlook (just to be sure)
5. Send an encrypted/signed mail form and to ted => should be S/MIME encrypted

The problem resulted from a split up key (one for encryption and one for signing) Resulting in no SMIME encryption key found for one recipient and thus falling back to OpenPGP.

I was told to only fix this in the German translation, as otherwise all other translations would have to be updated.
I'll push the translations shortly.

a) Here's a log anyway (ignore it, if decryption does always work):

checked with vsd 3.3.5: no change

We'll go with solution no 2 (which is in effect the same as no 1 anyway)

I misunderstood this, the mail can be forwarded with attachment if you first deselect the mail and then select it again. So the workaround is OK.

a) "Prefer S/MIME" only applies to encryption, not decryption. If you do not want to decrypt with GpgOL you have to disable S/MIME in GpgOL.

works in vsd 3.3.5

We decided not to do this.

@mmontkowski, use this as string:

For now I'll commit the following German translations, fixing spelling plus other slight changes:

I'm quite sure, that I have seen this multiple times on current versions. Not sure, if one could send it again, I think at least the body is empty.

Additionally to the fix Andre cited years ago, we also did some more changes recently in regard to how signed/encrypted mails are shown. Which are relevant for the inbox, too.
This issue should be fixed.

This is a duplicate of T7833: GpgOL: Security level 2 shown for manually imported and certified cert

Ok, then this is only an issue in the VSD versions. (I confirmed with a quick test with Gpg4win-5.0.0-beta413)

Good catch. My guess is that get_uid_for_sender returns the last matching UID without checking for revocations. The matching was done on the mailbox part only. For reference:

I can't reproduce this on gpg4win-5.0.0-beta413 @ win11.

This seems to apply only for non vsd compliant algos. Importing and certifying a

• rsa/brainpool cert results in security level 4
• cv25519 cert results in security level 2

I rechecked: the revoked userid has to match the email address of the sender. Still there's another non revoked userid with the same email address:

Do you mean one of the user-ids has been revoked or the one matching the mail sender?

I wonder if we should better open a new ticket with all the relevant data when we get a report giving more information and set this one to invalid.

And meanwhile I have tested this a bit with VSD3.3.3 and in the case that the sender has a valid and *VS-compliant* key the automatic switching works.

Looks good to me on gpg4win-5.0.0-beta413 @ win11

Looks good to me on gpg4win-5.0.0-beta413 @ win11