Maybe we could show instead the text "No keyserver is configured."? Need not be in the same place. This would also be helpful in the other case, where you go to the search via "Lookup on Server".

Make all table column headings accessible (see Update 2025-10-27).

Fixed and backported for VSD 3.4.

The settings should work again. They are described at https://docs.kde.org/trunk_kf6/en/kleopatra/kleopatra/admin.html#admin-certificate-request-wizard-keys , but note that the documentation is severely outdated. Note that those settings are not officially supported by GnuPG (VS-)Desktop (see https://gnupg.com/vsd/kleopatra-settings.html).

Should work now.

This was fixed in Qt 6.10.0 by adding compatibility code that's "hidden" behind a compiler flag, i.e. we just need to enable this compiler flag. See https://codereview.qt-project.org/c/qt/qtbase/+/629255 for details.

I'm pretty sure that this has already been fixed with the changes made for T8083: Kleopatra: Use blue icon for Gpg4win and GPD. build-appimage.sh now always replaces the Breeze icons shipped with the AppImage with the appropriate head icon.

Won't fix for vsd3x

At least for an expired data signature I would suggest to have an info button to further expliah this. Maybe to a FAQ or KB article. The case is too rare that we should not discuss endlessly the pros and cons of expiring signatures. I hope that Kleo does not provide an option to crerate such a signature.

Physical experiment feature support should better not be widely used.

Note: In vsd it must be restricted to the bp algorithms then

If the user clicks the "No, others also use this key" button they get the following dialog

You are totally correct, confirmed with VSD 3.3.5.

I was curious: Similar to the kiosk/immutable feature of kconfig, gpgolconfig allows to flag values as immutable by appending a '!' to the value set in the registry. If autoencryptUntrusted is set to 0! via the registry then the checkbox should be disabled.

This ticket is only for ignoring the autoencryptUntrusted setting. For the gpgolconfig.exe part see T8090

To test in gpgol after the fix (see T7836: GpgOL: Both disable and prefer S/MIME does not work):

1. Make sure you have both secret openpgp and smime certs for ted (both split S/MIME keys)
2. Deactivate "Always show security approval dialog"
3. Enable S/MIME and activate "Prefer S/MIME"
4. Kill background processes and restart Outlook (just to be sure)
5. Send an encrypted/signed mail form and to ted => should be S/MIME encrypted

Now an expired signature with certified key is reported like this:

It looks like we get a specific "Invalid public key algorithm" error from gpgme so that we can add helpful information with likely reasons to the error message.

The blue Kleopatra icon is now used for the Windows builds of Gpg4win and GPD and for the corresponding AppImages.

I might add that we recently had a customer support contact where they had that error and asked how they could make using their S/MIME certificates work.

Backported for VSD 3.4

Fixed. Kleopatra now looks for programs given as plain name (i.e. without any path) first in the GnuPG installation path (as reported by gpgme) and then next to the kleopatra executable. If the program is found at neither location it is run as-is.

For "expired signature with certified key" I believe green with check mark is a too positive. Should be a warning, too.

The text is exactly as discussed and I'm OK with the layout, too.

The AppImage now displays the same version as the Windows builds, i.e. in particular Gpg4win-VERSION for the "default" build.

I was told to only fix this in the German translation, as otherwise all other translations would have to be updated.
I'll push the translations shortly.

I found two issues in libgpg-error for spawning functions.

With the recent changes to the build system the current version numbers for the Beta versions of the MSI packages are 4.0.90.<somenumber> for VSD, 5.0.90.xxx for GPD and Gpg4win. Thus we override the standard micro version with 90 to indicate beta versions. Obviously this will require to de-install a MSI beta version before installing the regular version. But we are somewhat constraint by the Windows versioning scheme.

In T7509#212953, @timegrid wrote:

Is the displayed version 4.0.0.260370 right for the appimage? shouldn't this also display the gpg4win version?

Got reported again with the 5.0.0 release, see

• https://forum.gnupg.org/t/issue-with-automated-installation-of-gpg4win-5-0-1/7098
• https://forum.gnupg.org/t/version-5-automatisierte-installation/7093/8

Is this wording / layout okay?

Is the displayed version 4.0.0.260370 right for the appimage? shouldn't this also display the gpg4win version?

Looks good to me on gpg4win-5.0.1-beta24 @ archllinux:

The display in Okular is independent from Kleopatra, so dropping it in Kleopatra should be fine.
If a QES certificate is available, Okular should highlight and add a filter for them (which is currently not working, see T6632: Okular: Highlight / preselect "nonRepudiation" certificates for qualified signatures)

I currently have a slight preference to drop bold and go with normal font. Werner would be ok with that, too.

@svuorela said, QES certs shouldn't be required to be on a smartcard.

Using an icon for QES certificates isn't that easy because we use an icon for smartcard certificates and any list item can have at most one icon. Moreover, QES certificates are very like stored on a smartcard (isn't that even a requirement?), i.e. an icon clash is basically guaranteed.

Additionally, the de-vs-compliance filters are no longer show in non-compliant installations like Gpg4win.

In T6632: Okular: Highlight / preselect "nonRepudiation" certificates for qualified signatures I had the impression, that some hint is useful for signing operations. Probably not so much in general.

Done and backported for VSD 3.4