Backported for VSD 3.4

The remaining open points of this ticket will be "won't fix" for now. When we plan to change something here, we should open new tickets, this one got confusing.

I put the new menu entries below the menu entry for the Quick Guide into the Help menu.

Done. And backported for VSD 3.4.

Note: I noticed that most of the old documents use underscores instead of hyphens in the document names. It doesn't really matter, but being consistent makes it easier to avoid typos.

Backported for VSD 3.4

To avoid confusion the outer folder is now kept if the name of the archived folder doesn't match the name of the archive.

Done.

Sound sensible. Ok, then this ticket will only revert T8022 for archives which were renamed.

This is a bit larger change (of UI improvement):

It's not that simple. The user could have decrypted multiple archives. Showing an additional message box after all decrypted archives have been moved to the final destination somehow doesn't feel right. And what if an archive and a regular file were decrypted? Should the additional message box also show the final destination of the regular file? I think this needs more thought.

I consider again about Ben's change. It could be simply support of the detection of the cancel situation where gpgme should return GPG_ERR_CANCELED (not related to single cancellation vs. whole cancellation).

I can't remember why Ben introduced the new status. OTOH, I wish that the Qt-Pinentry also emits a button_info line for closing the window. Normal users don't notice the difference but if you have a lot of private keys and you get a mail which has only hidden recipients the full_canceled is pretty useful. Also for other tasks like allow-mark-trusted: On Windows with the qt-pinentry I am always cursing about this but on my box I only need to close the pinentry window to get a fully_canceled

added vsd34 for the resetting of the defaults

I investigated the introduction of STATUS_CANCELED_BY_USER and GPGME_STATUS_CANCELED_BY_USER:
rG31e47dfad0f4: gpg: Add canceled status message.
rM35ca460019ea: Parse STATUS_CANCELED_BY_USER.

Filter 16 is the new filter for valid certificates. The problem could be that the version you tested did not yet have this filter.

@ikloecker I'd like it if we could backport the resetting of the preferences to vsd34.

Font selection dialog lets the user choose a font size, which is then not respected - can we disable selecting the font size?

I cannot reproduce this on gpg4win-5.0.2-beta-2 @ win11 either, so I set this to resolved.

Please briefly try to reproduce on Windows with Gpg4win 5.0.2. At lot has changed since this ticket was created so that it might be fixed already.

I cannot reproduce the empty dialog on Linux with the current build. I always see a correct result dialog for the readable file.

We use individual texts now that all follow the pattern "Detailed results of import from ..." for import from file (file name is displayed), clipboard, notepad, smart card, WKD (URL is displayed), server ("keyserver" or "LDAP server").

Note: This isn't included in Gpg4win 5.0(.2).

Note: This isn't included in Gpg4win 5.0(.2).

Note: This isn't included in Gpg4win 5.0(.2).

Note: This isn't included in Gpg4win 5.0(.2).

I stand partially corrected. Apparently, pinentry-efl also sets close_button. For Gpg4win that's irrelevant because we ship pinentry-qt (and pinentry-w32) which doesn't have this IMHO contra-intuitive behavior.

Upstream MR for reading system config files before user config files: https://invent.kde.org/frameworks/kconfig/-/merge_requests/436

pinentry-tty and pinentry-curses support GPG_ERR_FULLY_CANCELED by Ctrl-C. But other pinentry implementations have no support (only GPG_ERR_CANCELED).

I'd also like to point out that changing the error code from GPG_ERR_CANCELED to GPG_ERR_FULLY_CANCELED could cause regressions in applications.

Merge request for KMessageBox: https://invent.kde.org/frameworks/kwidgetsaddons/-/merge_requests/339

How do you want to decide whether to show two "Cancel" buttons? How would you call those two "Cancel" buttons? For decryption I can imagine that for example "Try Next Key" and "Cancel Decryption" (or even just "Cancel") would make clear what happens.

Any further improvements will have to go in a new ticket when we have a plan. I'll close this one.

ok, lets go with the message box.

Relevant part from T6793: Cleanup temporary files / dirs with decrypted content:

If this definition is OK

@bernhard Thank you for the link.

In T8076#215372, @werner wrote:

If you specify a primary key the primary key shall be deleted. If there is only an offline or token based primary it can't be deleted. This is what the user requested. We can't change this because otherwise subkeys might be unintentionally deleted.

What is an "incomplete team key" - a standard offline secret key (i.e. one with only secret subkeys)?

It would be used for key creation just like the legacy options PGPKeyType and RSAKeySizes were used (and still can be used but only for RSA with different key sizes).

If you specify a primary key the primary key shall be deleted. If there is only an offline or token based primary it can't be deleted. This is what the user requested. We can't change this because otherwise subkeys might be unintentionally deleted.

I guess the behavior changed with gpg 2.4, i.e. "With gpg 2.4 (or later), ..."

Shall that be used for key creation or shall a warning be displayed when a non-allowed key is used (receive or send)?

why gpg 2.4? Don't you mean 2.6? I'll add the proper 2.6 tag for avoiding confusion

Hi @gniibe,
thanks for making progress on the issue.

I was wrong. gpg (scdaemon) needed to be fixed with more changes for the interaction with pinentry.

I pushed my patch for gpg, since it does not break anything, just allow empty passphrase input (to skip).
I also pushed my patch for gpgme. I believe that it's correct.

gpg 2.2 does: when it sees PKT_PUBKEY_ENC it asks a user to try decrypting the session key. when it sees PKT_SYMKEY_ENC it asks a user to try decrypting the encrypted session key by passphrase. When one of tries successes, it use the result (the session key) to decrypt PKT_ENCRYPTED_* packet. When there are multiple PKT_PUBKEY_ENC and PKT_SYMKEY_ENC, gpg 2.2 handles sequentially.

And *.pub is used for Microsoft Publisher documents

From the support angle, the worst of these issues is that the default will not be restored for VS-NfD. But then: nobody has inquired about that yet…

What is fixed, what needs still needs to be done and should go into another ticket?

I don't understand how to reproduce this. When a key is deleted then nothing referencing this key should remain in the key ring. I don't see why it should matter whether the deleted key was a card key or not.

I've added *.pub and *.sec (since we have test keys with those suffixes even in gpgme).

The proposed changes are a bit in conflict with https://dev.gnupg.org/T8158 because T8158 proposes to show another dialog when clicking "No". I guess "Cancel" would suppress the Certify dialog. "No for all" would have a different meaning. I guess we'd also need a "No for all" button for the following "Certify Shared Team Key?" question so that one can abort being asked for each imported secret key by clicking "No for all" twice.

I have explicitly chosen this tab order so that tabbing through the informational fields on the left isn't interrupted by the "Card Actions" button on the right. The alternative would be to put the "Card Actions" button in the tab order between the last informational field on the left and the table.

Done.

A message box would be fine.

I thought Gniibe's comment meant that gpg does report the errors now correctly…
So what is still to be done in gpg?

I don't think that anything of this can be changed in Kleopatra or even gpgme. Kleopatra relies on proper error codes by gpg.

It's impossible to know beforehand (i.e. before the user clicked Save) how the folder is going to be called because it might get a suffix to avoid a collision and this cannot be checked before the user clicks Save. I suggest to remove the useless information where the archive was extracted because it's a temporary location. Instead we could add a message box which tells the user the actual location after the data was moved there.

It is not (easily) possible to check for available keys first, before asking for a passphrase? (Like it is with gpg 2.2.)