There is now a dedicated configuration module for smart card related settings. Currently, it's rather empty, but maybe there are more smart card settings you want to see there.

aheinecke: Good idea

Do you mean revoking the entire key or a user-id, or a subkey? Having a way to revoke a user-id is probably the most interesting use-case. BTW, there is no "revoke a self-signature" - this is actually a revocation of the user-id or subkey.

Related to this is that I was looking for a way to revoke my own key and I thought that revoking the selfsig might work. So maybe it makes sense not to fix this by forbidding this operation but instead by allowing it with the same key.

I have an uncommitted SmartCardConfigurationPage. I guess, I'll simply commit this and remove the "List smartcard readers" option.

Works for me in the current Kleopatra.

Ready for testing

I implemented the following solution:

• People using screen readers can navigate from cell to cell with the arrow keys. Depending on the style there is no (or no easily perceivable) visual feedback, but that doesn't matter. A not blind person will simply perceive the Left/Right arrow keys as having no effect.
• The special behavior of QTreeView which expands or collapses items with children on Left/Right does not work anymore. Expanding/collapsing subtrees with Plus/Minus/Asterisk still works.

@ikloecker thanks for the hint (At first it looked like a different defect.)

This has already been fixed: T5711: Kleopatra: Keyserver config does not fallback to default.

In T5848#155277, @bernhard wrote:

@hakan-int :

As soon as I change the value and check the "dirmngr"file, it is overwriten with the "keyserver hkps://" value again.

(I hope only if you completely delete it, as it should keep any other value and write it to file.)

As soon as I change the value and check the "dirmngr"file, it is overwriten with the "keyserver hkps://" value again.

First observations regarding screen readers and the certificate table:

• The comment in the report that only the name (in the first column) is read may be an issue of the screen reader.
• Orca reads all table cells (because of the (default) settings "readFullRowInGUITable"). There is also a keyboard shortcut to "toggle the reading of tables, either by single cell or whole row". I expect that other screen readers have similar settings and toggle functionality.
• I don't think navigation by cell makes sense, because this is a read-only table, i.e. interaction with individual cells isn't possible.

@bernhard when I close Kleopatra and stop the its task by the task manager, then the value remains. But as long as I do not change the default value to an other value in "Settings" -> "Configure Kleopatra". As soon as I change the value and check the "dirmngr"file, it is overwriten with the "keyserver hkps://" value again. I think, this is not the expected default value, is it?

Generating a new OpenPGP certificate with default settings should now be possible:

• with keyboard only (tab order should be okay now)
• with high contrast color scheme and/or inverted color scheme (tested with Breeze Dark)

For the next release T5842 (so with a higher priority) I have picked

For our internal tests this boils down to testing:

• with keyboard only
• for people using a screenreader
• with 400 % magnification
• with high contrast color scheme
• with inverted color scheme

I tested encrypt two txt files with filename 1 and 2.txt and insert text: test 1 and test 2. Tararchive has been created successfull. Than i tested this Two txt files with a long name. See attached txt files, i send it already to you. Now by the first test Archive.tar.gpg.yqoirl with 0 Bytes was created.
Second test, the other archive.tar.gpg with 0 Bytes was created and gpgex hang.

What you uploaded are files with a length of zero bytes. That is not valid data. The hang should not happen of course.

I have tested it. When I try it with public keyserver it has of course problematic results when vandalized keys like werners are hit but its great that even if I abort at that point I nicely see the results of the other imports.

It should not really hurt to query the scdaemon again after an import. We can do this in the background and users wont have to notice it in the general case where imports from others happen.

Instead of extending the context menu I have simply added a button next to the fingerprint which always copies the fingerprint without whitespace to the clipboard. Should also be better for accessibility.

I have added tooltips to the + ECDH and the + Elgamal checkboxes. Hope this helps.

If the user unselects + ECDH, then the checkmark before Encryption under Certificate Usage is removed. I'm not sure whether adding a tooltip would help if they don't notice this.

From the external test and review of the test results I list the priority below. Some of the issues need to be reproduced for full understanding. We should open subtasks where appropiate. To have a better orientation I think we should keep the general prioritization in mind and work use case by use case.

Optional automatic retrieval after import of new OpenPGP keys is now also possible.

Manual retrieval of missing certification keys is now possible from the Certifications dialog.

As this hinders the trusted-introducer setup in Keyserver centric deployments we should treat this with high priority.

Wow! That is a great idea. Thanks!

I have added a setting which can be used to block URLs with certain schemes.

This should now work for all settings in Kleopatra's configuration dialog.

This change adds support for the new "ldapserver" option of dirmngr.
The now deprecated "keyserver" option of gpgsm is still read, but
changes are always written to the new option (and the old option is
cleared). This change removes support for the ancient "LDAP Server"
pseudo-option which new versions of gpgconf no longer support.

Thanks for debugging. Unfortunately I doubled your effort 'cause I didn't looked into the report anymore. (System test done with GPA ;-)

Without the above patch the ARGPARSE_ATTR_IGNORE, ARGPARSE_ATTR_FORCE, and ARGPARSE_OPT_IGNORE flags in arg->r_type are never set for a not-ignored option with argument.

The following experimental patch (which may be complete non-sense and/or may have undesired side effects) seems to fix it

diff --git a/src/argparse.c b/src/argparse.c
index a144881..7cd8ba7 100644
--- a/src/argparse.c
+++ b/src/argparse.c
@@ -1874,6 +1874,7 @@ _gpgrt_argparse (estream_t fp, gpgrt_argparse_t *arg, gpgrt_opt_t *opts_orig)
                         xfree (buffer);
                       else
                         gpgrt_annotate_leaked_object (buffer);
+                      prepare_arg_return (arg, opts, idx, 0, 1);
                     }
                 }
               goto leave;

I think in the block below

else if (state == Acopyarg)

there is a prepare_arg_return missing.

I think the no change flag is wrong for all options that have arguments.

Tip: Use -v to get a human readable list of flags.

Doh! gpgme already performs the unescaping of data retrieved via the Assuan protocol for us in llass_status_handler. Doing it again in Kleo::SCDaemon::getReaders was simply wrong.

Hmm, I looked at the gpg-side a bit. assuan_send_data that's used for returning GETINFO reader_list only does escaping "as required by the Assuan protocol", i.e. percent escaping of certain characters but no plus escaping.

Yes, kleo always maps '+' -> ' '

This looks like a missing escaping issue in the sender (scdaemon?) or an unwanted unescaping issue in the receiver of the string (which uses Kleo::hexdecode()).

While trying to test the X.509 directory server configuration in Kleopatra, I stumbled over difference between 2.2 and 2.3 and a possible regression in 2.2.