The user id list is in the wrong tab order (just before the Close button).

Some issues with the dialog:

• The user id list is in the wrong tab order (just before the Close button).
• The certificate details are not (easily/separately) accessible for screen readers. (Idea: Use read-only line edits so that they can be assigned to the labels as buddies.)
• The user id table is not accessible at all (neither the whole rows nor the individual cells).

The buttons in the main toolbar can now be selected with Tab and Shift+Tab.

The suffix .kgrp has been added as default filter for the import with revision rKLEOPATRA5c4d3a80d5a9: Allow the export of certificate groups.

@aheinecke I think this task can be closed.

Please let us turn this into a fatal error again. I had too many support cases where Kleo was actually run with Admin rights and messed up the permissions. To help with development issues and for the sake of some blockheads introduce an envvar to bypass the error.

It seems that editing a pre-created revocation certificate on Windows with Notepad doesn't let Kleopatra detect this correctly as OpenPGP file and thus refuses to import. Works on the command line but needs more testing.

Yes I agree to go for a.

The KDE crowd think that this is likely a bug mingw. duckducking "mingw thread_local crash" give many hits, e.g. https://sourceforge.net/p/mingw-w64/bugs/727/.

Certificate generation should now be possible with 400 % magnification. I haven't checked the different actions under "Next Steps".

I have merged a contribution by Felix Tiede which adds support for publishing a key via WKS. It depends on KF5IdentityManagement, KF5MailTransport, and KF5MailTransportAkonadi. Those dependencies are optional. If they are not provided, WKS publishing is not available.

Thanks for taking this up.

We meanwhile released two versions to our clients and are looking on how we can make it available to the community.

We have a workaround by using a recent version of gpgtar directly. Thus lowering priority.

https://invent.kde.org/frameworks/kconfigwidgets/-/merge_requests/140

On second thought: Let me open the MR.

@aheinecke I suggest to open an MR for this at https://invent.kde.org/frameworks/kconfigwidgets and see how the discussion goes. Either the change is accepted or other proposals are made to fix the crash in Kleopatra.

No. And this is out of scope for Kleopatra. You can use existing file sync tools to sync the files in ~/.gnupg. Which files to sync depends on what you want to sync. For details, I suggest to ask on the gnupg-users mailing list.

Hmm, according to lxr.kde.org this is the only usage of a static thread_local KSharedConfigPtr variable in all of (indexed) KDE. OTOH, there's also exactly one usage of a static KSharedConfigPtr variable in all of KDE (in plasma/plasma-nm/libs/editor/configuration.cpp).

Ingo: I have now assigned this to you. If you can explain why my fix is required in a way that upstream would accept the change we should try to get this into KConfigWidgets proper. But I do not think that I can convincingly explain why it is required or what happens here.

After some debugging and reading the code I did not find any way that the KSharedConfigPtr could be accessed when it was NULL. It is never saved in a member variable. The only place it was saved was in the static thread_local variable of defaultConfig in kcolorschemehelpers_p.h. Since this was irritating because I understood QExplicitlySharedDataPointer to already handle thread_local ness

So after updating to latest kf5 this still happens. The windows event log tells me that the crash occurs from libkf5configwidgets.dll
Does not seem to happen on Linux, i have run it with valgrind to and only found other crashes on linux shutdown when closing the window.

Sorry, yes I meant the Certificate Dump not the Details.

I would love to defer those encoding problems to gpgme. The output of gpgme should always be UTF-8 encoded, so that higher API doesn't need to bother about encoding. Obviously, this would mean that we shouldn't bypass gpgme by running gpg commands with QProcess.

When we want to add more smartcards we should open new issues. This one is resolved.

I am closing this as the group support for gpgol is now in T5967

This needs to be tested with group configuration even for non mixed mode. There is an important wish to have the kleopatra group configuration be used in the keyresolver from outlook.

Do you mean selecting multiple lines in the "Certificate Dump" window that hides behind the "More Details..." button in the certificate details window?

Source (or origin as it's called in the API) exists as per-key and as per-user-ID property. For the user IDs it should probably be shown in the user ID table.

In fact, the ChangePassphraseCommand uses gpgme_op_passwd which "changes the passphrase of the private key". It doesn't know anything about smart cards.

I think we should simply disable this command for card keys. Card key operations like "Change PIN/passphrase" should be performed via the card key view.

Can you make a short video of this? On Linux/KDE Plasma, I'm not even able to select multiple lines in the certificate details window (or I'm trying the wrong thing).

I fully agree. I also think that the separate recipient tab are rather annoying, in particular, because I usually want to select the recipients before I write the text. Accessibility will also benefit if all inputs can be reached easily with the Tab key without the need to switch between different tabs.

Proper accessible error reporting will be done with the accessibility related tasks.

For the same reasons "Print Secret Keys..." is now also disabled for keys stored on smart cards. No other command seems to require access to the secret key data.

The Certificate Details window now has an Update button.