You have imported a certificate with secret key.

You have imported a certificate with secret key.

Fingerprint: XXX
User ID: ABC

Here are some ideas:

Well, the different outcome depends on the order of the certificates or the string comparision in keyboxd. So it is not a keyboxd vs. pubring.kbx thing.

Okay, I can reproduce it when not using keyboxd.

Also, we should not forget the context of the whole dialog in the window. So we get the wording right, especially regarding key / certificate.

Removed in https://invent.kde.org/pim/kleopatra/-/merge_requests/369

In T5780#195277, @ikloecker wrote:

For me the change fixes the problem on Windows. (I haven't checked if there was a problem on Linux/X11, but I have verified that the change also works on Linux/X11.)

This is very similar to T5780 except that it concerns a different operation and thus a different window. The fix is likely the same as for T5780.

We do support "Decrypt & Verify" for multiple files (including the presentation of the status) so that it would be easy to do the same for all files in a folder (question is if this should even be recursive). Digging into the history I found that the desktop file was added shortly before Kleopatra 2.0.0-rc1, but that there wasn't any code for iterating a folder, i.e. this can never have worked.

I can't remember that we ever had support this. It is also not easy to come up with the good way to present the status for all files in a folder. We would need to define a format similar to what sha1sum uses: A list of file with they signature file or so. Note that kleopatra has support for running sha256sum in such a way.

Sorry. I can't reproduce this. Neither with master nor with the 2.4 repo version.

We don't have this exact action on windows, but the normal "Decrypt & Verify" action shows up for folders there (and doesn't work either).

All changes are pushed to master.

Pushed the changes by the commit rC2039d93289db: mpi: Add MPI helper modular exponentiation, Least Leak Intended.

the reproducer is:

I don't think this is fixed. With this patch in place, if i import blocker.cert first, and then import distsigkey.gpg, it looks to me like i still can't verify signatures made from any of the GnuPG signing keys.

Can now be tested after the release of libassuan 3.0.2 (T6163)

Released with libassuan 3.0.2 (T7163)

As I am delving a bit into cryptocurrencies and since i have a ledger security token and a bip32 24 word mnemonic now backed up as stamped metal.

"Exclusive user" sounds a bit odd and could still be misinterpreted. A native speaker would probably say "Are you the sole user of this secret key?“ or (even better and shorter) "Are you the only user of this secret key?"