Hi @aheinecke
I Can confirm, its working for me fine now.
thanks
Martin

• There was same problem in yubico-piv-tool and it was solved by detecting error state (0x80100068) and reconnecting to the smart card if necessary [1]
• There is also a thread in OpenSC discussing this issue [2] and relevant PRs [3]
• I also found a project that claims to fix SCARD_W_RESET_CARD by disabling exclusive access to the card before asking for PIN (and then they enable exclusive access again) [4]

New cards will come with a fix. I am not sure whether a production run has yet been done, though.

From one user I have received a debug log of the current beta where it apparently crashes in the dtor of the mail object after send.

*no other tool using

On other tool using, we are using encryption command in .bat file and this file is being executed from .net code

I'll look into it, but I can't make a promise that this is fixable, Outlook appears to take the wrong data then for printing :-/

There is no automatic deletion in gpg4win / GnuPG. Is there maybe any script that is interfering or is somehow your %APPDATA% directory removed after 5 days?

Part of the problem is Yubikey side, I suppose. (Because my implementation of Gnuk Token has no problem for suspend/resume if it's in-use.)

Again, thanks a lot for your testing. The log said: The code I added cannot detect the event of suspend/resume.
It seems that there is no way to recover from suspend/resume for Yubikey.

Hello again,

Yeah, this is better, we got apdu_get_status => sw=0x0 status=7 and I can auth with this version as usual. After sleep-wake cycle it would however fail with pcsc_transmit failed: reset card (0x80100068). Logs attached.

IMO the parent key should not be hard coded to 81000001 (Microsoft preferred RSA incarnation of the storage seed), as this prevents the use other configurations (although deployed TPM2's and fTPM2's all seem to carry this storage seed).

Thanks a lot for your testing. So, apparently, the PC/SC behavior is different between GNU/Linux and Windows.
Thus, I pushed another change: rG1e27c0e04cd3: scd: More fix with PC/SC for Windows.. Please test this. (Both of previous version and this version work well on GNU/Linux for operations not including suspend/resume with Yubikey and Gnuk Token, while my Yubikey with PC/SC doesn't work well for suspend/resume.)

Thanks, this version of scdaemon executes.

I think the problem is more that NSIS uses this arcane build system which makes it hard to cross compile.
NSIS 3.0 is also not in experimental.

About Debian: Stable releases are only updated for bug fixes and not for new features. This is an important for almost all production systems. Rolling release distros do not provide a platform which can be used to replicate use cases or problems.

there is only NSIS 2.51 in debian

Cool! Thanks for testing :-)

Thanks for the help,

I still don't have any clue what could be wrong here.

I can't reproduce this. I sent myself a Mail with capitalized "Andre.Heinecke@intevation.de" while my key only has an identity for "andre.heinecke@intevation.de" and it worked as expected:

Mh, that is strange and indeed a bug if that is so. GpgOL should do some simple normalisation which should prevent exactly such a problem. I'll look into it.

Question has been answered. Closing this.

Thanks for the hints.
The problem for us is that we want to rely on Debian Stable for building Gpg4win and there is only NSIS 2.51 in debian :-/ Maybe we make an exception and package NSIS 3 ourself for debian.

With 3.1 ( https://www.gpg4win.org/version3.1.html ) the problem should be gone. We still have to block outlook when the inline editor is used but that left no artifacts in the past. And if a Mail Window is opened we do not block outlook anymore. We only disable it to show a modal dialog.

At some point we really need to look at better error handling so that such an error would be more visible in the UI.

As this is easy to test and I tested it myself I think I can mark it as resolved.

Thanks for your help / report.

With Gpg4win 3.1.0 ( https://files.gpg4win.org/Beta/gpg4win-3.1.0-beta-current.exe ) GpgOL no longer uses Kleopatra for signing. So this problem can no longer exist.

I'm lowering the priority to Normal. I've done a lot of GpgOL work and Testing for the upcoming 3.1.0 release and have not seen this problem.

Leaving this open until we have a new version of GnuPG in the installer. While Kleopatra should no longer crash it won't properly work without the patch to GnuPG.

Got confirmation In Bugs.kde.org that this is fixed https://bugs.kde.org/show_bug.cgi?id=389792 as my tests also showed this -> resolved.

We have this now. There might be bugs but in general this works.