Thank you. Please confirm for one message translation. Others are all good.

You are right. The problem is that in a development version we use an envvar to locate the programs, so there is usually no problem because the software has already been installed and the final test doesn't catch this. We should add a version check to all components to catch such problems.

Given that we don't yet support TPM for Windows you should go ahead and apply this patch. tpm should also be removed from the list of components.

So I have talked with werner about this. The key-fpr is mostly required so that we can search for the public key belonging to the smarcard if we don't have it. This would also be something to do for the openpgp card.

6f03 = Data with specified length not supported.
Needs to be fixed in GnuPG :-(

Mmh, right I've used that but I still went with the key-fpr as I saw that and werner suggested this could be used by kleo. But it might be better to just ignore the key-fpr values which you have to explicitly query for PKCS#15 and just use

SCD GETATTR $SIGNKEYID returns the signing key ref. This information is read in get_card_status() and stored in the Card (see rKLEOPATRAd2bf514e4963: Fetch and store IDs of signing key and encryption key for card).

So, I've implemented a small widget and p15card class.

I'm currently working with Kleopatra and 2.3 and it works nicely.

Apparently only one of the secret keys is actually imported: the decryption key, but not the signing key.

If it confuses users, we can apply something like this:

diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
index 2a5087e1f..12916a64e 100644
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@@ -93,7 +93,9 @@ gc_error (int status, int errnum, const char *fmt, ...)
 /* Forward declaration.  */
 static void gpg_agent_runtime_change (int killflag);
 static void scdaemon_runtime_change (int killflag);
+#ifdef BUILD_WITH_TPM2D
 static void tpm2daemon_runtime_change (int killflag);
+#endif
 static void dirmngr_runtime_change (int killflag);
 static void keyboxd_runtime_change (int killflag);

Thank you for your confirmation. Closing.

Fixed in GnuPG 2.3.1, so, add the tag for GnuPG 2.2.

is more important

I just realized that my example is incorrect. It doesn't make sense to support multiple issuer subpackets on self signatures. But it is useful to do so on binary signatures and third-party certifications. Here's a better example, which gpg correctly supports. As such, this issue should be closed. Sorry for the noise.

In T5395#145417, @gniibe wrote:

I can't see null pointer de-reference (you claimed) in [4/5].
Could you please elaborate?

It's in 1.9 already.

it's in 2.3.

Applied.

This has been applied already.

I applied 1,2,3, and 5 in rKfbb1f303198b: Fixes for static analysis reports.

I can't see null pointer de-reference (you claimed) in [4/5].
Could you please elaborate?

IIUC, with libgcrypt in LIBGCRYPT-1.8-BRANCH (not yet released) and libgcrypt 1.9.3, the build process works well (the problem with SIP has been handled).

In T5401#145379, @werner wrote:

You can't use an EdDSA as subkey for encryption. Encryption is the default for a subkey unless you provide key usage parameters. Yes, we could flag this as an error, but I won't give it high priority.

Yes, this is an edge case very unlikely to be encountered. The odd thing is the generated "ed25519" subkey does somehow encrypt and decrypt without issue.