I tend to avoid such changes to keep the translations valid. But for master this is okay.

The links for the Windows installer as given in the mail was wrong. The corrected links are

I confirmed that the patch above works with newer Gnuk (>= 1.2.16).

For the record the Task for the fingerprint copy was T5776

I tend to disagree. The fingerprint is a very long and cryptic looking thing. Most users of Kleopatra will never share their fingerprint as they tend to work on a TOFU model, just accepting a given key and using it. For another bunch of users the long keyid, which we show, is more then enough security. And for the VS-NfD case with very high security where users compare a full fingerprint it is accessibile enough.

With newer Gnuk Token, following patch should work:

diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index 05e1f3977..439052f8c 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -5490,6 +5490,11 @@ do_auth (app_t app, ctrl_t ctrl, const char *keyidstr,
           exmode = 1;    /* Use extended length.  */
           le_value = app->app_local->keyattr[2].rsa.n_bits / 8;
         }
+      else if (app->app_local->cardcap.cmd_chaining && indatalen > 254)
+        {
+          exmode = -254; /* Command chaining with max. 254 bytes.  */
+          le_value = 0;
+        }
       else if (indatalen > 255)
         {
           if (!app->app_local->cardcap.ext_lc_le)

Feedback from the lab is that they'd recommend returning a specific error code that indicates that the prime search failed and then relying on the caller to decide whether to loop or bubble up the error. I'm not sure who we would consider to be the "caller" of the relevant generation function in this case, though.