We have even released 4.0.2 now.
May 9 2022
JW-D with Gpg4win-4 we have support for multiple readers and also a dropdown menu for selecting reader ports. This should resolve this issue.
When we want to add more smartcards we should open new issues. This one is resolved.
I am closing this as the group support for gpgol is now in T5967
Still needs testing as this is a default off feature.
This needs to be tested with group configuration even for non mixed mode. There is an important wish to have the kleopatra group configuration be used in the keyresolver from outlook.
Please do make at first before invoking make check. It creates symbolic links for executables.
Do you mean selecting multiple lines in the "Certificate Dump" window that hides behind the "More Details..." button in the certificate details window?
- T5941: gnupg 2.3.5 hangs on key import
- Enable make check-all working again
- T5948: Flaky test (<keyboxd>tests/openpgp/use-exact-key.scm) failure with gnupg 2.3.5, 2.3.6
- strange way of invoking gpg-agent: T5942: scdaemon is blocking system shutdown
- 2.2: Revert wrong patch of T5120: Incompatible Ed25519 secret key (no-encryption)
- then, proper conservative fix: rG3fcef7371480: gpg: Handle leading-zeros private key for Ed25519.
- Yubikey ECC issue (bogus octet in C1/C2/C3): T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys
- backport changes to 1.10
- GCC 11.3 and 12.1 are out, so, close T5581: buf_eq_const() function in cipher/bufhelp.h may get wrong result
The patch rG054d14887ef8: scd: Add workaround for ECC attribute on Yubikey. fixes a particular problem of Yubikey implementation where it returns bogus octet for its data object of C1, C2, and C3.
GCC 11.3 and GCC 12.1 are out with the fix.
May 7 2022
May 6 2022
With the patch and after starting a new gpg-agent, gpg --card-status now works immediately.
But when I re-plug the yubikey, gpg reports gpg: OpenPGP card not available: Card error until either gpg-agent is restarted, or pcscd is restarted.
pcsc-lite in debug mode reports no errors, but one log is obviously much shorter as gpg fails early (I've attached both, same pcscd and gpg-agent instance).
I pushed a workaround.
Source (or origin as it's called in the API) exists as per-key and as per-user-ID property. For the user IDs it should probably be shown in the user ID table.
In fact, the ChangePassphraseCommand uses gpgme_op_passwd which "changes the passphrase of the private key". It doesn't know anything about smart cards.
I think we should simply disable this command for card keys. Card key operations like "Change PIN/passphrase" should be performed via the card key view.
Can you make a short video of this? On Linux/KDE Plasma, I'm not even able to select multiple lines in the certificate details window (or I'm trying the wrong thing).
I fully agree. I also think that the separate recipient tab are rather annoying, in particular, because I usually want to select the recipients before I write the text. Accessibility will also benefit if all inputs can be reached easily with the Tab key without the need to switch between different tabs.
Proper accessible error reporting will be done with the accessibility related tasks.
For the same reasons "Print Secret Keys..." is now also disabled for keys stored on smart cards. No other command seems to require access to the secret key data.
For my environment, it is not PC/SC-specific. It also occurs when CCID driver is used.
No sure, you could also consider the is_cardkey flag to mean that a secret key might be available. FWIW, GPA sets it internal secret key flag based on the type of listing done; thus I see no problem if you want to change the behaviour.
For bcdDevice 5.24, I can replicate the symptom, but only once. After second invocation of gpg --card-status, it works well.
May 5 2022
The Certificate Details window now has an Update button.
I've applied the patch and can confirm that the segfault is fixed, but gpg still has severe problems communicating with the Yubikey over pcsc-lite.