For the record the Task for the fingerprint copy was T5776

I tend to disagree. The fingerprint is a very long and cryptic looking thing. Most users of Kleopatra will never share their fingerprint as they tend to work on a TOFU model, just accepting a given key and using it. For another bunch of users the long keyid, which we show, is more then enough security. And for the VS-NfD case with very high security where users compare a full fingerprint it is accessibile enough.

With newer Gnuk Token, following patch should work:

diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index 05e1f3977..439052f8c 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -5490,6 +5490,11 @@ do_auth (app_t app, ctrl_t ctrl, const char *keyidstr,
           exmode = 1;    /* Use extended length.  */
           le_value = app->app_local->keyattr[2].rsa.n_bits / 8;
         }
+      else if (app->app_local->cardcap.cmd_chaining && indatalen > 254)
+        {
+          exmode = -254; /* Command chaining with max. 254 bytes.  */
+          le_value = 0;
+        }
       else if (indatalen > 255)
         {
           if (!app->app_local->cardcap.ext_lc_le)

Feedback from the lab is that they'd recommend returning a specific error code that indicates that the prime search failed and then relying on the caller to decide whether to loop or bubble up the error. I'm not sure who we would consider to be the "caller" of the relevant generation function in this case, though.

Ahh, this is about cross-compiling. I keep forgetting this.

We use the tooling from debian buster. We do not compile any host tooling as part of the build, except for QtBase tools.

I'm wondering if this happens when users have made some other application window active. In this case, I'm pretty sure there is no way on Windows to bring the result dialog to the front. An alternative might be to use a notification to inform the user that the operation is completed, either always or only if we notice that the result dialog isn't active.

I'll close this. Feel free to reopen if you think this would still be useful.

In T5716#152555, @aheinecke wrote:

Ingo: Exactly we have the problem that we don't compile build tools before building for the target. So we take the build tooling like kconfig_compiler from the system we compile on. This means that we compile with the tooling from debian buster. Except for Qt which handles stuff like that directly and builds for example moc and the other tools correcly for the build system first.

Full ack.

For the record, I am for the deletion as long as it is guarded by a safety check.

Here is my proposal patch:

diff --git a/random/random-drbg.c b/random/random-drbg.c
index 5a46fd92..f1cfe286 100644
--- a/random/random-drbg.c
+++ b/random/random-drbg.c
@@ -341,6 +341,9 @@ enum drbg_prefixes
  * Global variables
  ***************************************************************/

Done. Note that different from the comments in your example a non-negative ValidityPeriodInDaysMax value implies that an expiration date is required. This way it's possible to require a validity period of at least 10 days, but still allow unlimited validity.

Done. This also fixes the state of the encryption check box in case the OpenPGP key type is forced.