Nov 27 2023
Fyi, Carl already, asked me to include that in our build so I will add this.
VS-Desktop-3.1.90.300-Beta: The executable is now found.
Therefore now the details of the signing key are listed when clicking on "keys".But the keys for which the message are encrypted are not listed after clicking on "Details" in the first blue frame.
After clicking all "links":
Tested on Windows with Kleopatra and 2.2 and with gpgme and 2.4 on Unix.
The "Load Certificates" button still remains greyed out if nothing changed, i.e. if no new certificates could be loaded from the card. This could be changed, but pressing "Load Certificates" multiple times won't magically fix loading the broken certificates.
Okay, I known do the same what we do for a single root certificate, that is mark it as "not trusted" ('n').
Should really work now.
Looks like ReaderStatusThread assumes that the data for the card didn't change. Therefore the card view is not updated (as before the changes for this issue).
Aha, the certificates are listed in the certificate view, though. And when you remove the smart card and re-insert it the keys are then listed without having to press the "load certificates" button.
For the X509 brainpool test cards I used it does not work in VS-Desktop-3.1.90.300-Beta . After clicking "load certificates" the button remains greyed out:
I create 1000 empty files, and sign then using GNU parallel+gpg and trying various parallelization factors. (CPU used is AMD 3700X with 16 threads.)
Still no response after more than 2 years?
VS-Desktop-3.1.90.300-Beta: The executable is now found.
Therefore now the details of the signing key are listed when clicking on "keys".
It's true that for KEYTOCARD command, there is optional argument for ECDH.
My point is that for PKDECRYPT command, it will be needed to add mechanism for getting such a parameter (when we use KEM API in gpg-agent).
Nope, The gpgconf --kill keyboxd hangs too, if I see right, while waiting for agent:
$ strace gpgconf --kill keyboxd [...] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f2d74fe2a10) = 3244 wait4(3244, 0x7ffc9836e364, 0, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set)
We already have the ECDH parameters for OpenPGP in the gpg-agent API. The question is how large the data for PQC will be - likely we need to use an inquire already for this reason.
I created T6842 for the "Cleaning Kleopatra directories on startup" so that we can close this task once ebo confirms that all is fine. Usually I would close this task myself since I already tested it. But well we have QA now ;-)
Considering the design of gpg-agent which focuses on private key operations and data, it would be better to enhance the gpg-agent protocol to inquire public key data of any format defined by the client (including ECDH KDF parameters of OpenPGP). I mean, instead of storing data in the key file (originally designed for private key + some additional data), we will enhance the protocol.
Nov 26 2023
That is a feature. Consider the case that ~/.gnupg is on network file system and thus possible in use on several boxes. Thus before we remove stale lock files we do not only compare the PID but also the hostname. Granted, this is rare but we have had such cases in the past with locks.
Nov 25 2023
Works nicely for me in beta300
I'm quite happy with that now. The only thing left to do would be to benchmark this, but to keep this as a an open task for that seems wrong.
Außerdem kann man das ja konfigurieren 😅
Yeah,.. keep the defaults and don't show them? :) With this screenshot you can send even the most friendly user running away. Monospace won't help there. And using different fonts in the same table is also ugly and monospace for the complete table is a no go for me since users should not look at fingerprints or keyids in this table view.
So this is done now to my liking. I took the pkg-copyright from GNUPG as a baseline at the top and then went through all other packages. It is mostly about licenses though and not about copyright holders, even the license information for some packages was weird to figure out. Let alone the individual copyright holders. So I don't think we can or should say "The list of other copyright holders". I changed that now "For a complete list of licenses see: "
Looks good now
This now works to my liking.
I read the documentation (and stackoverflow) as owner we have to close our handle before deleting the file. With FILE_SHARE_DELETE we only ensure that others must live with the fact that we can always delete the file, but since we hold an exclusive READ right (which we gracefully share with others) our handle needs to be closed. So the trick was just to CloseHandle first and then the file could be deleted.
My very simple patch for this would be:
Wait,.. I misunderstood this issue B81CE112B26A8EA8BE7B95D2E375339BF4C51840 has no encryption subkey o.O
The Keyresolver did not allow me to encrypt to an S/MIME cert where the root CA was not in my trustlist.txt that was part of this feature to allow users to encrypt "non vs-nfd compliant" to such untrusted keys, like they would be able to also encrypt to untrusted openpgp keys.