Feed All Stories
Jan 6 2026
Jan 6 2026
web: New debian packages
timegrid moved T7272: Kleopatra: Look up missing OpenPGP certificates for card keys from QA to Done on the gpd5x board.
Looks good to me on gpg4win-5.0.0-beta479 @ win11.
• ikloecker added a comment to T8015: Kleopatra: Status in certificate list not updated after import.
I cannot reproduce this on Linux. Here I see that the file system watcher notices that trustdb.gpg was changed and triggers a keylisting.
• ikloecker added a comment to T8015: Kleopatra: Status in certificate list not updated after import.
Also: What happens if you cancel the ownership question and then change the owner trust of the key on the command line?
• ikloecker added a comment to T8015: Kleopatra: Status in certificate list not updated after import.
Please attach the log output of Kleopatra
timegrid moved T7937: Kleopatra: Screenreaders stay silent when smartcard window is opened from QA to Done on the gpd5x board.
Done
- progress/busy indicator shown (probably also read, but loading was too fast, so it skipped the text)
alt+m Manage Smart Cards - Kleopatra window Loading smart cards... tab control OpenPGP - 0005 00009D58 tab Alt+ O
timegrid added a comment to T8017: Okular: Hang on signature with smime cert and distrusted root.
Maybe it would be better to just not offer S/MIME certs with distrusted root cert?
svuorela added a comment to T6731: Default save dir in okular/windows is wrong.
Note: It does not seem to be possible to open a pdf from an URL, at least not via CLI okular.exe <URL> (it says Unknown protocol 'https').
timegrid moved T7285: Okular: Improvement of error messages regarding signatures from QA to WIP on the gpd5x board.
I tried to get any error response but found those issues instead:
• ikloecker changed the status of T8014: Kleopatra: Incorrect handling of unset keyserver in configuration dialog from Open to Testing.
Fixed.
• ikloecker committed rKLEOPATRA429beeb20991: Explicitly set keyserver to "none" if usage of keyserver is disabled (authored by • ikloecker).
Explicitly set keyserver to "none" if usage of keyserver is disabled
• ikloecker committed rKLEOPATRA2a3e927f0ba3: Fix handling of unset keyserver and improve usability (authored by • ikloecker).
Fix handling of unset keyserver and improve usability
timegrid added a comment to T8017: Okular: Hang on signature with smime cert and distrusted root.
If all processes are killed before okular is opened, i get an error on "finish signing":
timegrid added a comment to T8017: Okular: Hang on signature with smime cert and distrusted root.
gpgsm.log (debug-all, whole process of signing)
timegrid moved T6731: Default save dir in okular/windows is wrong from QA to Done on the gpd5x board.
Looks good to me on gpg4win-5.0.0-beta479 @ win11. The default path is now the same as the path of the opened file:
• werner added a comment to T1825: Add a re-encrypt to additional key.
Regarding my comment T1825#191055 : The mane page has long been updated and gpgme support is also available. For the symmetric session key, see the feature request T8016
Looks good to me on gpg4win-5.0.0-beta479 @ win11:
- gpg --show-only-session-key --decrypt FILE shows only the session key
- gpg --add-recipients -r UID1 FILE adds recipients (tested with one or more uids)
- gpg --change-recipients -r UID FILE changes the recipients (tested with one or more uids)
timegrid moved T7983: gpg: the validity of a secret key is changed by making a certification with it from QA to Done on the gnupg26 board.
timegrid moved T7983: gpg: the validity of a secret key is changed by making a certification with it from QA to Done on the gpd5x board.
Looks good to me on gpg4win-5.0.0-beta479 @ win11.
I can't reproduce ebo's nor pl13's issue.
• ebo moved T6731: Default save dir in okular/windows is wrong from Backlog to QA on the gpd5x board.
• ebo moved T7285: Okular: Improvement of error messages regarding signatures from Backlog to QA on the gpd5x board.
• ebo moved T7983: gpg: the validity of a secret key is changed by making a certification with it from Backlog to QA on the gpd5x board.
• ebo moved T7983: gpg: the validity of a secret key is changed by making a certification with it from Backlog to QA on the gnupg26 board.
• ikloecker moved T8014: Kleopatra: Incorrect handling of unset keyserver in configuration dialog from Backlog to WIP on the gpd5x board.
• ebo moved T7427: Kleopatra: Crash after decryption if files has an embedded file name from Backlog to QA on the gpd5x board.
• ikloecker triaged T8014: Kleopatra: Incorrect handling of unset keyserver in configuration dialog as Normal priority.
• ebo moved T7439: Kleopatra: DecryptVerifyFilesDialog crashes when output folder does not exist from Backlog to QA on the gpd5x board.
• ebo moved T7549: Kleopatra: crash on click in certificate extension dialog from Backlog to QA on the gpd5x board.
• ikloecker changed the status of T7772: Kleopatra: Config option - only allow upload of certificates with private key to LDAP keyserver from Open to Testing.
Backported for VSD 3.4
• ikloecker committed rKLEOPATRAbed77c838ec2: Add config option for disabling upload of public third-party keys (authored by • ikloecker).
Add config option for disabling upload of public third-party keys
• ikloecker added a comment to T7772: Kleopatra: Config option - only allow upload of certificates with private key to LDAP keyserver.
The option
[Export] AllowPublicKeyUpload=true
has been added. If this option is disabled (i.e. set to false) then Kleopatra only allows the upload of OpenPGP keys for which the user has the secret key.
• ikloecker committed rKLEOPATRA711daad6fc94: Add config option for disabling upload of public third-party keys (authored by • ikloecker).
Add config option for disabling upload of public third-party keys
• werner triaged T8013: gpgconf does not support the --enable-win32-openssh-support option for gpg-agent as Normal priority.
Frankly, he OpenSSH support for Windows was experimental and I have never tested it. If it can be confirmed that this really works and is useful, it will be easy to add the opeion to gpgconf. Note that the gpgconf option feature handles only a subset of all options on purpose.
l10n daemon script <scripty@kde.org> committed rMTPae8b9f142a84: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
l10n daemon script <scripty@kde.org> committed rLIBKLEOc63175e1a3ba: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
l10n daemon script <scripty@kde.org> committed rMTP389997ef92a9: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
l10n daemon script <scripty@kde.org> committed rLIBKLEOad2e3cfed131: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
l10n daemon script <scripty@kde.org> committed rKLEOPATRA5caa3a50e1ad: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Jan 5 2026
Jan 5 2026
tfry committed rOJe09903855d28: Move away from email-address as client mapping key (authored by tfry).
Move away from email-address as client mapping key
• ikloecker changed the status of T7848: Kleopatra: Remove whitespace from suggested export filename from Open to Testing.
Backported for VSD 3.4
• ikloecker committed rKLEOPATRA3fbe2175864f: Replace spaces and invalid characters in file names of exported keys (authored by • ikloecker).
Replace spaces and invalid characters in file names of exported keys
• ikloecker committed rKLEOPATRA379626310cd7: Add helper to sanitize strings used as file name (authored by • ikloecker).
Add helper to sanitize strings used as file name
• ikloecker committed rKLEOPATRA0d1ef9c40e3d: Rename StripSuffixTest to PathHelperTest (authored by • ikloecker).
Rename StripSuffixTest to PathHelperTest
• ikloecker committed rLIBKLEO078837dae86c: Add helper returning pretty name or email of a key (authored by • ikloecker).
Add helper returning pretty name or email of a key
• ikloecker added a comment to T7848: Kleopatra: Remove whitespace from suggested export filename.
Fixed everywhere where we export some certificate or public/secret (sub)key. Additionally, to space characters we also replace /, \, and : everywhere in the (proposed) file names now.
• werner updated the task description for T7906: Memory Corruption in ASCII-Armor Parsing.
• ikloecker committed rKLEOPATRA3c379f4e98e1: Replace spaces and invalid characters in file names of exported keys (authored by • ikloecker).
Replace spaces and invalid characters in file names of exported keys
• ikloecker committed rKLEOPATRA5e235f92da07: Rename StripSuffixTest to PathHelperTest (authored by • ikloecker).
Rename StripSuffixTest to PathHelperTest
• ikloecker committed rKLEOPATRAd37384a4da70: Add helper to sanitize strings used as file name (authored by • ikloecker).
Add helper to sanitize strings used as file name
Bump library version
• ikloecker committed rLIBKLEOaa0d63322b77: Add helper returning pretty name or email of a key (authored by • ikloecker).
Add helper returning pretty name or email of a key
• werner committed rG5f4ad39b16a4: doc: Rename an internal function to clarity the purpose. (authored by • werner).
doc: Rename an internal function to clarity the purpose.
• werner committed rG8d4fc76677cc: dirmngr: Help detection of bad keyserver configurations. (authored by • werner).
dirmngr: Help detection of bad keyserver configurations.
• ikloecker changed the status of T7637: Kleopatra: Change question on import of secret key from Open to Testing.
Fixed and backported for VSD 3.4
• ikloecker committed rKLEOPATRA9d5dbed2c25a: Avoid confusion with shared team keys (authored by • ikloecker).
Avoid confusion with shared team keys
Make tooltip less wide
timegrid moved T7730: gpg: retrieve a certificate from an LDAP server before sending it to the LDAP server from QA to Done on the gnupg26 board.
timegrid moved T7730: gpg: retrieve a certificate from an LDAP server before sending it to the LDAP server from WIP to Done on the gpd5x board.
The problem was the keyserver configuration, which does not include a scheme (ldap:):
keyserver ldap.gnupg.test:389:uid=LordPrivySeal,ou=GnuPG Users,dc=gnupg,dc=test:pass:dc=gnupg,dc=test:
• ikloecker committed rKLEOPATRAb5ee4174225b: Avoid confusion with shared team keys (authored by • ikloecker).
Avoid confusion with shared team keys
Make tooltip less wide
• werner changed the visibility for T7907: Encrypted Message Malleability Checks are Incorrectly Enforced Causing Plaintext Recovery Attacks.
• werner changed the visibility for T7901: Cleartext Signature Forgery in NotDashEscaped header implementation in GnuPG.
• werner changed the visibility for T7900: Cleartext Signature Forgery in GnuPG.
• ikloecker added a comment to T6453: Kleopatra: Show isQualified in Certificate details if true.
What does gpgsm -k --with-colons print for Werner's QES key? The usage / capabilities should contain s (for signing) and q (for qualified signing). If q is missing then something isn't set up correctly.
l10n daemon script <scripty@kde.org> committed rMTPe2a4c5ac40bc: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
l10n daemon script <scripty@kde.org> committed rMTPf7ea1d83509b: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
Jan 4 2026
Jan 4 2026
anthumchris closed T8010: Publish to NPM registry, a subtask of T7975: Official GPGme interface/bindings for Nodejs (node), as Resolved.
Published to NPM as gpgmejs, which provides disambiguation from gpgme, gpgmepp, gpgmepy, etc.
anthumchris changed the status of T8010: Publish to NPM registry, a subtask of T7975: Official GPGme interface/bindings for Nodejs (node), from Open to Testing.
Remove CI configuration
Remove Linux CI job
Remove CI configuration
Remove Linux CI job
l10n daemon script <scripty@kde.org> committed rMTPf6070eac25c7: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
completed working test and repo:
https://github.com/anthumchris/gpgmejs/
anthumchris closed T8003: Create first gnupgme nodejs binding for gpg version, a subtask of T7975: Official GPGme interface/bindings for Nodejs (node), as Resolved.
l10n daemon script <scripty@kde.org> committed rMTP00e7c980b210: GIT_SILENT Sync po/docbooks with svn (authored by l10n daemon script <scripty@kde.org>).
GIT_SILENT Sync po/docbooks with svn
thesamesam added a comment to T7990: export-minimal unexpectedly omits expired key.
That'd be great if possible, thank you!
Jan 3 2026
Jan 3 2026
heirecka committed rKLEOPATRA977ec6b88c0a: GIT_SILENT Update Appstream for new release (authored by heirecka).
GIT_SILENT Update Appstream for new release
heirecka committed rKLEOPATRAfffce3a24727: GIT_SILENT Upgrade release service version to 25.12.1. (authored by heirecka).
GIT_SILENT Upgrade release service version to 25.12.1.
heirecka committed rKLEOPATRAdbeb948b1ac8: GIT_SILENT Update Appstream for new release (authored by heirecka).
GIT_SILENT Update Appstream for new release
mfilippov updated the diff for D622: secmem: Add VirtualLock support for Windows..
secmem: Add VirtualLock support for Windows.
mfilippov requested review of D622: secmem: Add VirtualLock support for Windows..
jukivili committed rCd5cf2b90c7d0: rijndael-aesni: use assembly for moving first and last round key (authored by jukivili).
rijndael-aesni: use assembly for moving first and last round key
jukivili committed rC7afdbb2812b2: rijndael-aesni: prevent inlining AESNI functions by LTO (authored by jukivili).
rijndael-aesni: prevent inlining AESNI functions by LTO