I disabled this for offline keys because I erroneously assumed that one would need the primary key for changing the password. We can simply replace the check for the primary secret key with a check for any secret subkey that's stored on disk.

Upstream fix: https://invent.kde.org/frameworks/kxmlgui/-/merge_requests/219

Show Fingerprint instead of Key-ID of certifications (change the title correspondingly)

I don't like blowing up a task with loads of unrelated additional wishes after the original request was fulfilled. At most the first request can be considered part of the original request. The other requests should be handled in multiple separate tasks.

The check happens whenever the user selects or deselects one (or more) certificates. All actions that require conditions not met by the selected certificates are disabled. Some conditions are too complex/slow/special to check, e.g. the check if an empty smart card is inserted should happen when the user triggered the action.

Regarding the requirements for a key: The action shouldn't be enabled for keys not meeting the requirements. (Just like most other actions are only enabled for a suitable selection of keys.) The info which keys are suitable belongs into the manual and not as wall of text into Kleopatra.

You forget that multiple OpenPGP smart cards might be plugged in. Although it's probably not likely that multiple empty cards are plugged in. (For comparison: The subkey action to move a key to a card allows the user to choose a suitable slot. I think it also offers non-empty slots, but I agree that for the "simple copy" it's better to offer only empty cards to prevent a disaster.)

Note for devs: In most places we can probably use Key::isBad() which excludes all kinds of keys that are not valid for use (revoked, expired, disabled, ...).

+1 for Tobias proposal

Backported to VSD 3.2

So you want the other recipients to be cleared? What shall happen if the user switches the protocol again? Shall the previously selected other recipients be restored?

I like the suggestion to add a checkbox for the upload. That's also in line with certification which is very similar to revocation.

For your own certificates Kleopatra knows what to look for when you switch the protocol: Some suitable certificate with the correct protocol belonging to the user. In fact, Kleopatra remembers the last used own sign and encrypt certificates for both protocols.

"Today" was already removed together with other changes for T6621: Kleopatra: Remove "in n days/weeks/months/years" input from Change Validity Period dialog.

I just want to point out that we have explicitly decided to remove confronting the user with five different "What next" options in the certificate creation workflow. One reason is that the choice overwhelms the users because some think they need to do everything. Another reason is that many options were completely wrong for some of our customers. Such workflows are much better documented in company-specific SOPs (standard operation procedures).

Fixed. This improves the first impression when users use the first smart card with Kleopatra.

Looks good. Remember to add ChangeLog-style entries for all affected files to the commit log message.

This was done by Tobias.

Looks good

Fixed. Two examples:

Fixed.

@werner Please review the changes again. I think Tobias addressed your comments.

@heirecka The changes were applied. Please close this MR. (Unfortunately, only the author can close patches.)

Oops. I closed the task accidentally.

Fixed (for GnuPG 2.4). I hope 2.2 prints the same status messages.

This change also avoids the accessibility problem (from the report) that tool tips close automatically if one moves the mouse cursor out of the tool tip.

I'm wondering whether it wouldn't be better to rename (or copy) the icon to pinentry.png. It's weird if a program installs an icon with a generic name in a generic location.

I think the DocAction idea doesn't really work well because it leads to empty submenus and bogus actions in the toolbar configuration and the keyboard shortcut configuration in builds that don't include the PDFs. And now, it seems, checking whether a file exists isn't enough anymore.

Note that the keys do not have origin information before they have been imported. My idea was to keep track of which job generated the results and somehow add this as origin information to the key list model.

I just want to remind you that we have added the possibility to explicitly disable opening of any URLs in Kleopatra. Don't introduce a new way to open a URL which cannot be disabled via the same setting.

Okay. 2342304000 in the colon output is 2044-03-23T00:00:00+00:00.

What does gpg -k / gpg -k --with-colons say?

Sure WKD is still checked if the conditions for an update via WKD are fulfilled.

It's not a different kind of data. In both cases it's the serial number of the smart card either in human readable form (often as printed on the smart card/USB token) or in "untranslated" raw form. It's a bit like short Git hash vs. full Git hash.

While reviewing the changes I had some doubt about some of the columns.

It seems libtool fails to add the standard C and C++ libraries to the link command line. On Linux I have "[...] -lstdc++ -lm -lc [...]" in the libtool link command line. Looks like a bug in the tooling (macports or libtool).

Done and backported for 3.2.