Is the displayed version 4.0.0.260370 right for the appimage? shouldn't this also display the gpg4win version?

Looks good to me on gpg4win-5.0.1-beta24 @ archllinux:

The display in Okular is independent from Kleopatra, so dropping it in Kleopatra should be fine.
If a QES certificate is available, Okular should highlight and add a filter for them (which is currently not working, see T6632: Okular: Highlight / preselect "nonRepudiation" certificates for qualified signatures)

a) Here's a log anyway (ignore it, if decryption does always work):

@svuorela said, QES certs shouldn't be required to be on a smartcard.

In T6632: Okular: Highlight / preselect "nonRepudiation" certificates for qualified signatures I had the impression, that some hint is useful for signing operations. Probably not so much in general.

I added the gpgsm log output (same error as in the gpg log)

Ah, thanks for the pointer, I did not expect gpgsm to behave differently here. Then it's probably intentional and I'll close this as invalid.

Current state in gpg4win-5.0.0:

To reproduce the hang, a loop will suffice (usually happens within the first 15 times, once it needed 50 runs):

There's no other configuration, this happens with a clean gnupghome with one smime cert + root cert and the above gpgsm.conf (output on stdin/stderr):

Current state needs to be tested

@ikloecker: Is this fixed?

Current state needs to be tested as soon as T7509: gpg4win: Make the AppImage build work with the new Docker-based build script is resolved

@werner: Is this resolved?

We need to test the current state

I also tested to add the qual flag to the root cert in the global trusted.txt, as using qualified.txt is considered legacy, but still the same behavior

The first time Okular was included is gpg4win-4.2.0:

See here for how it should look like:

• https://invent.kde.org/graphics/okular/-/merge_requests/1120
• https://invent.kde.org/graphics/okular/-/merge_requests/1121

I see. I added the root cert to C:\ProgramData\GNU\etc\gnupg\qualified.txt and the usage of the signing certs does include a qualified signature in Kleopatra now. Still I don't see any highlight/filter in Okular:

The "ca" root cert is not on the ldap, if that matters

In T8048#211860, @ikloecker wrote:

some other certificates, but I guess those are from other tests

It also happens on CLI:

• gpg4win 5.0.0 @ win11

Note: This does not happen on vsd-3.3.4

gpgme.log (vsd 3.3.4):

In T8039#211727, @timegrid wrote:

I wonder where the information of the previously installed components comes from, if not from the MementoSection_SEC_kleopatra fields.

I searched the whole registry and found, that if browser integration is installed, this key still lives in WOW6432Node: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Gpg4win

Oh, surpisingly it's the other way around: if the information is given in the registry key, all components are preselected. If the key is missing (browser integration installed), only the installed components are preselected. I wonder where the information of the previously installed components comes from, if not from the MementoSection_SEC_kleopatra fields.

Another possibility would be to just add a revoked column (expiration date is already shown) to keep closer to the ldap schema.

Without browser integrations installed, the preselection works fine though.
Probably this happens, because the info in the registry is missing as soon as browser integration is installed, see T8038: NSIS: Updating line omitted if browser integration is installed

should properly uninstall the existing installation.

see also T8039: NSIS: Preselection of installed components on reinstall only works with browser integration installed

On gpg4win-5.0.0 @ win11 I created a bunch of smime certs:

• For each keyusage
  • keyEncipherment, dataEncipherment
  • digitalSignature
  • nonRepudiation
  • digitalSignature, nonRepudiation
• Alice's certs with different names, Bob's certs with same name for each key

Is this is good enough or should the import cert list also inherit the layout (with or without additional columns) from the currently active tab?

Looks good to me on gpg4win-5.0.0 @ win11. Tested with 20 starts of each combination:

• with / without keyboxd
• quitting kleopatra / killing all processes

Looks good to me on gpg4win-5.0.0 @ win11. Tested with 20 starts of each combination:

• with / without keyboxd
• quitting kleopatra / killing all processes

Looks good to me on gpg4win-5.0.0 @ win11. Tested with 20 starts of each combination:

• with / without keyboxd
• quitting kleopatra / killing all processes

Another correction: I'm quite sure, that changing the width worked for a while (until i created that new tab), but I can't reproduce this anymore (even after deleting kleopatrastaterc). Now the import list again seems to have it's own memory (changing width in the import list will be kept on the next import)

Correction: On import, the width of the last created tab (not the current one) will be used, but additional columns won't be added.

In gpg4win-5.0.0-beta479 @ win11

• I can confirm, that a new tab will inherit the layout from the currently active tab
• On import
  • The layout of the main tab is kept
  • The import cert table has it's own layout though (default columns/widths) - should this be different?
    

Mostly looks good to me on gpg4win-5.0.0-beta479 @ win11.

Looks good to me on gpg4win-5.0.0-beta479 @ win11:

Was anything changed? What to test here?

Thanks, looks good to me:

• Saving to c:\windows
  
• Saving with removed signing key
  

On gpg4win-5.0.0-beta479 @ win11 the registry settings are not read due to the organization name not set.

Importing the same files via cli does work:

Screenshots of different imports:

gpgme.log (import of kyber team key with signing key):

gpgme.log (import of normal non team key kyber cert):