Let's see whether Niibe-san still remembers the T7882 case.

Can you please test the patch below in your environment. That would be helpful.

You need to get a log form gpg-agent. Put this into ~/.gnupg/gpg-agent/conf

Not a good idea. Because then the user will open it with the browser and the browser loads all kind of additional data including drive-by malware. If HTML *mail* is shown by a MUA no links should be followed to keep information and the fact that it was read confidential.

I think locate mode is mostly meant to be used to retrieve a single key

We talked about this in our developer meeting on Monday. I have never experienced the problem because I use the Qt version only on Windows and for my own use I use the Gtk version. In any case I think that Qt and fltk should fallback to curses to cover the case of using the Pinentry for a system startup on the console (e.g. the g13 case) with later switching to a GUI. And of course for those users who switch between GUI and console.

Setting to low because this has never been a problem in the last 30 or 35 years. A check to help pinpointing bad keys is however a good idea.

That change is too complex for just getting a proper error message. The original patch covers the most common case.

I guess no. But yes, am also annoyed by the default for "insert card" - sometimes several times a day. We should really fix that.

It is clearly not implemented for S/MIME: rKLEOPATRA9eed4a45ed93 but it should be.

I can't remember why Ben introduced the new status. OTOH, I wish that the Qt-Pinentry also emits a button_info line for closing the window. Normal users don't notice the difference but if you have a lot of private keys and you get a mail which has only hidden recipients the full_canceled is pretty useful. Also for other tasks like allow-mark-trusted: On Windows with the qt-pinentry I am always cursing about this but on my box I only need to close the pinentry window to get a fully_canceled

BTW, LibrePGP also demands p < q in "Algorithm-Specific Part for RSA Keys".

Du we have any information on whether the CRT is used and whether u et al. is also wrong? For example due to an OpenSSL generated key?

pinentry-tty and pinentry-curses support GPG_ERR_FULLY_CANCELED by Ctrl-C. But other pinentry implementations have no support (only GPG_ERR_CANCELED).

What is an "incomplete team key" - a standard offline secret key (i.e. one with only secret subkeys)?

If you specify a primary key the primary key shall be deleted. If there is only an offline or token based primary it can't be deleted. This is what the user requested. We can't change this because otherwise subkeys might be unintentionally deleted.

Shall that be used for key creation or shall a warning be displayed when a non-allowed key is used (receive or send)?

This is not "Unbreak now" because we have not released the software yet. Unbreak now should be used for bugs in deployed software but not during development.

Libkleo does not specify the curve in the parameter file becuase keyCurvve:isEmpty is asserted:

Works on the command line and adding a subkey later does also work.

IIRC, support for the keybox fomat was added on Debian's request with 2.1.7 in 2015 to gpgv. In fact gpgv was written on Debian's request (1.0.4 from fall 2000).