ECC support for X.509 and in particular pkcs#12 format is limited. That is in general not a problem because such certificates are stored on a token and not on disk.

Also implemented for 2.2

Will be backported after 2.2.49

Tested with VS-Desktop-3.3.90.12-Beta

2.2 test can be done with GnuPG-VS-Desktop-3.3.90.12-Beta-Standard.msi from Sep 17

Backported to 2.2 but not yes tested with 2.2

In contrast to gnupg22 master did not proper show OCB compliance - not everything has yet been forward ported. But we can do so now and test master by setting GNUPG_ASSUME_COMPLIANCE=de-vs

re 1: Only if the option --auto-key-upload is used/configured.
re 2: Do not configure --auto-key-upload but give it on the command line.
re 3: Do not use --auto-key-upload - maybe I should add a --no-auto-key-upload option.

Hi
I have some questions about the "auto-key-upload: If an LDAP keyserver is configured (in dirmngr), upload a newly created key directly to that server" feature:

1. If an LDAP keyserver is configured, will every newly created key be uploaded? Is this upload behavior enabled by default?
2. Even with an LDAP keyserver configured, what if we don’t want to upload by default? If we prefer manual approval or want to upload only a specific subkey, how should we handle that?
3. What about keys created for testing, temporary use, or personal privacy-sensitive purposes that we don’t want others to discover?

People who use GPG tend to care deeply about privacy and don’t want to upload or expose unnecessary information.

There is a new --keyserver-option update-before-send which is enabled by default.

it would be best to add an API to gpgrt to iterate over registry entries.

A workaround exists with the new option --ignore-crl-extensions.

Perfect, thank you!

You are right. Printing the algo was missing in gnupg22.

For Beta-75 it looks similar judging from my first tries.

I managed to get the same "loading certificate" message several times in a row on this test instance by stopping and starting Kleopatra in a row twice. After removing the Signature Card 2.0 this did not happen again in 5-6 tries, although I collected 2 lingering listing processes again (not both started on the same startup). Even import of a X.509 certificate worked.

Next I managed to have one gpg and one gpgsm process each left over from the last execution of Kleopatra.
After starting Kleopatra new anyway, again "loading certificate cache" and an additional pair of gpg and gpgsm listing processes start.

Had a occurrence of the never ending "loading certificate cache" issue again.
There was a leftover gpgsm process from the previous tests (although Kleopatra warned when I closed it, that processes still running in the background were there and would be aborted).

@ebo Thank you for your continuous testing.

Unfortunately, this seems not to have ended the sporadic hangs.
I just saw a hanging initial keylisting with gpg4win-beta-70 which has gpg 2.4.6

My fault: All my test had the relax flag set which is so common to me that I did not thought about this. So you fix is for the case that no flag has been set for a fingerprint.