Page MenuHome GnuPG
Projects okular

okularTag
ActivePublic
Watch Project

Members

  • This project does not have any members.
  • View All

Watchers (1)

Details

Description

Things for the Okular PDF Tool.

Recent Activity
View All

Fri, Jan 23

timegrid edited projects for T6633: GPGME: Add API for extended key usage flags like nonRepudation, added: gpgme, gpd5x; removed Restricted Project.

@werner: Is this resolved?

Fri, Jan 23, 11:27 AM · gpd5x, gpgme, okular

Wed, Jan 21

timegrid added a comment to T6632: Okular: Highlight / preselect "nonRepudiation" certificates for qualified signatures.

I also tested to add the qual flag to the root cert in the global trusted.txt, as using qualified.txt is considered legacy, but still the same behavior

Wed, Jan 21, 2:02 PM · gpd5x, okular
timegrid added a comment to T6732: Visual representation of signature is a bit ugly.

The first time Okular was included is gpg4win-4.2.0:

Wed, Jan 21, 1:57 PM · gpd5x, okular
timegrid added a comment to T6632: Okular: Highlight / preselect "nonRepudiation" certificates for qualified signatures.

See here for how it should look like:

Wed, Jan 21, 1:33 PM · gpd5x, okular
timegrid added a comment to T6632: Okular: Highlight / preselect "nonRepudiation" certificates for qualified signatures.

I see. I added the root cert to C:\ProgramData\GNU\etc\gnupg\qualified.txt and the usage of the signing certs does include a qualified signature in Kleopatra now. Still I don't see any highlight/filter in Okular:

Wed, Jan 21, 12:46 PM · gpd5x, okular

Tue, Jan 20

svuorela added a comment to T6632: Okular: Highlight / preselect "nonRepudiation" certificates for qualified signatures.

None of these certificates are for qualified signatures.

Tue, Jan 20, 1:27 PM · gpd5x, okular
svuorela added a comment to T6732: Visual representation of signature is a bit ugly.

Try compare with a gpg4win 3.latest.

Tue, Jan 20, 1:27 PM · gpd5x, okular

Thu, Jan 15

timegrid added a comment to T6632: Okular: Highlight / preselect "nonRepudiation" certificates for qualified signatures.

On gpg4win-5.0.0 @ win11 I created a bunch of smime certs:

  • For each keyusage
    • keyEncipherment, dataEncipherment
    • digitalSignature
    • nonRepudiation
    • digitalSignature, nonRepudiation
  • Alice's certs with different names, Bob's certs with same name for each key
Thu, Jan 15, 4:26 PM · gpd5x, okular

Wed, Jan 14

timegrid added a comment to T6732: Visual representation of signature is a bit ugly.

Was anything changed? What to test here?

Wed, Jan 14, 10:44 AM · gpd5x, okular

Tue, Jan 13

ebo moved T8018: Okular: No error on signature with wrong passphrase from Backlog to WIP on the gpd5x board.
Tue, Jan 13, 4:16 PM · Bug Report, gpd5x, okular
timegrid added a comment to T7285: Okular: Improvement of error messages regarding signatures.

Thanks, looks good to me:

  • Saving to c:\windows
  • Saving with removed signing key
Tue, Jan 13, 3:30 PM · test on hold, gpd5x, okular
ebo moved T6732: Visual representation of signature is a bit ugly from Backlog to QA on the gpd5x board.
Tue, Jan 13, 2:43 PM · gpd5x, okular
ebo added a project to T6732: Visual representation of signature is a bit ugly: gpd5x.
Tue, Jan 13, 2:43 PM · gpd5x, okular
svuorela added a comment to T7285: Okular: Improvement of error messages regarding signatures.

A way to trigger some errors could be trying to save to c:\windows or some other place you can't do.
Or while you have the key list open in okular, remove the key underneath everything and then continue.

Tue, Jan 13, 2:40 PM · test on hold, gpd5x, okular
ebo moved T6632: Okular: Highlight / preselect "nonRepudiation" certificates for qualified signatures from Backlog to QA on the gpd5x board.
Tue, Jan 13, 2:39 PM · gpd5x, okular
svuorela changed the status of T6632: Okular: Highlight / preselect "nonRepudiation" certificates for qualified signatures from Open to Testing.
Tue, Jan 13, 2:38 PM · gpd5x, okular
svuorela added a comment to T6632: Okular: Highlight / preselect "nonRepudiation" certificates for qualified signatures.

We now have a filter for qualified signatures if there is any in the list

Tue, Jan 13, 2:38 PM · gpd5x, okular
svuorela changed the status of T8018: Okular: No error on signature with wrong passphrase from Open to Testing.

Fixed upstream with https://invent.kde.org/graphics/okular/-/merge_requests/1301 - not yet in our packaging

Tue, Jan 13, 2:36 PM · Bug Report, gpd5x, okular
ebo edited projects for T7658: Okular: Dirmngr startup timeout on signature validation, added: gpd5x (gpd-5.0.0); removed gpd5x.
Tue, Jan 13, 12:32 PM · gpd5x (gpd-5.0.0), Bug Report, okular
ebo edited projects for T6731: Default save dir in okular/windows is wrong, added: gpd5x (gpd-5.0.0); removed gpd5x.
Tue, Jan 13, 12:32 PM · gpd5x (gpd-5.0.0), okular
ebo edited projects for T7697: Okular: No valid smime certs found, added: gpd5x (gpd-5.0.0); removed gpd5x.
Tue, Jan 13, 12:32 PM · gpd5x (gpd-5.0.0), Bug Report, okular
ebo edited projects for T7706: Okular: "Save as" does not work, added: gpd5x (gpd-5.0.0); removed gpd5x.
Tue, Jan 13, 12:32 PM · gpd5x (gpd-5.0.0), Bug Report, okular
ebo edited projects for T7829: w32: daemon (gpg-agent/keyboxd/dirmngr) startup and connection race when there is a socket file already, added: gpd5x (gpd-5.0.0); removed gpd5x.
Tue, Jan 13, 12:32 PM · gpd5x (gpd-5.0.0), gnupg22 (gnupg-2.2.52), Bug Report, okular
ebo edited projects for T7717: Location of qt-application config files, added: gpd5x (gpd-5.0.0); removed gpd5x.
Tue, Jan 13, 12:31 PM · gpd5x (gpd-5.0.0), Windows, kleopatra, vsd34, okular
ebo moved T7982: Kleopatra, Okular: Process doesn't exit if the app is Quit from Done to gpd-5.0.0 on the gpd5x board.
Tue, Jan 13, 12:25 PM · gpd5x (gpd-5.0.0), Windows, okular, kleopatra

Fri, Jan 9

werner closed T7829: w32: daemon (gpg-agent/keyboxd/dirmngr) startup and connection race when there is a socket file already, a subtask of T7658: Okular: Dirmngr startup timeout on signature validation, as Resolved.
Fri, Jan 9, 11:21 AM · gpd5x (gpd-5.0.0), Bug Report, okular
werner closed T7829: w32: daemon (gpg-agent/keyboxd/dirmngr) startup and connection race when there is a socket file already as Resolved.

That was also fixed in gnupg 2.2.50 and thus vsd 3.3.3

Fri, Jan 9, 11:21 AM · gpd5x (gpd-5.0.0), gnupg22 (gnupg-2.2.52), Bug Report, okular
werner moved T7829: w32: daemon (gpg-agent/keyboxd/dirmngr) startup and connection race when there is a socket file already from QA to gnupg-2.2.52 on the gnupg22 board.
Fri, Jan 9, 11:19 AM · gpd5x (gpd-5.0.0), gnupg22 (gnupg-2.2.52), Bug Report, okular
timegrid updated the task description for T7285: Okular: Improvement of error messages regarding signatures.
Fri, Jan 9, 10:49 AM · test on hold, gpd5x, okular
timegrid added a project to T7285: Okular: Improvement of error messages regarding signatures: test on hold.
Fri, Jan 9, 10:48 AM · test on hold, gpd5x, okular

Thu, Jan 8

timegrid moved T7717: Location of qt-application config files from WIP to Done on the gpd5x board.

Looks good to me on gpg4win-5.0.0-beta479 @ win11.

Thu, Jan 8, 12:15 PM · gpd5x (gpd-5.0.0), Windows, kleopatra, vsd34, okular

Wed, Jan 7

werner triaged T8017: Okular: Hang on signature with smime cert and distrusted root as High priority.
Wed, Jan 7, 12:06 PM · Bug Report, S/MIME, gpd5x, okular
werner triaged T8018: Okular: No error on signature with wrong passphrase as Normal priority.
Wed, Jan 7, 12:04 PM · Bug Report, gpd5x, okular
timegrid added a comment to T8017: Okular: Hang on signature with smime cert and distrusted root.
>gpgsm -v --sign --local-user "Edward Tester" test.pdf > test.gpg.p7s
gpgsm: enabled compatibility flags:
gpgsm: looking up issuer from the Dirmngr cache
gpgsm: number of matching certificates: 0
gpgsm: dirmngr cache-only key lookup failed: No data
gpgsm: issuer certificate {04A0A7E932B29D43A9B6673139AF52C0A5FC467BF5A64D044D1AC33613ABBB73CA532569F5779999114C0118CD66FDF6E92B1B0EEE2A4D5A815DA7FD892DDDE9C1} not found using authorityKeyIdentifier
gpgsm: looking up issuer from the Dirmngr cache
gpgsm: number of matching certificates: 0
gpgsm: dirmngr cache-only key lookup failed: No data
gpgsm: certificate is good
gpgsm: root certificate is not marked trusted
gpgsm: fingerprint=D4:EC:A6:B4:69:AB:B5:44:08:27:CB:3F:C7:D7:91:08:3C:10:27:DB
gpgsm: DBG: BEGIN Certificate 'issuer':
gpgsm: DBG:      serial: 01
gpgsm: DBG:   notBefore: 2020-03-26 19:41:01
gpgsm: DBG:    notAfter: 2063-04-05 17:00:00
gpgsm: DBG:      issuer: CN=Root-CA 2020,OU=GnuPG.com,O=g10 Code GmbH,C=DE
gpgsm: DBG:     subject: CN=Root-CA 2020,OU=GnuPG.com,O=g10 Code GmbH,C=DE
gpgsm: DBG:   hash algo: 1.2.840.113549.1.1.11
gpgsm: DBG:   SHA1 Fingerprint: D4:EC:A6:B4:69:AB:B5:44:08:27:CB:3F:C7:D7:91:08:3C:10:27:DB
gpgsm: DBG: END Certificate
gpgsm: after checking the fingerprint, you may want to add it manually to the list of trusted certificates.
gpgsm: validation model used: shell
gpgsm: can't sign using 'Edward Tester': Not trusted
[GNUPG:] FAILURE gpgsm-exit 50331649
Wed, Jan 7, 9:33 AM · Bug Report, S/MIME, gpd5x, okular
svuorela added a comment to T8017: Okular: Hang on signature with smime cert and distrusted root.

How does gpgsm react if you try to sign with the certificate?

Wed, Jan 7, 9:09 AM · Bug Report, S/MIME, gpd5x, okular

Tue, Jan 6

timegrid added a comment to T8017: Okular: Hang on signature with smime cert and distrusted root.

Maybe it would be better to just not offer S/MIME certs with distrusted root cert?

Tue, Jan 6, 2:42 PM · Bug Report, S/MIME, gpd5x, okular
svuorela added a comment to T6731: Default save dir in okular/windows is wrong.

Note: It does not seem to be possible to open a pdf from an URL, at least not via CLI okular.exe <URL> (it says Unknown protocol 'https').

Tue, Jan 6, 2:35 PM · gpd5x (gpd-5.0.0), okular
timegrid moved T7285: Okular: Improvement of error messages regarding signatures from QA to WIP on the gpd5x board.

I tried to get any error response but found those issues instead:

Tue, Jan 6, 2:33 PM · test on hold, gpd5x, okular
timegrid created T8018: Okular: No error on signature with wrong passphrase.
Tue, Jan 6, 2:28 PM · Bug Report, gpd5x, okular
timegrid added a comment to T8017: Okular: Hang on signature with smime cert and distrusted root.

If all processes are killed before okular is opened, i get an error:


gpgsm-error.log102 KBDownload

Tue, Jan 6, 2:15 PM · Bug Report, S/MIME, gpd5x, okular
timegrid added a comment to T8017: Okular: Hang on signature with smime cert and distrusted root.

gpgsm.log (debug-all, whole process of signing)

gpgsm.log132 KBDownload

Tue, Jan 6, 2:11 PM · Bug Report, S/MIME, gpd5x, okular
timegrid created T8017: Okular: Hang on signature with smime cert and distrusted root.
Tue, Jan 6, 2:03 PM · Bug Report, S/MIME, gpd5x, okular
timegrid moved T6731: Default save dir in okular/windows is wrong from QA to Done on the gpd5x board.

Looks good to me on gpg4win-5.0.0-beta479 @ win11. The default path is now the same as the path of the opened file:

Tue, Jan 6, 1:40 PM · gpd5x (gpd-5.0.0), okular
ebo moved T6731: Default save dir in okular/windows is wrong from Backlog to QA on the gpd5x board.
Tue, Jan 6, 11:28 AM · gpd5x (gpd-5.0.0), okular
ebo moved T7285: Okular: Improvement of error messages regarding signatures from Backlog to QA on the gpd5x board.
Tue, Jan 6, 11:28 AM · test on hold, gpd5x, okular

Dec 23 2025

ebo closed T7982: Kleopatra, Okular: Process doesn't exit if the app is Quit as Resolved.

Yes, Kleopatra quits again with the beta from yesterday:

Dec 23 2025, 10:44 AM · gpd5x (gpd-5.0.0), Windows, okular, kleopatra

Dec 22 2025

werner moved T7982: Kleopatra, Okular: Process doesn't exit if the app is Quit from WIP to QA on the gpd5x board.

Fixed in gpg4win-5.0.0-beta476

Dec 22 2025, 5:29 PM · gpd5x (gpd-5.0.0), Windows, okular, kleopatra
ikloecker renamed T7982: Kleopatra, Okular: Process doesn't exit if the app is Quit from Kleopatra: The kleopatra.exe process doesn't exit if the app is Quit to Kleopatra, Okular: Process doesn't exit if the app is Quit.
Dec 22 2025, 4:59 PM · gpd5x (gpd-5.0.0), Windows, okular, kleopatra
ikloecker moved T7982: Kleopatra, Okular: Process doesn't exit if the app is Quit from Backlog to WIP on the gpd5x board.
Dec 22 2025, 4:58 PM · gpd5x (gpd-5.0.0), Windows, okular, kleopatra
ikloecker changed the status of T7982: Kleopatra, Okular: Process doesn't exit if the app is Quit from Open to Testing.

Fixed by applying a patch to our version of MinGW. This affected all Qt programs build with Qt 6.10.

Dec 22 2025, 4:58 PM · gpd5x (gpd-5.0.0), Windows, okular, kleopatra