I was wrong. gpg (scdaemon) needed to be fixed with more changes for the interaction with pinentry.

I thought Gniibe's comment meant that gpg does report the errors now correctly…
So what is still to be done in gpg?

I don't think that anything of this can be changed in Kleopatra or even gpgme. Kleopatra relies on proper error codes by gpg.

I've created the ticket above for Q2, we need to discuss how to follow up Q1 and Q3 next week.

We should also change the "donate" button to Gpg4win then and the text to "voluntary payment".

I guess those things need to be changed in Kleopatra after @gniibe made the changes in scd. I'll add a Kleo tag for discussion, as we should probably make several tickets from this.

Ok, thanks. Closing the mail in Mailviewer will remove all temporary opened attachment files, so I'll set this to resolved.

well, you are showing 4 pinentry-qt windows above. The reference to pinentry meant those windows.

In T7502#214891, @ebo wrote:

Q3: Would you make the text in "Certify shared secret key?" wrap?

In T7502#214891, @ebo wrote:

Q2: For 2 and 3 "Certify new certificate? You have imported an new certificate (public key) […]" is not strictly correct, this could be confusing. Maybe we could use the "Certify shared secret key?" instead and change it a bit to make it fit this case too? How about starting with:
"You have imported a shared secret key / a key without primary part." And then leave out the "shared" in the second sentence and in the window title.

In T7502#214891, @ebo wrote:

Q1: Does showing the "Detailed results of importing" make sense for the above cases? One could argue that we could remove it for all single imports where any dialog is shown.

Curent state in gpg4win-5.0.2-beta-2 @ win11

• it asks for each subkey
• but no pinentry involved

@ikloecker said (paraphrased by me):

Regarding the order of items on the page: It is basically the same order, but the frame for the encryption settings improves the overview.

As far as I remember this is the intended behavior.

Tested with gpg4win-5.0.2-beta-2 @ win11.

I don't really know what you are testing, but as far as I understood the (overly verbose [sigh]) comments the only thing that was implemented is that temporary files are removed when our mail viewer is closed properly. Removing temporary files/folders left over on a crash or reboot or any other forceful termination of the mail viewer or kleopatra would be covered by the already mentioned T6842: Kleopatra: Clean up temporary files on windows.

In this comment above T6793: Cleanup temporary files / dirs with decrypted content another issue was created for this: T6842: Kleopatra: Clean up temporary files on windows
I'm not sure what to expect, before this is implemented, so I just documented it here.

Suggestion: When Kleopatra starts up, it should just delete its Temp folder.

A different order is pretty much impossible to implement in upstream kconfig without big changes/refactoring.

The registry keys "GnuPG Desktop" and "GnuPG VS-Desktop" now work correctly, i.e. existing registry keys should be considered in the next VSD 4 build.

In any case, the order still needs to be adjusted.
The current implementation is still (neither the order in the description nor on the settings page):

@werner said the reading order should be like on the page https://gnupg.com/vsd/kleopatra-settings.html:

I tend to agree with keeping it short and close to the wording we use for normal public key imports.

How about "Certification includes that you check the fingerprint against a trusted source."? "Means" seems wrong to me. @hej, please comment

ok, lets do this. I'll update the description

I'm fine with just dropping it.

I'm okay with omitting the list of suggestions for shared secret keys. The person distributing the key should have told the recipients how to import and certify them properly.

How about changing the text after sentence two simply to:

Do we agree to drop bolt font for QES certificates?
Will we change this for VSD 3.4?

The display in Okular is independent from Kleopatra, so dropping it in Kleopatra should be fine.
If a QES certificate is available, Okular should highlight and add a filter for them (which is currently not working, see T6632: Okular: Highlight / preselect "nonRepudiation" certificates for qualified signatures)

I currently have a slight preference to drop bold and go with normal font. Werner would be ok with that, too.

@svuorela said, QES certs shouldn't be required to be on a smartcard.

Using an icon for QES certificates isn't that easy because we use an icon for smartcard certificates and any list item can have at most one icon. Moreover, QES certificates are very like stored on a smartcard (isn't that even a requirement?), i.e. an icon clash is basically guaranteed.

In T6632: Okular: Highlight / preselect "nonRepudiation" certificates for qualified signatures I had the impression, that some hint is useful for signing operations. Probably not so much in general.

Highlighting QES is mostly useful for Okular, I guess.
Maybe use a symbol with a pen? That should be self-explanatory.