Thanks Werner.

I updated the rendered form of the English GPH with a warning and a link to the blog.

Thanks for the hint.

Will be in the next release.

man gpg has a WARNING section right below the RETURN Value section. The 3rd paragraph gives hints on how to use gpg with scripts etc:

https://www.gnupg.org/gph/en/manual/x135.html could benefit from the same treatment under "Clearsigned documents".

A quick fix would be to remove the link

That RFC is Experimental anyway

Ok, then this is only an issue in the VSD versions. (I confirmed with a quick test with Gpg4win-5.0.0-beta413)

That is on purpose. With a signed mail you have at least a way to tell who sent the mail. An unsigned but encrypted mail can be send by anyone and you netter don't use HTML links there.

Thanks for elaborating and the reference to rfc2440 - I now understand where that stray mail (between [RFC2822] and name-addr) in rfc4880 comes from...
Anyway, I'll treat it as if it says RFC 2822 mailbox and will treat angle brackets with bare addresses as optional.

I see, I had rfc2440 in mind which says:

By convention, it includes  an RFC 822 mail name, but there are no restrictions on its content.

thus 4880 refined it a bit. But in practice it is not the same because it is utf8 and not punycode or whatever. let's close this bug because they way it is used will work with all mail clients.

Thanks for the patch but I think it is better to fix this in yat2m. I created a new tag for bugs related to it.

Hm, "Names for the certificate" seems wrong to me. Shouldn't it better be "Names in the User IDs [of this certificate]"? I would leave of the part in [] as redundant. Likewise for the mail addresses.

Thinking about this some more, i came up with some more ways of showing some nice-to-have information in the tooltips:

Closed, since this was documentation for the workaround, four years ago.

Just a reminder: with Gnuk 1.2.15 and an ed25519 key PubkeyAuthentication unbound is required for hosts using the new feature.

Will be updated eventually. Thanks for reporting.

Updates for projects' scripts related to GnuPG for building from source may be needed; So it is at least for libgcrypt; illustration (output filtered):

Because a user in https://mstdn.social/deck/@GnuPG/113011825339406300 did read the documentation, I had a look in the documentation and in other public definitions (e.g. https://www.gnu.org/software/tar/manual/html_node/Formats.html#Formats) and I can understand the questions of the user.

gpgtar is compatible to PGP Desktop's format which they call ZIP. This is technically ustar with the most common extensions. Don't let us go into yet another TAR format discussion.

Well, my hope for this was some kind of Format where we keep the keys + the signature together with encrypted files. Because I think it is an extremely common usecase to decrypt a file, modify it and then to reencrypt it to the recipients that it was encrypted to before and I think it would be a good usability improvement if after decryption, when a file is then encrypted again Kleopatra would have the recipient dialog prefilled with the original recipients. T6564: Kleopatra: Re-encrypt an encrypted folder to the original recpients And for Gpgpass this could be used in exactly the same manner just with a diffrent UI and focused on folders with multiple files.

I am not sure I like every aspect of passtore.sh (e.g. the YAML configuration files and yet another group concept where we probably could reuse Kleopatra groups), but it's good to know that there is already a solution for this issue :)

Using signed files would have been my suggestion, too. For me I would say that "allowed to sign" depends on the ownertrust of the signature certificate. If the ownertrust of the certificate is Ultimate then you can accept the recipient list. Ultimate ownertrust is given for your own keys or for the ones marked with trusted-key in the GnuPG configuration.

Is a solution to this problem by an organization using pass for a log time with quite some users.

Interesting. i'm also not sure this is a good feature. I also still don't think the gpgv man page explains this clearly, but if you don't want to clarify it, i won't bother re-opening this issue.

All given data files are concatenated; not sure whether this is a good feature but iirc pgp 2 did it the same way.

Thanks for this prompt fix! but they're still not aligned. with this fix, the Synopsis is:

For the certificate list it might make sense to have column-specific tool tips, e.g. to give details on "not certified" in the "User IDs" column. For the fingerprint column (just to pick one example) a tool tip makes little sense.

In general, I question the usefulness of the tool tip for the certificate list. The information in the table is already very detailed and for more details there's the details view. Important information that's missing in the table shouldn't be hidden in the tool tip.

Done in 1.11.0.

Back in the ancient days we allowed to dlopen algorithms so to avoid patent problems in certain countries.