Thanks for you patches. Most of them applied cleanly despite that I delayed processing them for half a year.

There are reasons why we don't used pcsc-shared by default; for example: Not all OpenPGP cards support reading the current verification state (whether a PIN has already been entered) and thus we use a local cache for this. Other shared applications may change the state behind our back or even switch to another application on the card. Thus we use the safe way.

Thanks

The primary version of that script is in libgpg-error. Thus it needs to be fixed therefirst.

I would prefer to store legacy manuals on the web server. That is the easier solution.

@werner, because we have talked about it:

It would be convenient if the -c option could be easily set in the gpg-agent.conf or in some configuration file for pinentry. The workaround that I use now to create a script that I can then use as pinentry-program is extra work because it requires an additional script.

Well, as I've said in the comment above, there doesn't seem to be any correction towarads --passphrase-fd not requiring --pinentry-mode loopback (still works withou)... and --no-default-keyring still gives the impression that it would be needed (while --no-keyring works as well).

Please don't, if you really feel like tha tis not resolved please re-open this ticket.

@werner shall I open a new ticket for the remaining stuff?

The changes do not seem to touch anything I've mentoned in (1)?

Yes, --no-keyring should enough for the subset of gpg commands which do not need keys.

I think the behavior makes perfect sense for Unix but the default delimiter for .txt in Windows is \r\n.

The OP wants to do symmetric encryption. This isn't about the passphrase that protects a key.

Yes, we read up to the first LF. This has been the traditional way of PGP2 and is still used by mail programs like Mutt.

I'm guessing gpg in Unix has stripped the \n if present? I don't have access to a real Unix system at the moment.

I see that problem but gpg has traditionally not interpreted the passphrase in any way. Right, for Windows we could strip the CR but I fear that this might break other users scripts/passphrases. However there should be a warning in the manual.

I have rather created D536 as IMO the timeout should be changed, not the documentation.

Actually we considerto remove this feature from the GUI because with the global config we have a more versatile feature now.

Won't be done because the expectations of users are different on whether they use ssh-agent or gpg-agent. And it breaks scripts

Done. FWIW. in 2.3 symcryptrun will be removed entirely.

See also https://gitlab.com/openpgp-wg/webkey-directory/-/issues/3 which is the same issue.