diff --git a/CMakeLists.txt b/CMakeLists.txt
index 43014341b..c68ad24ec 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1,222 +1,223 @@
 # SPDX-FileCopyrightText: none
 # SPDX-License-Identifier: BSD-3-Clause
 cmake_minimum_required(VERSION 3.16 FATAL_ERROR)
 
 set(RELEASE_SERVICE_VERSION_MAJOR "22")
 set(RELEASE_SERVICE_VERSION_MINOR "03")
 set(RELEASE_SERVICE_VERSION_MICRO "70")
 
 # The RELEASE_SERVICE_VERSION is used by Gpg4win to add the Gpg4win version
 if (NOT RELEASE_SERVICE_VERSION)
     set(RELEASE_SERVICE_VERSION "${RELEASE_SERVICE_VERSION_MAJOR}.${RELEASE_SERVICE_VERSION_MINOR}.${RELEASE_SERVICE_VERSION_MICRO}")
 endif()
 if(RELEASE_SERVICE_VERSION_MICRO LESS 10)
     set(KDE_APPLICATIONS_COMPACT_VERSION "${RELEASE_SERVICE_VERSION_MAJOR}${RELEASE_SERVICE_VERSION_MINOR}0${RELEASE_SERVICE_VERSION_MICRO}")
 else()
     set(KDE_APPLICATIONS_COMPACT_VERSION "${RELEASE_SERVICE_VERSION_MAJOR}${RELEASE_SERVICE_VERSION_MINOR}${RELEASE_SERVICE_VERSION_MICRO}")
 endif()
 
 set(KLEOPATRA_VERSION_MAJOR "3")
 set(KLEOPATRA_VERSION_MINOR "1")
 set(KLEOPATRA_VERSION_MICRO "20")
 
 set(kleopatra_version "${KLEOPATRA_VERSION_MAJOR}.${KLEOPATRA_VERSION_MINOR}.${KLEOPATRA_VERSION_MICRO}.${KDE_APPLICATIONS_COMPACT_VERSION}")
 # The following is for Windows
 set(kleopatra_version_win "${KLEOPATRA_VERSION_MAJOR}.${KLEOPATRA_VERSION_MINOR}.${KLEOPATRA_VERSION_MICRO}")
 set(kleopatra_fileversion_win "${KLEOPATRA_VERSION_MAJOR},${KLEOPATRA_VERSION_MINOR},${KLEOPATRA_VERSION_MICRO},0")
 
 project(kleopatra VERSION ${kleopatra_version})
 
 option(DISABLE_KWATCHGNUPG "Don't build the kwatchgnupg tool [default=OFF]" OFF)
 
 # Standalone build. Find / include everything necessary.
 set(KF5_MIN_VERSION "5.90.0")
 set(KMIME_VERSION "5.19.40")
 set(LIBKLEO_VERSION "5.19.47")
 set(QT_REQUIRED_VERSION "5.15.2")
 set(GPGME_REQUIRED_VERSION "1.15.0")
 set(BOOST_REQUIRED_VERSION "1.58")
 
 if (WIN32)
   set(KF5_WANT_VERSION "5.70.0")
   set(KMIME_WANT_VERSION "5.12.0")
 else ()
   set(KF5_WANT_VERSION ${KF5_MIN_VERSION})
   set(KMIME_WANT_VERSION ${KMIME_VERSION})
 endif ()
 
 find_package(ECM ${KF5_WANT_VERSION} CONFIG REQUIRED)
 set(CMAKE_MODULE_PATH ${ECM_MODULE_PATH})
 set(CMAKE_MODULE_PATH ${CMAKE_CURRENT_SOURCE_DIR}/cmake/modules ${CMAKE_MODULE_PATH})
 
 include(ECMInstallIcons)
 include(ECMSetupVersion)
 include(ECMAddTests)
 include(GenerateExportHeader)
 include(ECMGenerateHeaders)
 include(FeatureSummary)
 include(CheckFunctionExists)
 include(KDEInstallDirs)
 include(KDECMakeSettings)
 include(KDECompilerSettings NO_POLICY_SCOPE)
 include(ECMAddAppIcon)
 include(ECMQtDeclareLoggingCategory)
 
 # Find KF5 packages
 find_package(KF5WidgetsAddons ${KF5_WANT_VERSION} CONFIG REQUIRED)
 find_package(KF5ConfigWidgets ${KF5_WANT_VERSION} CONFIG REQUIRED)
 find_package(KF5CoreAddons ${KF5_WANT_VERSION} CONFIG REQUIRED)
 find_package(KF5Codecs ${KF5_WANT_VERSION} CONFIG REQUIRED)
 find_package(KF5Config ${KF5_WANT_VERSION} CONFIG REQUIRED)
 find_package(KF5I18n ${KF5_WANT_VERSION} CONFIG REQUIRED)
 find_package(KF5IconThemes ${KF5_WANT_VERSION} CONFIG REQUIRED)
 find_package(KF5ItemModels ${KF5_WANT_VERSION} CONFIG REQUIRED)
 find_package(KF5XmlGui ${KF5_WANT_VERSION} CONFIG REQUIRED)
 find_package(KF5WindowSystem ${KF5_WANT_VERSION} CONFIG REQUIRED)
 find_package(KF5DocTools ${KF5_WANT_VERSION} CONFIG)
 find_package(KF5Crash ${KF5_WANT_VERSION} REQUIRED)
 
 set_package_properties(KF5DocTools PROPERTIES
     DESCRIPTION "Documentation tools"
     PURPOSE "Required to generate Kleopatra documentation."
     TYPE OPTIONAL)
 
 # Optional packages
 if (WIN32)
   # Only a replacement available for Windows so this
   # is required on other platforms.
   find_package(KF5DBusAddons ${KF5_WANT_VERSION} CONFIG)
   set_package_properties(KF5DBusAddons PROPERTIES DESCRIPTION "Support library to work with DBus"
                          PURPOSE "DBus session integration"
                          URL "https://inqlude.org/libraries/kdbusaddons.html"
                          TYPE OPTIONAL)
 else()
   find_package(KF5DBusAddons ${KF5_WANT_VERSION} CONFIG REQUIRED)
   set(_kleopatra_dbusaddons_libs KF5::DBusAddons)
 endif()
 
 set(HAVE_QDBUS ${Qt${QT_MAJOR_VERSION}DBus_FOUND})
 
 find_package(Gpgmepp ${GPGME_REQUIRED_VERSION} CONFIG REQUIRED)
 if (Gpgmepp_VERSION VERSION_GREATER_EQUAL "1.16.0")
     set(GPGMEPP_SUPPORTS_TRUST_SIGNATURES 1)
 endif()
 find_package(QGpgme ${GPGME_REQUIRED_VERSION} CONFIG REQUIRED)
 if (QGpgme_VERSION VERSION_GREATER_EQUAL "1.16.0")
     set(QGPGME_SUPPORTS_TRUST_SIGNATURES 1)
     set(QGPGME_SUPPORTS_SIGNATURE_EXPIRATION 1)
 endif()
 if (QGpgme_VERSION VERSION_GREATER_EQUAL "1.16.1")
     set(QGPGME_SUPPORTS_CHANGING_EXPIRATION_OF_COMPLETE_KEY 1)
     set(QGPGME_CRYPTOCONFIGENTRY_HAS_DEFAULT_VALUE 1)
     set(QGPGME_SUPPORTS_WKDLOOKUP 1)
     set(QGPGME_SUPPORTS_IMPORT_WITH_FILTER 1)
     set(QGPGME_SUPPORTS_IMPORT_WITH_KEY_ORIGIN 1)
+    set(QGPGME_SUPPORTS_SECRET_KEY_EXPORT 1)
     set(QGPGME_SUPPORTS_SECRET_SUBKEY_EXPORT 1)
 endif()
 
 # Kdepimlibs packages
 find_package(KF5Libkleo ${LIBKLEO_VERSION} CONFIG REQUIRED)
 find_package(KF5Mime ${KMIME_WANT_VERSION} CONFIG REQUIRED)
 
 find_package(Qt${QT_MAJOR_VERSION} ${QT_REQUIRED_VERSION} CONFIG REQUIRED Widgets Test Network PrintSupport)
 
 find_package(Assuan2 REQUIRED)
 
 
 find_package(Boost ${BOOST_REQUIRED_VERSION} MODULE REQUIRED)
 
 find_path(Boost_TOPOLOGICAL_SORT_DIR NAMES boost/graph/topological_sort.hpp PATHS ${Boost_INCLUDE_DIRS})
 if(NOT Boost_TOPOLOGICAL_SORT_DIR)
     message(FATAL_ERROR "The Boost Topological_sort header was NOT found. Should be part of Boost graph module.")
 endif()
 
 set(kleopatra_release FALSE)
 
 if(NOT kleopatra_release)
     find_package(Git)
     if(GIT_FOUND)
         execute_process(COMMAND ${GIT_EXECUTABLE} rev-parse
                         WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}
                         RESULT_VARIABLE rc
                         ERROR_QUIET)
         if(rc EQUAL 0)
             execute_process(COMMAND ${GIT_EXECUTABLE} log -1 --oneline --format=%h ${CMAKE_CURRENT_SOURCE_DIR}
                 WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}
                 OUTPUT_VARIABLE Kleopatra_WC_REVISION)
             string(REGEX REPLACE "\n" "" Kleopatra_WC_REVISION "${Kleopatra_WC_REVISION}")
 
             execute_process(COMMAND ${GIT_EXECUTABLE} log -1 --oneline --format=%cI ${CMAKE_CURRENT_SOURCE_DIR}
                 WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}
                 OUTPUT_VARIABLE Kleopatra_WC_LAST_CHANGED_DATE)
             string(REGEX REPLACE "^([0-9]+)-([0-9]+)-([0-9]+)T([0-9]+):([0-9]+):([0-9]+).*$" "\\1\\2\\3T\\4\\5\\6"
                    Kleopatra_WC_LAST_CHANGED_DATE "${Kleopatra_WC_LAST_CHANGED_DATE}")
 
             set(kleopatra_version "${kleopatra_version}+git${Kleopatra_WC_LAST_CHANGED_DATE}~${Kleopatra_WC_REVISION}")
         endif()
     endif()
 endif()
 
 configure_file(${CMAKE_CURRENT_SOURCE_DIR}/version-kleopatra.h.cmake ${CMAKE_CURRENT_BINARY_DIR}/version-kleopatra.h)
 
 include (ConfigureChecks.cmake)
 
 configure_file(${CMAKE_CURRENT_SOURCE_DIR}/config-kleopatra.h.cmake ${CMAKE_CURRENT_BINARY_DIR}/config-kleopatra.h)
 include_directories(
     ${CMAKE_CURRENT_BINARY_DIR}
     ${CMAKE_CURRENT_SOURCE_DIR}
     ${Boost_INCLUDE_DIRS}
     ${ASSUAN2_INCLUDES}
     )
 
 add_definitions(-D_ASSUAN_ONLY_GPG_ERRORS)
 add_definitions(-DQT_DISABLE_DEPRECATED_BEFORE=0x050e00)
 add_definitions(-DKF_DISABLE_DEPRECATED_BEFORE_AND_AT=0x055A00)
 if(CMAKE_COMPILER_IS_GNUCXX)
     set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wno-missing-braces -Wno-parentheses -Wno-ignored-qualifiers")
 endif()
 add_definitions(-DQT_NO_EMIT)
 remove_definitions(-DQT_NO_FOREACH)
 
 # Disable the use of QStringBuilder for operator+ to prevent crashes when
 # returning the result of concatenating string temporaries in lambdas. We do
 # this for example in some std::transform expressions.
 # This is a known issue: https://bugreports.qt.io/browse/QTBUG-47066
 # Alternatively, one would always have to remember to force the lambdas to
 # return a QString instead of QStringBuilder, but that's just too easy to
 # forget and, unfortunately, the compiler doesn't issue a warning if one forgets
 # this. So, it's just too dangerous.
 # One can still use QStringBuilder explicitly with the operator% if necessary.
 remove_definitions(-DQT_USE_FAST_OPERATOR_PLUS)
 remove_definitions(-DQT_USE_QSTRINGBUILDER)
 
 kde_enable_exceptions()
 option(USE_UNITY_CMAKE_SUPPORT "Use UNITY cmake support (speedup compile time)" OFF)
 
 set(COMPILE_WITH_UNITY_CMAKE_SUPPORT OFF)
 if (USE_UNITY_CMAKE_SUPPORT)
     set(COMPILE_WITH_UNITY_CMAKE_SUPPORT ON)
 endif()
 
 
 add_subdirectory(pics)
 add_subdirectory(src)
 
 if(BUILD_TESTING)
     add_subdirectory(tests)
     add_subdirectory(autotests)
 endif()
 
 ecm_qt_install_logging_categories(
         EXPORT KLEOPATRA
         FILE kleopatra.categories
         DESTINATION ${KDE_INSTALL_LOGGINGCATEGORIESDIR}
         )
 
 ki18n_install(po)
 if(KF5DocTools_FOUND)
     kdoctools_install(po)
     add_subdirectory(doc)
 endif()
 feature_summary(WHAT ALL FATAL_ON_MISSING_REQUIRED_PACKAGES)
 
diff --git a/config-kleopatra.h.cmake b/config-kleopatra.h.cmake
index d1382e079..8606784de 100644
--- a/config-kleopatra.h.cmake
+++ b/config-kleopatra.h.cmake
@@ -1,52 +1,55 @@
 /* Define to 1 if you have a recent enough libassuan */
 #cmakedefine HAVE_USABLE_ASSUAN 1
 
 /* Define to 1 if you have libassuan v2 */
 #cmakedefine HAVE_ASSUAN2 1
 
 #ifndef HAVE_ASSUAN2
 /* Define to 1 if your libassuan has the assuan_fd_t type  */
 #cmakedefine HAVE_ASSUAN_FD_T 1
 
 /* Define to 1 if your libassuan has the assuan_inquire_ext function */
 #cmakedefine HAVE_ASSUAN_INQUIRE_EXT 1
 
 /* Define to 1 if your assuan_inquire_ext puts the buffer arguments into the callback signature */
 #cmakedefine HAVE_NEW_STYLE_ASSUAN_INQUIRE_EXT 1
 
 /* Define to 1 if your libassuan has the assuan_sock_get_nonce function */
 #cmakedefine HAVE_ASSUAN_SOCK_GET_NONCE 1
 
 #endif
 /* Define to 1 if you build libkleopatraclient */
 #cmakedefine HAVE_KLEOPATRACLIENT_LIBRARY 1
 
 /* DBus available */
 #cmakedefine01 HAVE_QDBUS
 
 /* Defined if GpgME++ supports trust signatures */
 #cmakedefine GPGMEPP_SUPPORTS_TRUST_SIGNATURES 1
 
 /* Defined if QGpgME supports trust signatures */
 #cmakedefine QGPGME_SUPPORTS_TRUST_SIGNATURES 1
 
 /* Defined if QGpgME supports setting an expiration date for signatures */
 #cmakedefine QGPGME_SUPPORTS_SIGNATURE_EXPIRATION 1
 
 /* Defined if QGpgME supports changing the expiration date of the primary key and the subkeys simultaneously */
 #cmakedefine QGPGME_SUPPORTS_CHANGING_EXPIRATION_OF_COMPLETE_KEY 1
 
 /* Defined if QGpgME supports retrieving the default value of a config entry */
 #cmakedefine QGPGME_CRYPTOCONFIGENTRY_HAS_DEFAULT_VALUE 1
 
 /* Defined if QGpgME supports WKD lookup */
 #cmakedefine QGPGME_SUPPORTS_WKDLOOKUP 1
 
 /* Defined if QGpgME supports specifying an import filter when importing keys */
 #cmakedefine QGPGME_SUPPORTS_IMPORT_WITH_FILTER 1
 
 /* Defined if QGpgME supports setting key origin when importing keys */
 #cmakedefine QGPGME_SUPPORTS_IMPORT_WITH_KEY_ORIGIN 1
 
+/* Defined if QGpgME supports the export of secret keys */
+#cmakedefine QGPGME_SUPPORTS_SECRET_KEY_EXPORT 1
+
 /* Defined if QGpgME supports the export of secret subkeys */
 #cmakedefine QGPGME_SUPPORTS_SECRET_SUBKEY_EXPORT 1
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 3a7c91558..fbeb0410d 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -1,389 +1,390 @@
 # SPDX-FileCopyrightText: none
 # SPDX-License-Identifier: BSD-3-Clause
 add_subdirectory(icons)
 add_subdirectory(mimetypes)
 
 include_directories(${CMAKE_CURRENT_BINARY_DIR})
 include_directories(${CMAKE_CURRENT_SOURCE_DIR})
 
 if (NOT DISABLE_KWATCHGNUPG)
     add_subdirectory(kwatchgnupg)
 endif()
 add_subdirectory(libkleopatraclient)
 add_subdirectory(conf)
 add_subdirectory(kconf_update)
 
 if(WIN32)
   set(_kleopatra_extra_uiserver_SRCS uiserver/uiserver_win.cpp)
   set(_kleopatra_extra_SRCS
       utils/gnupg-registry.c
       selftest/registrycheck.cpp
       utils/windowsprocessdevice.cpp
       utils/userinfo_win.cpp
   )
 else()
   set(_kleopatra_extra_uiserver_SRCS uiserver/uiserver_unix.cpp)
   set(_kleopatra_extra_SRCS)
 endif()
 
 set(_kleopatra_uiserver_SRCS
     uiserver/sessiondata.cpp
     uiserver/uiserver.cpp
     ${_kleopatra_extra_uiserver_SRCS}
     uiserver/assuanserverconnection.cpp
     uiserver/echocommand.cpp
     uiserver/decryptverifycommandemailbase.cpp
     uiserver/decryptverifycommandfilesbase.cpp
     uiserver/signcommand.cpp
     uiserver/signencryptfilescommand.cpp
     uiserver/prepencryptcommand.cpp
     uiserver/prepsigncommand.cpp
     uiserver/encryptcommand.cpp
     uiserver/selectcertificatecommand.cpp
     uiserver/importfilescommand.cpp
     uiserver/createchecksumscommand.cpp
     uiserver/verifychecksumscommand.cpp
 
     selftest/uiservercheck.cpp
   )
 
 if(ASSUAN2_FOUND)
   include_directories(${ASSUAN2_INCLUDES})
   set(_kleopatra_uiserver_extra_libs ${ASSUAN2_LIBRARIES})
 else()
   include_directories(${ASSUAN_INCLUDES})
   if(WIN32)
     set(_kleopatra_uiserver_extra_libs ${ASSUAN_VANILLA_LIBRARIES})
   else()
     set(_kleopatra_uiserver_extra_libs ${ASSUAN_PTHREAD_LIBRARIES})
   endif()
 endif()
 
 if(HAVE_GPG_ERR_SOURCE_KLEO)
   add_definitions(-DGPG_ERR_SOURCE_DEFAULT=GPG_ERR_SOURCE_KLEO)
   add_definitions(-DGPGMEPP_ERR_SOURCE_DEFAULT=GPG_ERR_SOURCE_KLEO)
 else()
   add_definitions(-DGPG_ERR_SOURCE_DEFAULT=GPG_ERR_SOURCE_USER_1)
   add_definitions(-DGPGMEPP_ERR_SOURCE_DEFAULT=GPG_ERR_SOURCE_USER_1)
 endif()
 
 ki18n_wrap_ui(_kleopatra_uiserver_SRCS crypto/gui/signingcertificateselectionwidget.ui)
 
 set(_kleopatra_SRCS
   utils/gui-helper.cpp
   utils/filedialog.cpp
   utils/kdpipeiodevice.cpp
   utils/headerview.cpp
   utils/scrollarea.cpp
   utils/dragqueen.cpp
   utils/multivalidator.cpp
   utils/systemtrayicon.cpp
 
   utils/hex.cpp
   utils/path-helper.cpp
   utils/input.cpp
   utils/output.cpp
   utils/validation.cpp
   utils/wsastarter.cpp
   utils/iodevicelogger.cpp
   utils/log.cpp
   utils/action_data.cpp
   utils/types.cpp
   utils/archivedefinition.cpp
   utils/auditlog.cpp
   utils/clipboardmenu.cpp
   utils/kuniqueservice.cpp
   utils/tags.cpp
   utils/writecertassuantransaction.cpp
   utils/keyparameters.cpp
   utils/userinfo.cpp
 
   selftest/selftest.cpp
   selftest/enginecheck.cpp
   selftest/gpgconfcheck.cpp
   selftest/gpgagentcheck.cpp
   selftest/libkleopatrarccheck.cpp
   selftest/compliancecheck.cpp
 
   ${_kleopatra_extra_SRCS}
 
   view/htmllabel.cpp
   view/keylistcontroller.cpp
   view/keytreeview.cpp
   view/searchbar.cpp
   view/smartcardwidget.cpp
   view/openpgpkeycardwidget.cpp
   view/padwidget.cpp
   view/pgpcardwidget.cpp
   view/pivcardwidget.cpp
   view/p15cardwidget.cpp
   view/netkeywidget.cpp
   view/nullpinwidget.cpp
   view/tabwidget.cpp
   view/keycacheoverlay.cpp
   view/urllabel.cpp
   view/waitwidget.cpp
   view/welcomewidget.cpp
 
   dialogs/certificateselectiondialog.cpp
   dialogs/certifywidget.cpp
   dialogs/expirydialog.cpp
   dialogs/lookupcertificatesdialog.cpp
   dialogs/ownertrustdialog.cpp
   dialogs/selftestdialog.cpp
   dialogs/certifycertificatedialog.cpp
   dialogs/revokecertificationwidget.cpp
   dialogs/revokecertificationdialog.cpp
   dialogs/adduseriddialog.cpp
   dialogs/addemaildialog.cpp
   dialogs/deletecertificatesdialog.cpp
   dialogs/setinitialpindialog.cpp
   dialogs/certificatedetailsdialog.cpp
   dialogs/certificatedetailswidget.cpp
   dialogs/trustchainwidget.cpp
   dialogs/weboftrustwidget.cpp
   dialogs/weboftrustdialog.cpp
   dialogs/exportdialog.cpp
   dialogs/subkeyswidget.cpp
   dialogs/gencardkeydialog.cpp
   dialogs/updatenotification.cpp
   dialogs/pivcardapplicationadministrationkeyinputdialog.cpp
   dialogs/certificatedetailsinputwidget.cpp
   dialogs/createcsrforcardkeydialog.cpp
   dialogs/groupdetailsdialog.cpp
   dialogs/editgroupdialog.cpp
 
   crypto/controller.cpp
   crypto/certificateresolver.cpp
   crypto/sender.cpp
   crypto/recipient.cpp
   crypto/task.cpp
   crypto/taskcollection.cpp
   crypto/decryptverifytask.cpp
   crypto/decryptverifyemailcontroller.cpp
   crypto/decryptverifyfilescontroller.cpp
   crypto/autodecryptverifyfilescontroller.cpp
   crypto/encryptemailtask.cpp
   crypto/encryptemailcontroller.cpp
   crypto/newsignencryptemailcontroller.cpp
   crypto/signencrypttask.cpp
   crypto/signencryptfilescontroller.cpp
   crypto/signemailtask.cpp
   crypto/signemailcontroller.cpp
   crypto/createchecksumscontroller.cpp
   crypto/verifychecksumscontroller.cpp
 
   crypto/gui/wizard.cpp
   crypto/gui/wizardpage.cpp
 
   crypto/gui/certificateselectionline.cpp
   crypto/gui/certificatelineedit.cpp
   crypto/gui/signingcertificateselectionwidget.cpp
   crypto/gui/signingcertificateselectiondialog.cpp
 
   crypto/gui/resultitemwidget.cpp
   crypto/gui/resultlistwidget.cpp
   crypto/gui/resultpage.cpp
 
   crypto/gui/newresultpage.cpp
   crypto/gui/signencryptfileswizard.cpp
 
   crypto/gui/signencryptemailconflictdialog.cpp
 
   crypto/gui/decryptverifyoperationwidget.cpp
   crypto/gui/decryptverifyfileswizard.cpp
   crypto/gui/decryptverifyfilesdialog.cpp
 
   crypto/gui/objectspage.cpp
   crypto/gui/resolverecipientspage.cpp
   crypto/gui/signerresolvepage.cpp
   crypto/gui/encryptemailwizard.cpp
   crypto/gui/signemailwizard.cpp
   crypto/gui/signencryptwidget.cpp
   crypto/gui/signencryptwizard.cpp
   crypto/gui/unknownrecipientwidget.cpp
 
   crypto/gui/verifychecksumsdialog.cpp
 
   commands/command.cpp
   commands/gnupgprocesscommand.cpp
   commands/detailscommand.cpp
   commands/exportcertificatecommand.cpp
   commands/exportgroupscommand.cpp
   commands/importcertificatescommand.cpp
   commands/importcertificatefromfilecommand.cpp
   commands/importcertificatefromclipboardcommand.cpp
   commands/importcertificatefromdatacommand.cpp
   commands/lookupcertificatescommand.cpp
   commands/reloadkeyscommand.cpp
   commands/refreshx509certscommand.cpp
   commands/refreshopenpgpcertscommand.cpp
   commands/deletecertificatescommand.cpp
   commands/decryptverifyfilescommand.cpp
   commands/signencryptfilescommand.cpp
   commands/signencryptfoldercommand.cpp
   commands/encryptclipboardcommand.cpp
   commands/signclipboardcommand.cpp
   commands/decryptverifyclipboardcommand.cpp
   commands/clearcrlcachecommand.cpp
   commands/dumpcrlcachecommand.cpp
   commands/dumpcertificatecommand.cpp
   commands/importcrlcommand.cpp
   commands/changeexpirycommand.cpp
   commands/changeownertrustcommand.cpp
   commands/changeroottrustcommand.cpp
   commands/changepassphrasecommand.cpp
   commands/certifycertificatecommand.cpp
   commands/revokecertificationcommand.cpp
   commands/selftestcommand.cpp
+  commands/exportsecretkeycommand.cpp
   commands/exportsecretkeycommand_old.cpp
   commands/exportsecretsubkeycommand.cpp
   commands/exportopenpgpcertstoservercommand.cpp
   commands/adduseridcommand.cpp
   commands/newcertificatecommand.cpp
   commands/setinitialpincommand.cpp
   commands/learncardkeyscommand.cpp
   commands/checksumcreatefilescommand.cpp
   commands/checksumverifyfilescommand.cpp
   commands/exportpaperkeycommand.cpp
   commands/importpaperkeycommand.cpp
   commands/genrevokecommand.cpp
   commands/keytocardcommand.cpp
   commands/cardcommand.cpp
   commands/pivgeneratecardkeycommand.cpp
   commands/changepincommand.cpp
   commands/authenticatepivcardapplicationcommand.cpp
   commands/setpivcardapplicationadministrationkeycommand.cpp
   commands/certificatetopivcardcommand.cpp
   commands/importcertificatefrompivcardcommand.cpp
   commands/createopenpgpkeyfromcardkeyscommand.cpp
   commands/createcsrforcardkeycommand.cpp
   commands/listreaderscommand.cpp
 
   ${_kleopatra_uiserver_files}
 
   conf/configuredialog.cpp
   conf/groupsconfigdialog.cpp
   conf/groupsconfigpage.cpp
   conf/groupsconfigwidget.cpp
 
   newcertificatewizard/listwidget.cpp
   newcertificatewizard/newcertificatewizard.cpp
 
   smartcard/readerstatus.cpp
   smartcard/card.cpp
   smartcard/openpgpcard.cpp
   smartcard/netkeycard.cpp
   smartcard/pivcard.cpp
   smartcard/p15card.cpp
   smartcard/keypairinfo.cpp
   smartcard/utils.cpp
   smartcard/deviceinfowatcher.cpp
 
   accessibility/accessiblerichtextlabel.cpp
   accessibility/accessiblewidgetfactory.cpp
 
   aboutdata.cpp
   systrayicon.cpp
   kleopatraapplication.cpp
   mainwindow.cpp
   main.cpp
   kleopatra.qrc
 )
 
 if(WIN32)
   configure_file (versioninfo.rc.in versioninfo.rc)
   set(_kleopatra_SRCS ${CMAKE_CURRENT_BINARY_DIR}/versioninfo.rc ${_kleopatra_SRCS})
 endif()
 
 set (_kleopatra_SRCS conf/kleopageconfigdialog.cpp ${_kleopatra_SRCS})
 
 ecm_qt_declare_logging_category(_kleopatra_SRCS HEADER kleopatra_debug.h IDENTIFIER KLEOPATRA_LOG CATEGORY_NAME org.kde.pim.kleopatra
         DESCRIPTION "kleopatra (kleopatra)"
         OLD_CATEGORY_NAMES log_kleopatra
         EXPORT KLEOPATRA
     )
 
 
 if(KLEO_MODEL_TEST)
   add_definitions(-DKLEO_MODEL_TEST)
   set(_kleopatra_SRCS ${_kleopatra_SRCS} models/modeltest.cpp)
 endif()
 
 ki18n_wrap_ui(_kleopatra_SRCS
   dialogs/ownertrustdialog.ui
   dialogs/selectchecklevelwidget.ui
   dialogs/selftestdialog.ui
   dialogs/adduseriddialog.ui
   dialogs/setinitialpindialog.ui
   dialogs/trustchainwidget.ui
   dialogs/subkeyswidget.ui
   newcertificatewizard/listwidget.ui
   newcertificatewizard/chooseprotocolpage.ui
   newcertificatewizard/enterdetailspage.ui
   newcertificatewizard/keycreationpage.ui
   newcertificatewizard/resultpage.ui
   newcertificatewizard/advancedsettingsdialog.ui
 )
 
 kconfig_add_kcfg_files(_kleopatra_SRCS
   kcfg/tooltippreferences.kcfgc
   kcfg/emailoperationspreferences.kcfgc
   kcfg/fileoperationspreferences.kcfgc
   kcfg/smimevalidationpreferences.kcfgc
   kcfg/tagspreferences.kcfgc
   kcfg/settings.kcfgc
 )
 
 file(GLOB ICONS_SRCS "${CMAKE_CURRENT_SOURCE_DIR}/icons/*-apps-kleopatra.png")
 ecm_add_app_icon(_kleopatra_SRCS ICONS ${ICONS_SRCS})
 
 add_executable(kleopatra_bin ${_kleopatra_SRCS} ${_kleopatra_uiserver_SRCS})
 
 # For the ConfigureDialog & KCMs
 target_link_libraries(kleopatra_bin kcm_kleopatra_static)
 
 #if (COMPILE_WITH_UNITY_CMAKE_SUPPORT)
 #    set_target_properties(kleopatra_bin PROPERTIES UNITY_BUILD ON)
 #endif()
 set_target_properties(kleopatra_bin PROPERTIES OUTPUT_NAME kleopatra)
 
 if (WIN32)
   set(_kleopatra_platform_libs "secur32")
 endif ()
 
 target_link_libraries(kleopatra_bin
   Gpgmepp
   QGpgme
   ${_kleopatra_extra_libs}
   KF5::Libkleo
   KF5::Mime
   KF5::I18n
   KF5::XmlGui
   KF5::IconThemes
   KF5::WindowSystem
   KF5::CoreAddons
   KF5::ItemModels
   KF5::Crash
   Qt${QT_MAJOR_VERSION}::Network
   Qt${QT_MAJOR_VERSION}::PrintSupport # Printing secret keys
   ${_kleopatra_uiserver_extra_libs}
   ${_kleopatra_dbusaddons_libs}
   kleopatraclientcore
   ${_kleopatra_platform_libs}
 )
 
 install(TARGETS kleopatra_bin ${KDE_INSTALL_TARGETS_DEFAULT_ARGS})
 
 install(
   PROGRAMS data/org.kde.kleopatra.desktop data/kleopatra_import.desktop
   DESTINATION ${KDE_INSTALL_APPDIR}
 )
 install(FILES data/org.kde.kleopatra.appdata.xml DESTINATION ${KDE_INSTALL_METAINFODIR})
 install(
   PROGRAMS data/kleopatra_signencryptfiles.desktop
         data/kleopatra_signencryptfolders.desktop
         data/kleopatra_decryptverifyfiles.desktop
         data/kleopatra_decryptverifyfolders.desktop
   DESTINATION ${KDE_INSTALL_DATADIR}/kio/servicemenus
 )
diff --git a/src/commands/exportsecretkeycommand.cpp b/src/commands/exportsecretkeycommand.cpp
new file mode 100644
index 000000000..5beb97298
--- /dev/null
+++ b/src/commands/exportsecretkeycommand.cpp
@@ -0,0 +1,312 @@
+/* -*- mode: c++; c-basic-offset:4 -*-
+    commands/exportsecretkeycommand.cpp
+
+    This file is part of Kleopatra, the KDE keymanager
+    SPDX-FileCopyrightText: 2022 g10 Code GmbH
+    SPDX-FileContributor: Ingo Klöcker <dev@ingo-kloecker.de>
+
+    SPDX-License-Identifier: GPL-2.0-or-later
+*/
+
+#include <config-kleopatra.h>
+
+#include "exportsecretkeycommand.h"
+#include "command_p.h"
+
+#include "fileoperationspreferences.h"
+#include "utils/filedialog.h"
+
+#include <Libkleo/Classify>
+#include <Libkleo/Formatting>
+
+#include <KConfigGroup>
+#include <KLocalizedString>
+#include <KSharedConfig>
+
+#include <QGpgME/Protocol>
+#include <QGpgME/ExportJob>
+
+#include <QFileInfo>
+#include <QStandardPaths>
+
+#include <algorithm>
+#include <memory>
+#include <vector>
+
+#include <kleopatra_debug.h>
+
+using namespace Kleo;
+using namespace Kleo::Commands;
+using namespace GpgME;
+
+namespace
+{
+
+QString getLastUsedExportDirectory()
+{
+    KConfigGroup config{KSharedConfig::openConfig(), "ExportDialog"};
+    return config.readEntry("LastDirectory", QStandardPaths::writableLocation(QStandardPaths::DocumentsLocation));
+}
+
+void updateLastUsedExportDirectory(const QString &path)
+{
+    KConfigGroup config{KSharedConfig::openConfig(), "ExportDialog"};
+    config.writeEntry("LastDirectory", QFileInfo{path}.absolutePath());
+}
+
+QString openPGPCertificateFileExtension()
+{
+    return QLatin1String{outputFileExtension(Class::OpenPGP | Class::Ascii | Class::Certificate,
+                                             FileOperationsPreferences().usePGPFileExt())};
+}
+
+QString cmsCertificateFileExtension()
+{
+    return QLatin1String{outputFileExtension(Class::CMS | Class::Binary | Class::ExportedPSM,
+                                             /*usePGPFileExt=*/false)};
+}
+
+QString certificateFileExtension(GpgME::Protocol protocol)
+{
+    switch (protocol) {
+    case GpgME::OpenPGP:
+        return openPGPCertificateFileExtension();
+    case GpgME::CMS:
+        return cmsCertificateFileExtension();
+    default:
+        qCWarning(KLEOPATRA_LOG) << __func__ << "Error: Unknown protocol" << protocol;
+        return QStringLiteral("txt");
+    }
+}
+
+QString proposeFilename(const Key &key)
+{
+    QString filename;
+
+    auto name = Formatting::prettyName(key);
+    if (name.isEmpty()) {
+        name = Formatting::prettyEMail(key);
+    }
+    const auto shortKeyID = Formatting::prettyKeyID(key.shortKeyID());
+    /* Not translated so it's better to use in tutorials etc. */
+    filename = QStringView{u"%1_%2_SECRET"}.arg(name, shortKeyID);
+    filename.replace(u'/', u'_');
+
+    return getLastUsedExportDirectory() + u'/' + filename + u'.' + certificateFileExtension(key.protocol());
+}
+
+QString secretKeyFileFilters(GpgME::Protocol protocol)
+{
+    switch (protocol) {
+    case GpgME::OpenPGP:
+        return i18nc("description of filename filter", "Secret Key Files") + QLatin1String{" (*.asc *.gpg *.pgp)"};
+    case GpgME::CMS:
+        return i18nc("description of filename filter", "Secret Key Files") + QLatin1String{" (*.p12)"};
+    default:
+        qCWarning(KLEOPATRA_LOG) << __func__ << "Error: Unknown protocol" << protocol;
+        return i18nc("description of filename filter", "All Files") + QLatin1String{" (*)"};
+    }
+}
+
+QString requestFilename(const Key &key, const QString &proposedFilename, QWidget *parent)
+{
+    auto filename = FileDialog::getSaveFileNameEx(
+        parent,
+        i18nc("@title:window", "Secret Key Backup"),
+        QStringLiteral("imp"),
+        proposedFilename,
+        secretKeyFileFilters(key.protocol()));
+
+    if (!filename.isEmpty()) {
+        const QFileInfo fi{filename};
+        if (fi.suffix().isEmpty()) {
+            filename += u'.' + certificateFileExtension(key.protocol());
+        }
+        updateLastUsedExportDirectory(filename);
+    }
+
+    return filename;
+}
+
+QString errorCaption()
+{
+    return i18nc("@title:window", "Secret Key Backup Error");
+}
+
+}
+
+class ExportSecretKeyCommand::Private : public Command::Private
+{
+    friend class ::ExportSecretKeyCommand;
+    ExportSecretKeyCommand *q_func() const
+    {
+        return static_cast<ExportSecretKeyCommand *>(q);
+    }
+public:
+    explicit Private(ExportSecretKeyCommand *qq, KeyListController *c = nullptr);
+    ~Private() override;
+
+    void start();
+    void cancel();
+
+private:
+    std::unique_ptr<QGpgME::ExportJob> startExportJob(const Key &key);
+    void onExportJobResult(const Error &err, const QByteArray &keyData);
+    void showError(const Error &err);
+
+private:
+    QString filename;
+    QPointer<QGpgME::ExportJob> job;
+};
+
+ExportSecretKeyCommand::Private *ExportSecretKeyCommand::d_func()
+{
+    return static_cast<Private *>(d.get());
+}
+const ExportSecretKeyCommand::Private *ExportSecretKeyCommand::d_func() const
+{
+    return static_cast<const Private *>(d.get());
+}
+
+#define d d_func()
+#define q q_func()
+
+ExportSecretKeyCommand::Private::Private(ExportSecretKeyCommand *qq, KeyListController *c)
+    : Command::Private{qq, c}
+{
+}
+
+ExportSecretKeyCommand::Private::~Private() = default;
+
+void ExportSecretKeyCommand::Private::start()
+{
+    const Key key = this->key();
+
+    if (key.isNull()) {
+        finished();
+        return;
+    }
+
+    filename = requestFilename(key, proposeFilename(key), parentWidgetOrView());
+    if (filename.isEmpty()) {
+        canceled();
+        return;
+    }
+
+    auto exportJob = startExportJob(key);
+    if (!exportJob) {
+        finished();
+        return;
+    }
+    job = exportJob.release();
+}
+
+void ExportSecretKeyCommand::Private::cancel()
+{
+    if (job) {
+        job->slotCancel();
+    }
+    job.clear();
+}
+
+std::unique_ptr<QGpgME::ExportJob> ExportSecretKeyCommand::Private::startExportJob(const Key &key)
+{
+#ifdef QGPGME_SUPPORTS_SECRET_KEY_EXPORT
+    const bool armor = key.protocol() == GpgME::OpenPGP && filename.endsWith(u".asc", Qt::CaseInsensitive);
+    const QGpgME::Protocol *const backend = (key.protocol() == GpgME::OpenPGP) ? QGpgME::openpgp() : QGpgME::smime();
+    Q_ASSERT(backend);
+    std::unique_ptr<QGpgME::ExportJob> exportJob{backend->secretKeyExportJob(armor)};
+    Q_ASSERT(exportJob);
+
+    connect(exportJob.get(), &QGpgME::ExportJob::result,
+            q, [this](const GpgME::Error &err, const QByteArray &keyData) {
+                onExportJobResult(err, keyData);
+            });
+    connect(exportJob.get(), &QGpgME::Job::progress,
+            q, &Command::progress);
+
+    const GpgME::Error err = exportJob->start({QLatin1String{key.primaryFingerprint()}});
+    if (err) {
+        showError(err);
+        return {};
+    }
+    Q_EMIT q->info(i18nc("@info:status", "Backing up secret key..."));
+
+    return exportJob;
+#else
+    Q_UNUSED(key)
+    return {};
+#endif
+}
+
+void ExportSecretKeyCommand::Private::onExportJobResult(const Error &err, const QByteArray &keyData)
+{
+    if (err) {
+        showError(err);
+        finished();
+        return;
+    }
+
+    if (keyData.isEmpty()) {
+        error(i18nc("@info", "The result of the backup is empty. Maybe you entered an empty or a wrong passphrase."),
+              errorCaption());
+        finished();
+        return;
+    }
+
+    QFile f{filename};
+    if (!f.open(QIODevice::WriteOnly)) {
+        error(xi18nc("@info", "Cannot open file <filename>%1</filename> for writing.", filename),
+              errorCaption());
+        finished();
+        return;
+    }
+
+    const auto bytesWritten = f.write(keyData);
+    if (bytesWritten != keyData.size()) {
+        error(xi18nc("@info", "Writing key to file <filename>%1</filename> failed.", filename),
+              errorCaption());
+        finished();
+        return;
+    }
+
+    information(i18nc("@info", "The backup of the secret key was created successfully."),
+                i18nc("@title:window", "Secret Key Backup"));
+    finished();
+}
+
+void ExportSecretKeyCommand::Private::showError(const Error &err)
+{
+    error(xi18nc("@info",
+                 "<para>An error occurred during the backup of the secret key:</para>"
+                 "<para><message>%1</message></para>",
+                 QString::fromLocal8Bit(err.asString())),
+          errorCaption());
+}
+
+ExportSecretKeyCommand::ExportSecretKeyCommand(QAbstractItemView *view, KeyListController *controller)
+    : Command{view, new Private{this, controller}}
+{
+}
+
+ExportSecretKeyCommand::ExportSecretKeyCommand(const GpgME::Key &key)
+    : Command{key, new Private{this}}
+{
+}
+
+ExportSecretKeyCommand::~ExportSecretKeyCommand() = default;
+
+void ExportSecretKeyCommand::doStart()
+{
+    d->start();
+}
+
+void ExportSecretKeyCommand::doCancel()
+{
+    d->cancel();
+}
+
+#undef d
+#undef q
+
+#include "moc_exportsecretkeycommand.cpp"
diff --git a/src/commands/exportsecretkeycommand.h b/src/commands/exportsecretkeycommand.h
new file mode 100644
index 000000000..5b9d87443
--- /dev/null
+++ b/src/commands/exportsecretkeycommand.h
@@ -0,0 +1,44 @@
+/* -*- mode: c++; c-basic-offset:4 -*-
+    commands/exportsecretkeycommand.h
+
+    This file is part of Kleopatra, the KDE keymanager
+    SPDX-FileCopyrightText: 2022 g10 Code GmbH
+    SPDX-FileContributor: Ingo Klöcker <dev@ingo-kloecker.de>
+
+    SPDX-License-Identifier: GPL-2.0-or-later
+*/
+
+#pragma once
+
+#include "command.h"
+
+namespace Kleo
+{
+namespace Commands
+{
+
+class ExportSecretKeyCommand : public Command
+{
+    Q_OBJECT
+public:
+    explicit ExportSecretKeyCommand(QAbstractItemView *view, KeyListController *parent);
+    explicit ExportSecretKeyCommand(const GpgME::Key &key);
+    ~ExportSecretKeyCommand() override;
+
+    /* reimp */ static Restrictions restrictions()
+    {
+        return OnlyOneKey | NeedSecretKey;
+    }
+
+private:
+    void doStart() override;
+    void doCancel() override;
+
+private:
+    class Private;
+    inline Private *d_func();
+    inline const Private *d_func() const;
+};
+
+}
+}
diff --git a/src/newcertificatewizard/newcertificatewizard.cpp b/src/newcertificatewizard/newcertificatewizard.cpp
index a6fe28ba8..e63ef203d 100644
--- a/src/newcertificatewizard/newcertificatewizard.cpp
+++ b/src/newcertificatewizard/newcertificatewizard.cpp
@@ -1,1977 +1,1983 @@
 /* -*- mode: c++; c-basic-offset:4 -*-
     newcertificatewizard/newcertificatewizard.cpp
 
     This file is part of Kleopatra, the KDE keymanager
     SPDX-FileCopyrightText: 2008 Klarälvdalens Datakonsult AB
 
     SPDX-FileCopyrightText: 2016, 2017 Bundesamt für Sicherheit in der Informationstechnik
     SPDX-FileContributor: Intevation GmbH
 
     SPDX-License-Identifier: GPL-2.0-or-later
 */
 
 #include <config-kleopatra.h>
 
 #include "newcertificatewizard.h"
 
 #include <settings.h>
 
 #include "ui_chooseprotocolpage.h"
 #include "ui_enterdetailspage.h"
 #include "ui_keycreationpage.h"
 #include "ui_resultpage.h"
 
 #include "ui_advancedsettingsdialog.h"
 
-#include "commands/exportsecretkeycommand_old.h"
+#ifdef QGPGME_SUPPORTS_SECRET_KEY_EXPORT
+# include "commands/exportsecretkeycommand.h"
+#else
+# include "commands/exportsecretkeycommand_old.h"
+#endif
 #include "commands/exportopenpgpcertstoservercommand.h"
 #include "commands/exportcertificatecommand.h"
 
 #include "kleopatraapplication.h"
 
 #include "utils/validation.h"
 #include "utils/filedialog.h"
 #include "utils/keyparameters.h"
 #include "utils/userinfo.h"
 
 #include <Libkleo/Compat>
 #include <Libkleo/GnuPG>
 #include <Libkleo/Stl_Util>
 #include <Libkleo/Dn>
 #include <Libkleo/OidMap>
 #include <Libkleo/KeyCache>
 #include <Libkleo/Formatting>
 
 #include <QGpgME/KeyGenerationJob>
 #include <QGpgME/Protocol>
 #include <QGpgME/CryptoConfig>
 
 #include <gpgme++/global.h>
 #include <gpgme++/keygenerationresult.h>
 #include <gpgme++/context.h>
 #include <gpgme++/interfaces/passphraseprovider.h>
 
 #include <KConfigGroup>
 #include <KLocalizedString>
 #include "kleopatra_debug.h"
 #include <QTemporaryDir>
 #include <KMessageBox>
 #include <QIcon>
 
 #include <QRegExpValidator>
 #include <QLineEdit>
 #include <QMetaProperty>
 #include <QDir>
 #include <QFile>
 #include <QUrl>
 #include <QDesktopServices>
 #include <QUrlQuery>
 
 #include <algorithm>
 
 #include <KSharedConfig>
 #include <QLocale>
 
 using namespace Kleo;
 using namespace Kleo::NewCertificateUi;
 using namespace Kleo::Commands;
 using namespace GpgME;
+#ifndef QGPGME_SUPPORTS_SECRET_KEY_EXPORT
 using Kleo::Commands::Compat::ExportSecretKeyCommand;
+#endif
 
 static const char RSA_KEYSIZES_ENTRY[] = "RSAKeySizes";
 static const char DSA_KEYSIZES_ENTRY[] = "DSAKeySizes";
 static const char ELG_KEYSIZES_ENTRY[] = "ELGKeySizes";
 
 static const char RSA_KEYSIZE_LABELS_ENTRY[] = "RSAKeySizeLabels";
 static const char DSA_KEYSIZE_LABELS_ENTRY[] = "DSAKeySizeLabels";
 static const char ELG_KEYSIZE_LABELS_ENTRY[] = "ELGKeySizeLabels";
 
 static const char PGP_KEY_TYPE_ENTRY[] = "PGPKeyType";
 static const char CMS_KEY_TYPE_ENTRY[] = "CMSKeyType";
 
 // This should come from gpgme in the future
 // For now we only support the basic 2.1 curves and check
 // for GnuPG 2.1. The whole subkey / usage generation needs
 // new api and a reworked dialog. (ah 10.3.16)
 // EDDSA should be supported, too.
 static const QStringList curveNames {
     { QStringLiteral("brainpoolP256r1") },
     { QStringLiteral("brainpoolP384r1") },
     { QStringLiteral("brainpoolP512r1") },
     { QStringLiteral("NIST P-256") },
     { QStringLiteral("NIST P-384") },
     { QStringLiteral("NIST P-521") },
 };
 
 namespace
 {
 
 class EmptyPassphraseProvider: public PassphraseProvider
 {
 public:
     char *getPassphrase(const char * /*useridHint*/, const char * /*description*/,
                         bool /*previousWasBad*/, bool &/*canceled*/) Q_DECL_OVERRIDE
     {
         return gpgrt_strdup ("");
     }
 };
 
 static void set_tab_order(const QList<QWidget *> &wl)
 {
     kdtools::for_each_adjacent_pair(wl.begin(), wl.end(), &QWidget::setTabOrder);
 }
 
 enum KeyAlgo { RSA, DSA, ELG, ECDSA, ECDH, EDDSA };
 
 static bool is_algo(Subkey::PubkeyAlgo algo, KeyAlgo what)
 {
     switch (algo) {
         case Subkey::AlgoRSA:
         case Subkey::AlgoRSA_E:
         case Subkey::AlgoRSA_S:
             return what == RSA;
         case Subkey::AlgoELG_E:
         case Subkey::AlgoELG:
             return what == ELG;
         case Subkey::AlgoDSA:
             return what == DSA;
         case Subkey::AlgoECDSA:
             return what == ECDSA;
         case Subkey::AlgoECDH:
             return what == ECDH;
         case Subkey::AlgoEDDSA:
             return what == EDDSA;
         default:
             break;
     }
     return false;
 }
 
 static bool is_rsa(unsigned int algo)
 {
     return is_algo(static_cast<Subkey::PubkeyAlgo>(algo), RSA);
 }
 
 static bool is_dsa(unsigned int algo)
 {
     return is_algo(static_cast<Subkey::PubkeyAlgo>(algo), DSA);
 }
 
 static bool is_elg(unsigned int algo)
 {
     return is_algo(static_cast<Subkey::PubkeyAlgo>(algo), ELG);
 }
 
 static bool is_ecdsa(unsigned int algo)
 {
     return is_algo(static_cast<Subkey::PubkeyAlgo>(algo), ECDSA);
 }
 
 static bool is_eddsa(unsigned int algo)
 {
     return is_algo(static_cast<Subkey::PubkeyAlgo>(algo), EDDSA);
 }
 
 static bool is_ecdh(unsigned int algo)
 {
     return is_algo(static_cast<Subkey::PubkeyAlgo>(algo), ECDH);
 }
 
 static void force_set_checked(QAbstractButton *b, bool on)
 {
     // work around Qt bug (tested: 4.1.4, 4.2.3, 4.3.4)
     const bool autoExclusive = b->autoExclusive();
     b->setAutoExclusive(false);
     b->setChecked(b->isEnabled() && on);
     b->setAutoExclusive(autoExclusive);
 }
 
 static void set_keysize(QComboBox *cb, unsigned int strength)
 {
     if (!cb) {
         return;
     }
     const int idx = cb->findData(static_cast<int>(strength));
     cb->setCurrentIndex(idx);
 }
 
 static unsigned int get_keysize(const QComboBox *cb)
 {
     if (!cb) {
         return 0;
     }
     const int idx = cb->currentIndex();
     if (idx < 0) {
         return 0;
     }
     return cb->itemData(idx).toInt();
 }
 
 static void set_curve(QComboBox *cb, const QString &curve)
 {
     if (!cb) {
         return;
     }
     const int idx = cb->findText(curve, Qt::MatchFixedString);
     if (idx < 0) {
         // Can't happen as we don't have them configurable.
         qCWarning(KLEOPATRA_LOG) << "curve " << curve << " not allowed";
     }
     cb->setCurrentIndex(idx);
 }
 
 static QString get_curve(const QComboBox *cb)
 {
     if (!cb) {
         return QString();
     }
     return cb->currentText();
 }
 
 // Extract the algo information from default_pubkey_algo format
 //
 // and put it into the return values size, algo and curve.
 //
 // Values look like:
 // RSA-2048
 // rsa2048/cert,sign+rsa2048/enc
 // brainpoolP256r1+brainpoolP256r1
 static void parseAlgoString(const QString &algoString, int *size, Subkey::PubkeyAlgo *algo, QString &curve)
 {
     const auto split = algoString.split(QLatin1Char('/'));
     bool isEncrypt = split.size() == 2 && split[1].contains(QLatin1String("enc"));
 
     // Normalize
     const auto lowered = split[0].toLower().remove(QLatin1Char('-'));
     if (!algo || !size) {
         return;
     }
     *algo = Subkey::AlgoUnknown;
     if (lowered.startsWith(QLatin1String("rsa"))) {
         *algo = Subkey::AlgoRSA;
     } else if (lowered.startsWith(QLatin1String("dsa"))) {
         *algo = Subkey::AlgoDSA;
     } else if (lowered.startsWith(QLatin1String("elg"))) {
         *algo = Subkey::AlgoELG;
     }
 
     if (*algo != Subkey::AlgoUnknown) {
         bool ok;
         *size = lowered.rightRef(lowered.size() - 3).toInt(&ok);
         if (!ok) {
             qCWarning(KLEOPATRA_LOG) << "Could not extract size from: " << lowered;
             *size = 3072;
         }
         return;
     }
 
     // Now the ECC Algorithms
     if (lowered.startsWith(QLatin1String("ed25519"))) {
         // Special handling for this as technically
         // this is a cv25519 curve used for EDDSA
         if (isEncrypt) {
             curve = QLatin1String("cv25519");
             *algo = Subkey::AlgoECDH;
         } else {
             curve = split[0];
             *algo = Subkey::AlgoEDDSA;
         }
         return;
     }
 
     if (lowered.startsWith(QLatin1String("cv25519")) ||
         lowered.startsWith(QLatin1String("nist")) ||
         lowered.startsWith(QLatin1String("brainpool")) ||
         lowered.startsWith(QLatin1String("secp"))) {
         curve = split[0];
         *algo = isEncrypt ? Subkey::AlgoECDH : Subkey::AlgoECDSA;
         return;
     }
 
     qCWarning(KLEOPATRA_LOG) << "Failed to parse default_pubkey_algo:" << algoString;
 }
 
 enum class OnUnlimitedValidity {
     ReturnInvalidDate,
     ReturnInternalDefault
 };
 QDate defaultExpirationDate(OnUnlimitedValidity onUnlimitedValidity)
 {
     QDate expirationDate{};
 
     const auto settings = Kleo::Settings{};
     const auto defaultExpirationInDays = settings.validityPeriodInDays();
     if (defaultExpirationInDays > 0) {
         expirationDate = QDate::currentDate().addDays(defaultExpirationInDays);
     } else if (defaultExpirationInDays < 0 || onUnlimitedValidity == OnUnlimitedValidity::ReturnInternalDefault) {
         expirationDate = QDate::currentDate().addYears(2);
     }
 
     return expirationDate;
 }
 
 }
 
 Q_DECLARE_METATYPE(GpgME::Subkey::PubkeyAlgo)
 namespace Kleo
 {
 namespace NewCertificateUi
 {
 class WizardPage : public QWizardPage
 {
     Q_OBJECT
 protected:
     explicit WizardPage(QWidget *parent = nullptr)
         : QWizardPage(parent) {}
 
     NewCertificateWizard *wizard() const
     {
         Q_ASSERT(static_cast<NewCertificateWizard *>(QWizardPage::wizard()) == qobject_cast<NewCertificateWizard *>(QWizardPage::wizard()));
         return static_cast<NewCertificateWizard *>(QWizardPage::wizard());
     }
 
     QAbstractButton *button(QWizard::WizardButton button) const
     {
         return QWizardPage::wizard() ? QWizardPage::wizard()->button(button) : nullptr;
     }
 
     bool isButtonVisible(QWizard::WizardButton button) const
     {
         if (const QAbstractButton *const b = this->button(button)) {
             return b->isVisible();
         } else {
             return false;
         }
     }
 
     QDir tmpDir() const;
 
 protected Q_SLOTS:
     void setButtonVisible(QWizard::WizardButton button, bool visible)
     {
         if (QAbstractButton *const b = this->button(button)) {
             b->setVisible(visible);
         }
     }
 
 protected:
 #define FIELD(type, name) type name() const { return field( QStringLiteral(#name) ).value<type>(); }
     FIELD(bool, pgp)
     FIELD(bool, signingAllowed)
     FIELD(bool, encryptionAllowed)
     FIELD(bool, certificationAllowed)
     FIELD(bool, authenticationAllowed)
 
     FIELD(QString, name)
     FIELD(QString, email)
     FIELD(QString, dn)
     FIELD(bool, protectedKey)
 
     FIELD(Subkey::PubkeyAlgo, keyType)
     FIELD(int, keyStrength)
     FIELD(QString, keyCurve)
 
     FIELD(Subkey::PubkeyAlgo, subkeyType)
     FIELD(int, subkeyStrength)
     FIELD(QString, subkeyCurve)
 
     FIELD(QDate, expiryDate)
 
     FIELD(QStringList, additionalUserIDs)
     FIELD(QStringList, additionalEMailAddresses)
     FIELD(QStringList, dnsNames)
     FIELD(QStringList, uris)
 
     FIELD(QString, url)
     FIELD(QString, error)
     FIELD(QString, result)
     FIELD(QString, fingerprint)
 #undef FIELD
 };
 } // namespace NewCertificateUi
 } // namespace Kleo
 
 using namespace Kleo::NewCertificateUi;
 
 namespace
 {
 
 class AdvancedSettingsDialog : public QDialog
 {
     Q_OBJECT
     Q_PROPERTY(QStringList additionalUserIDs READ additionalUserIDs WRITE setAdditionalUserIDs)
     Q_PROPERTY(QStringList additionalEMailAddresses READ additionalEMailAddresses WRITE setAdditionalEMailAddresses)
     Q_PROPERTY(QStringList dnsNames READ dnsNames WRITE setDnsNames)
     Q_PROPERTY(QStringList uris READ uris WRITE setUris)
     Q_PROPERTY(uint keyStrength READ keyStrength WRITE setKeyStrength)
     Q_PROPERTY(Subkey::PubkeyAlgo keyType READ keyType WRITE setKeyType)
     Q_PROPERTY(QString keyCurve READ keyCurve WRITE setKeyCurve)
     Q_PROPERTY(uint subkeyStrength READ subkeyStrength WRITE setSubkeyStrength)
     Q_PROPERTY(QString subkeyCurve READ subkeyCurve WRITE setSubkeyCurve)
     Q_PROPERTY(Subkey::PubkeyAlgo subkeyType READ subkeyType WRITE setSubkeyType)
     Q_PROPERTY(bool signingAllowed READ signingAllowed WRITE setSigningAllowed)
     Q_PROPERTY(bool encryptionAllowed READ encryptionAllowed WRITE setEncryptionAllowed)
     Q_PROPERTY(bool certificationAllowed READ certificationAllowed WRITE setCertificationAllowed)
     Q_PROPERTY(bool authenticationAllowed READ authenticationAllowed WRITE setAuthenticationAllowed)
     Q_PROPERTY(QDate expiryDate READ expiryDate WRITE setExpiryDate)
 public:
     explicit AdvancedSettingsDialog(QWidget *parent = nullptr)
         : QDialog(parent),
           protocol(UnknownProtocol),
           pgpDefaultAlgorithm(Subkey::AlgoELG_E),
           cmsDefaultAlgorithm(Subkey::AlgoRSA),
           keyTypeImmutable(false),
           ui(),
           mECCSupported(engineIsVersion(2, 1, 0)),
           mEdDSASupported(engineIsVersion(2, 1, 15))
     {
         qRegisterMetaType<Subkey::PubkeyAlgo>("Subkey::PubkeyAlgo");
         ui.setupUi(this);
         ui.expiryDE->setMinimumDate(QDate::currentDate());
         ui.emailLW->setDefaultValue(i18n("new email"));
         ui.dnsLW->setDefaultValue(i18n("new dns name"));
         ui.uriLW->setDefaultValue(i18n("new uri"));
 
         fillKeySizeComboBoxen();
 
         connect(ui.expiryCB, &QAbstractButton::toggled,
                 this, [this](bool checked) {
                     ui.expiryDE->setEnabled(checked);
                     if (checked && !ui.expiryDE->isValid()) {
                         ui.expiryDE->setDate(defaultExpirationDate(OnUnlimitedValidity::ReturnInternalDefault));
                     }
                 });
     }
 
     void setProtocol(GpgME::Protocol proto)
     {
         if (protocol == proto) {
             return;
         }
         protocol = proto;
         loadDefaults();
     }
 
     void setAdditionalUserIDs(const QStringList &items)
     {
         ui.uidLW->setItems(items);
     }
     QStringList additionalUserIDs() const
     {
         return ui.uidLW->items();
     }
 
     void setAdditionalEMailAddresses(const QStringList &items)
     {
         ui.emailLW->setItems(items);
     }
     QStringList additionalEMailAddresses() const
     {
         return ui.emailLW->items();
     }
 
     void setDnsNames(const QStringList &items)
     {
         ui.dnsLW->setItems(items);
     }
     QStringList dnsNames() const
     {
         return ui.dnsLW->items();
     }
 
     void setUris(const QStringList &items)
     {
         ui.uriLW->setItems(items);
     }
     QStringList uris() const
     {
         return ui.uriLW->items();
     }
 
     void setKeyStrength(unsigned int strength)
     {
         set_keysize(ui.rsaKeyStrengthCB, strength);
         set_keysize(ui.dsaKeyStrengthCB, strength);
     }
     unsigned int keyStrength() const
     {
         return
             ui.dsaRB->isChecked() ? get_keysize(ui.dsaKeyStrengthCB) :
             ui.rsaRB->isChecked() ? get_keysize(ui.rsaKeyStrengthCB) : 0;
     }
 
     void setKeyType(Subkey::PubkeyAlgo algo)
     {
         QRadioButton *const rb =
             is_rsa(algo) ? ui.rsaRB :
             is_dsa(algo) ? ui.dsaRB :
             is_ecdsa(algo) || is_eddsa(algo) ? ui.ecdsaRB : nullptr;
         if (rb) {
             rb->setChecked(true);
         }
     }
     Subkey::PubkeyAlgo keyType() const
     {
         return
             ui.dsaRB->isChecked() ? Subkey::AlgoDSA :
             ui.rsaRB->isChecked() ? Subkey::AlgoRSA :
             ui.ecdsaRB->isChecked() ?
                 ui.ecdsaKeyCurvesCB->currentText() == QLatin1String("ed25519") ? Subkey::AlgoEDDSA :
                 Subkey::AlgoECDSA :
             Subkey::AlgoUnknown;
     }
 
     void setKeyCurve(const QString &curve)
     {
         set_curve(ui.ecdsaKeyCurvesCB, curve);
     }
 
     QString keyCurve() const
     {
         return get_curve(ui.ecdsaKeyCurvesCB);
     }
 
     void setSubkeyType(Subkey::PubkeyAlgo algo)
     {
         ui.elgCB->setChecked(is_elg(algo));
         ui.rsaSubCB->setChecked(is_rsa(algo));
         ui.ecdhCB->setChecked(is_ecdh(algo));
     }
     Subkey::PubkeyAlgo subkeyType() const
     {
         if (ui.elgCB->isChecked()) {
             return Subkey::AlgoELG_E;
         } else if (ui.rsaSubCB->isChecked()) {
             return Subkey::AlgoRSA;
         } else if (ui.ecdhCB->isChecked()) {
             return Subkey::AlgoECDH;
         }
         return Subkey::AlgoUnknown;
     }
 
     void setSubkeyCurve(const QString &curve)
     {
         set_curve(ui.ecdhKeyCurvesCB, curve);
     }
 
     QString subkeyCurve() const
     {
         return get_curve(ui.ecdhKeyCurvesCB);
     }
 
     void setSubkeyStrength(unsigned int strength)
     {
         if (subkeyType() == Subkey::AlgoRSA) {
             set_keysize(ui.rsaKeyStrengthSubCB, strength);
         } else {
             set_keysize(ui.elgKeyStrengthCB, strength);
         }
     }
     unsigned int subkeyStrength() const
     {
         if (subkeyType() == Subkey::AlgoRSA) {
             return get_keysize(ui.rsaKeyStrengthSubCB);
         }
         return get_keysize(ui.elgKeyStrengthCB);
     }
 
     void setSigningAllowed(bool on)
     {
         ui.signingCB->setChecked(on);
     }
     bool signingAllowed() const
     {
         return ui.signingCB->isChecked();
     }
 
     void setEncryptionAllowed(bool on)
     {
         ui.encryptionCB->setChecked(on);
     }
     bool encryptionAllowed() const
     {
         return ui.encryptionCB->isChecked();
     }
 
     void setCertificationAllowed(bool on)
     {
         ui.certificationCB->setChecked(on);
     }
     bool certificationAllowed() const
     {
         return ui.certificationCB->isChecked();
     }
 
     void setAuthenticationAllowed(bool on)
     {
         ui.authenticationCB->setChecked(on);
     }
     bool authenticationAllowed() const
     {
         return ui.authenticationCB->isChecked();
     }
 
     void setExpiryDate(QDate date)
     {
         ui.expiryDE->setDate(date);
         ui.expiryCB->setChecked(ui.expiryDE->isValid());
     }
     QDate expiryDate() const
     {
         return ui.expiryCB->isChecked() ? ui.expiryDE->date() : QDate();
     }
 
 Q_SIGNALS:
     void changed();
 
 private Q_SLOTS:
     void slotKeyMaterialSelectionChanged()
     {
         const unsigned int algo = keyType();
         const unsigned int sk_algo = subkeyType();
 
         if (protocol == OpenPGP) {
             if (!keyTypeImmutable) {
                 ui.elgCB->setEnabled(is_dsa(algo));
                 ui.rsaSubCB->setEnabled(is_rsa(algo));
                 ui.ecdhCB->setEnabled(is_ecdsa(algo) || is_eddsa(algo));
                 if (sender() == ui.dsaRB || sender() == ui.rsaRB || sender() == ui.ecdsaRB) {
                     ui.elgCB->setChecked(is_dsa(algo));
                     ui.ecdhCB->setChecked(is_ecdsa(algo) || is_eddsa(algo));
                     ui.rsaSubCB->setChecked(is_rsa(algo));
                 }
                 if (is_rsa(algo)) {
                     ui.encryptionCB->setEnabled(true);
                     ui.encryptionCB->setChecked(true);
                     ui.signingCB->setEnabled(true);
                     ui.signingCB->setChecked(true);
                     ui.authenticationCB->setEnabled(true);
                     if (is_rsa(sk_algo)) {
                         ui.encryptionCB->setEnabled(false);
                         ui.encryptionCB->setChecked(true);
                     } else {
                         ui.encryptionCB->setEnabled(true);
                     }
                 } else if (is_dsa(algo)) {
                     ui.encryptionCB->setEnabled(false);
                     if (is_elg(sk_algo)) {
                         ui.encryptionCB->setChecked(true);
                     } else {
                         ui.encryptionCB->setChecked(false);
                     }
                 } else if (is_ecdsa(algo) || is_eddsa(algo)) {
                     ui.signingCB->setEnabled(true);
                     ui.signingCB->setChecked(true);
                     ui.authenticationCB->setEnabled(true);
                     ui.encryptionCB->setEnabled(false);
                     ui.encryptionCB->setChecked(is_ecdh(sk_algo));
                 }
             }
         } else {
             //assert( is_rsa( keyType() ) ); // it can happen through misconfiguration by the admin that no key type is selectable at all
         }
     }
 
     void slotSigningAllowedToggled(bool on)
     {
         if (!on && protocol == CMS && !encryptionAllowed()) {
             setEncryptionAllowed(true);
         }
     }
     void slotEncryptionAllowedToggled(bool on)
     {
         if (!on && protocol == CMS && !signingAllowed()) {
             setSigningAllowed(true);
         }
     }
 
 private:
     void fillKeySizeComboBoxen();
     void loadDefaultKeyType();
     void loadDefaultExpiration();
     void loadDefaultGnuPGKeyType();
     void loadDefaults();
     void updateWidgetVisibility();
 
 private:
     GpgME::Protocol protocol;
     unsigned int pgpDefaultAlgorithm;
     unsigned int cmsDefaultAlgorithm;
     bool keyTypeImmutable;
     Ui_AdvancedSettingsDialog ui;
     bool mECCSupported;
     bool mEdDSASupported;
 };
 
 class ChooseProtocolPage : public WizardPage
 {
     Q_OBJECT
 public:
     explicit ChooseProtocolPage(QWidget *p = nullptr)
         : WizardPage(p),
           initialized(false),
           ui()
     {
         ui.setupUi(this);
         registerField(QStringLiteral("pgp"), ui.pgpCLB);
     }
 
     void setProtocol(Protocol proto)
     {
         if (proto == OpenPGP) {
             ui.pgpCLB->setChecked(true);
         } else if (proto == CMS) {
             ui.x509CLB->setChecked(true);
         } else {
             force_set_checked(ui.pgpCLB,  false);
             force_set_checked(ui.x509CLB, false);
         }
     }
 
     Protocol protocol() const
     {
         return
             ui.pgpCLB->isChecked()  ? OpenPGP :
             ui.x509CLB->isChecked() ? CMS : UnknownProtocol;
     }
 
     void initializePage() override {
         if (!initialized)
         {
             connect(ui.pgpCLB,  &QAbstractButton::clicked, wizard(), &QWizard::next, Qt::QueuedConnection);
             connect(ui.x509CLB, &QAbstractButton::clicked, wizard(), &QWizard::next, Qt::QueuedConnection);
         }
         initialized = true;
     }
 
     bool isComplete() const override
     {
         return protocol() != UnknownProtocol;
     }
 
 private:
     bool initialized : 1;
     Ui_ChooseProtocolPage ui;
 };
 
 struct Line {
     QString attr;
     QString label;
     QString regex;
     QLineEdit *edit;
 };
 
 class EnterDetailsPage : public WizardPage
 {
     Q_OBJECT
 public:
     explicit EnterDetailsPage(QWidget *p = nullptr)
         : WizardPage(p), dialog(this), ui()
     {
         ui.setupUi(this);
 
         // set errorLB to have a fixed height of two lines:
         ui.errorLB->setText(QStringLiteral("2<br>1"));
         ui.errorLB->setFixedHeight(ui.errorLB->minimumSizeHint().height());
         ui.errorLB->clear();
 
         connect(ui.resultLE, &QLineEdit::textChanged,
                 this, &QWizardPage::completeChanged);
         // The email doesn't necessarily show up in ui.resultLE:
         connect(ui.emailLE, &QLineEdit::textChanged,
                 this, &QWizardPage::completeChanged);
         registerDialogPropertiesAsFields();
         registerField(QStringLiteral("dn"), ui.resultLE);
         registerField(QStringLiteral("name"), ui.nameLE);
         registerField(QStringLiteral("email"), ui.emailLE);
         registerField(QStringLiteral("protectedKey"), ui.withPassCB);
         updateForm();
         setCommitPage(true);
         setButtonText(QWizard::CommitButton, i18nc("@action", "Create"));
 
         const auto conf = QGpgME::cryptoConfig();
         if (!conf) {
             qCWarning(KLEOPATRA_LOG) << "Failed to obtain cryptoConfig.";
             return;
         }
         const auto entry = getCryptoConfigEntry(conf, "gpg-agent", "enforce-passphrase-constraints");
         if (entry && entry->boolValue()) {
             qCDebug(KLEOPATRA_LOG) << "Disabling passphrace cb because of agent config.";
             ui.withPassCB->setEnabled(false);
             ui.withPassCB->setChecked(true);
         } else {
             const KConfigGroup config(KSharedConfig::openConfig(), "CertificateCreationWizard");
             ui.withPassCB->setChecked(config.readEntry("WithPassphrase", false));
             ui.withPassCB->setEnabled(!config.isEntryImmutable("WithPassphrase"));
         }
     }
 
     bool isComplete() const override;
     void initializePage() override {
         updateForm();
         dialog.setProtocol(pgp() ? OpenPGP : CMS);
     }
     void cleanupPage() override {
         saveValues();
     }
 
 private:
     void updateForm();
     void clearForm();
     void saveValues();
     void registerDialogPropertiesAsFields();
 
 private:
     QString pgpUserID() const;
     QString cmsDN() const;
 
 private Q_SLOTS:
     void slotAdvancedSettingsClicked();
     void slotUpdateResultLabel()
     {
         ui.resultLE->setText(pgp() ? pgpUserID() : cmsDN());
         ui.withPassCB->setVisible(pgp());
     }
 
 private:
     QVector<Line> lineList;
     QList<QWidget *> dynamicWidgets;
     QMap<QString, QString> savedValues;
     AdvancedSettingsDialog dialog;
     Ui_EnterDetailsPage ui;
 };
 
 class KeyCreationPage : public WizardPage
 {
     Q_OBJECT
 public:
     explicit KeyCreationPage(QWidget *p = nullptr)
         : WizardPage(p),
           ui()
     {
         ui.setupUi(this);
     }
 
     bool isComplete() const override
     {
         return !job;
     }
 
     void initializePage() override {
         startJob();
     }
 
 private:
     void startJob()
     {
         const auto proto = pgp() ? QGpgME::openpgp() : QGpgME::smime();
         if (!proto) {
             return;
         }
         QGpgME::KeyGenerationJob *const j = proto->keyGenerationJob();
         if (!j) {
             return;
         }
         if (!protectedKey() && pgp()) {
             auto ctx = QGpgME::Job::context(j);
             ctx->setPassphraseProvider(&mEmptyPWProvider);
             ctx->setPinentryMode(Context::PinentryLoopback);
         }
         connect(j, &QGpgME::KeyGenerationJob::result,
                 this, &KeyCreationPage::slotResult);
         if (const Error err = j->start(createGnupgKeyParms()))
             setField(QStringLiteral("error"), i18n("Could not start key pair creation: %1",
                                                    QString::fromLocal8Bit(err.asString())));
         else {
             job = j;
         }
     }
     QStringList keyUsages() const;
     QStringList subkeyUsages() const;
     QString createGnupgKeyParms() const;
     EmptyPassphraseProvider mEmptyPWProvider;
 
 private Q_SLOTS:
     void slotResult(const GpgME::KeyGenerationResult &result, const QByteArray &request, const QString &auditLog)
     {
         Q_UNUSED(auditLog)
         if (result.error().code() || (pgp() && !result.fingerprint())) {
             setField(QStringLiteral("error"), result.error().isCanceled()
                      ? i18n("Operation canceled.")
                      : i18n("Could not create key pair: %1",
                             QString::fromLocal8Bit(result.error().asString())));
             setField(QStringLiteral("url"), QString());
             setField(QStringLiteral("result"), QString());
         } else if (pgp()) {
             setField(QStringLiteral("error"), QString());
             setField(QStringLiteral("url"), QString());
             setField(QStringLiteral("result"), i18n("Key pair created successfully.\n"
                                                     "Fingerprint: %1", QLatin1String(result.fingerprint())));
         } else {
             QFile file(tmpDir().absoluteFilePath(QStringLiteral("request.p10")));
 
             if (!file.open(QIODevice::WriteOnly)) {
                 setField(QStringLiteral("error"), i18n("Could not write output file %1: %2",
                                                        file.fileName(), file.errorString()));
                 setField(QStringLiteral("url"), QString());
                 setField(QStringLiteral("result"), QString());
             } else {
                 file.write(request);
                 setField(QStringLiteral("error"), QString());
                 setField(QStringLiteral("url"), QUrl::fromLocalFile(file.fileName()).toString());
                 setField(QStringLiteral("result"), i18n("Key pair created successfully."));
             }
         }
         // Ensure that we have the key in the keycache
         if (pgp() && !result.error().code() && result.fingerprint()) {
             auto ctx = Context::createForProtocol(OpenPGP);
             if (ctx) {
                 // Check is pretty useless something very buggy in that case.
                 Error e;
                 const auto key = ctx->key(result.fingerprint(), e, true);
                 if (!key.isNull()) {
                     KeyCache::mutableInstance()->insert(key);
                 } else {
                     qCDebug(KLEOPATRA_LOG) << "Failed to find newly generated key.";
                 }
                 delete ctx;
             }
         }
         setField(QStringLiteral("fingerprint"), result.fingerprint() ?
                  QString::fromLatin1(result.fingerprint()) : QString());
         job = nullptr;
         Q_EMIT completeChanged();
         const KConfigGroup config(KSharedConfig::openConfig(), "CertificateCreationWizard");
         if (config.readEntry("SkipResultPage", false)) {
             if (result.fingerprint()) {
                 KleopatraApplication::instance()->slotActivateRequested(QStringList() <<
                        QStringLiteral("kleopatra") << QStringLiteral("--query") << QLatin1String(result.fingerprint()), QString());
                 QMetaObject::invokeMethod(wizard(), "close", Qt::QueuedConnection);
             } else {
                 QMetaObject::invokeMethod(wizard(), "next", Qt::QueuedConnection);
             }
         } else {
             QMetaObject::invokeMethod(wizard(), "next", Qt::QueuedConnection);
         }
     }
 
 private:
     QPointer<QGpgME::KeyGenerationJob> job;
     Ui_KeyCreationPage ui;
 };
 
 class ResultPage : public WizardPage
 {
     Q_OBJECT
 public:
     explicit ResultPage(QWidget *p = nullptr)
         : WizardPage(p),
           initialized(false),
           successfullyCreatedSigningCertificate(false),
           successfullyCreatedEncryptionCertificate(false),
           ui()
     {
         ui.setupUi(this);
         ui.dragQueen->setPixmap(QIcon::fromTheme(QStringLiteral("kleopatra")).pixmap(64, 64));
         registerField(QStringLiteral("error"),  ui.errorTB,   "plainText");
         registerField(QStringLiteral("result"), ui.resultTB,  "plainText");
         registerField(QStringLiteral("url"),    ui.dragQueen, "url");
         // hidden field, since QWizard can't deal with non-widget-backed fields...
         auto le = new QLineEdit(this);
         le->hide();
         registerField(QStringLiteral("fingerprint"), le);
     }
 
     void initializePage() override {
         const bool error = isError();
 
         if (error)
         {
             setTitle(i18nc("@title", "Key Creation Failed"));
             setSubTitle(i18n("Key pair creation failed. Please find details about the failure below."));
         } else {
             setTitle(i18nc("@title", "Key Pair Successfully Created"));
             setSubTitle(i18n("Your new key pair was created successfully. Please find details on the result and some suggested next steps below."));
         }
 
         ui.resultTB                 ->setVisible(!error);
         ui.errorTB                  ->setVisible(error);
         ui.dragQueen                ->setVisible(!error &&!pgp());
         ui.restartWizardPB          ->setVisible(error);
         ui.nextStepsGB              ->setVisible(!error);
         ui.saveRequestToFilePB      ->setVisible(!pgp());
         ui.makeBackupPB             ->setVisible(pgp());
         ui.createRevocationRequestPB->setVisible(pgp() &&false);     // not implemented
 
         ui.sendCertificateByEMailPB ->setVisible(pgp());
         ui.sendRequestByEMailPB     ->setVisible(!pgp());
         ui.uploadToKeyserverPB      ->setVisible(pgp());
 
         if (!error && !pgp())
         {
             if (signingAllowed() && !encryptionAllowed()) {
                 successfullyCreatedSigningCertificate = true;
             } else if (!signingAllowed() && encryptionAllowed()) {
                 successfullyCreatedEncryptionCertificate = true;
             } else {
                 successfullyCreatedEncryptionCertificate = successfullyCreatedSigningCertificate = true;
             }
         }
 
         ui.createSigningCertificatePB->setVisible(successfullyCreatedEncryptionCertificate &&!successfullyCreatedSigningCertificate);
         ui.createEncryptionCertificatePB->setVisible(successfullyCreatedSigningCertificate &&!successfullyCreatedEncryptionCertificate);
 
         setButtonVisible(QWizard::CancelButton, error);
 
         if (!initialized)
             connect(ui.restartWizardPB, &QAbstractButton::clicked,
                     wizard(), &QWizard::restart);
         initialized = true;
     }
 
     void cleanupPage() override {
         setButtonVisible(QWizard::CancelButton, true);
     }
 
     bool isError() const
     {
         return !ui.errorTB->document()->isEmpty();
     }
 
     bool isComplete() const override
     {
         return !isError();
     }
 
 private:
     Key key() const
     {
         return KeyCache::instance()->findByFingerprint(fingerprint().toLatin1().constData());
     }
 
 private Q_SLOTS:
     void slotSaveRequestToFile()
     {
         QString fileName = FileDialog::getSaveFileName(this, i18nc("@title", "Save Request"),
                            QStringLiteral("imp"), i18n("PKCS#10 Requests (*.p10)"));
         if (fileName.isEmpty()) {
             return;
         }
         if (!fileName.endsWith(QLatin1String(".p10"), Qt::CaseInsensitive)) {
             fileName += QLatin1String(".p10");
         }
         QFile src(QUrl(url()).toLocalFile());
         if (!src.copy(fileName))
             KMessageBox::error(this,
                                xi18nc("@info",
                                       "Could not copy temporary file <filename>%1</filename> "
                                       "to file <filename>%2</filename>: <message>%3</message>",
                                       src.fileName(), fileName, src.errorString()),
                                i18nc("@title", "Error Saving Request"));
         else
             KMessageBox::information(this,
                                      xi18nc("@info",
                                             "<para>Successfully wrote request to <filename>%1</filename>.</para>"
                                             "<para>You should now send the request to the Certification Authority (CA).</para>",
                                             fileName),
                                      i18nc("@title", "Request Saved"));
     }
 
     void slotSendRequestByEMail()
     {
         if (pgp()) {
             return;
         }
         const KConfigGroup config(KSharedConfig::openConfig(), "CertificateCreationWizard");
         invokeMailer(config.readEntry("CAEmailAddress"),    // to
                      i18n("Please process this certificate."), // subject
                      i18n("Please process this certificate and inform the sender about the location to fetch the resulting certificate.\n\nThanks,\n"), // body
                      QUrl(url()).toLocalFile());    // attachment
     }
 
     void slotSendCertificateByEMail()
     {
         if (!pgp() || exportCertificateCommand) {
             return;
         }
         auto cmd = new ExportCertificateCommand(key());
         connect(cmd, &ExportCertificateCommand::finished, this, &ResultPage::slotSendCertificateByEMailContinuation);
         cmd->setOpenPGPFileName(tmpDir().absoluteFilePath(fingerprint() + QLatin1String(".asc")));
         cmd->start();
         exportCertificateCommand = cmd;
     }
 
     void slotSendCertificateByEMailContinuation()
     {
         if (!exportCertificateCommand) {
             return;
         }
         // ### better error handling?
         const QString fileName = exportCertificateCommand->openPGPFileName();
         qCDebug(KLEOPATRA_LOG) << "fileName" << fileName;
         exportCertificateCommand = nullptr;
         if (fileName.isEmpty()) {
             return;
         }
         invokeMailer(QString(),  // to
                      i18n("My new public OpenPGP key"), // subject
                      i18n("Please find attached my new public OpenPGP key."), // body
                      fileName);
     }
 
     QByteArray ol_quote(QByteArray str)
     {
 #ifdef Q_OS_WIN
         return "\"\"" + str.replace('"', "\\\"") + "\"\"";
         //return '"' + str.replace( '"', "\\\"" ) + '"';
 #else
         return str;
 #endif
     }
 
     void invokeMailer(const QString &to, const QString &subject, const QString &body, const QString &attachment)
     {
         qCDebug(KLEOPATRA_LOG) << "to:" << to << "subject:" << subject
                                << "body:" << body << "attachment:" << attachment;
 
         // RFC 2368 says body's linebreaks need to be encoded as
         // "%0D%0A", so normalize body to CRLF:
         //body.replace(QLatin1Char('\n'), QStringLiteral("\r\n")).remove(QStringLiteral("\r\r"));
 
         QUrlQuery query;
         query.addQueryItem(QStringLiteral("subject"), subject);
         query.addQueryItem(QStringLiteral("body"), body);
         if (!attachment.isEmpty()) {
             query.addQueryItem(QStringLiteral("attach"), attachment);
         }
         QUrl url;
         url.setScheme(QStringLiteral("mailto"));
         url.setQuery(query);
         qCDebug(KLEOPATRA_LOG) << "openUrl" << url;
         QDesktopServices::openUrl(url);
         KMessageBox::information(this,
                                  xi18nc("@info",
                                         "<para><application>Kleopatra</application> tried to send a mail via your default mail client.</para>"
                                         "<para>Some mail clients are known not to support attachments when invoked this way.</para>"
                                         "<para>If your mail client does not have an attachment, then drag the <application>Kleopatra</application> icon and drop it on the message compose window of your mail client.</para>"
                                         "<para>If that does not work, either, save the request to a file, and then attach that.</para>"),
                                  i18nc("@title", "Sending Mail"),
                                  QStringLiteral("newcertificatewizard-mailto-troubles"));
     }
 
     void slotUploadCertificateToDirectoryServer()
     {
         if (pgp()) {
             (new ExportOpenPGPCertsToServerCommand(key()))->start();
         }
     }
 
     void slotBackupCertificate()
     {
         if (pgp()) {
             (new ExportSecretKeyCommand(key()))->start();
         }
     }
 
     void slotCreateRevocationRequest()
     {
 
     }
 
     void slotCreateSigningCertificate()
     {
         if (successfullyCreatedSigningCertificate) {
             return;
         }
         toggleSignEncryptAndRestart();
     }
 
     void slotCreateEncryptionCertificate()
     {
         if (successfullyCreatedEncryptionCertificate) {
             return;
         }
         toggleSignEncryptAndRestart();
     }
 
 private:
     void toggleSignEncryptAndRestart()
     {
         if (!wizard()) {
             return;
         }
         if (KMessageBox::warningContinueCancel(
                     this,
                     i18nc("@info",
                           "This operation will delete the certification request. "
                           "Please make sure that you have sent or saved it before proceeding."),
                     i18nc("@title", "Certification Request About To Be Deleted")) != KMessageBox::Continue) {
             return;
         }
         const bool sign = signingAllowed();
         const bool encr = encryptionAllowed();
         setField(QStringLiteral("signingAllowed"),    !sign);
         setField(QStringLiteral("encryptionAllowed"), !encr);
         // restart and skip to enter details Page:
         wizard()->restart();
         for (int i = wizard()->currentId(); i < NewCertificateWizard::EnterDetailsPageId; ++i) {
             wizard()->next();
         }
     }
 
 private:
     bool initialized : 1;
     bool successfullyCreatedSigningCertificate : 1;
     bool successfullyCreatedEncryptionCertificate : 1;
     QPointer<ExportCertificateCommand> exportCertificateCommand;
     Ui_ResultPage ui;
 };
 }
 
 class NewCertificateWizard::Private
 {
     friend class ::Kleo::NewCertificateWizard;
     friend class ::Kleo::NewCertificateUi::WizardPage;
     NewCertificateWizard *const q;
 public:
     explicit Private(NewCertificateWizard *qq)
         : q(qq),
           tmp(QDir::temp().absoluteFilePath(QStringLiteral("kleo-"))),
           ui(q)
     {
         q->setWindowTitle(i18nc("@title:window", "Key Pair Creation Wizard"));
     }
 
 private:
     QTemporaryDir tmp;
     struct Ui {
         ChooseProtocolPage chooseProtocolPage;
         EnterDetailsPage enterDetailsPage;
         KeyCreationPage keyCreationPage;
         ResultPage resultPage;
 
         explicit Ui(NewCertificateWizard *q)
             : chooseProtocolPage(q),
               enterDetailsPage(q),
               keyCreationPage(q),
               resultPage(q)
         {
             KDAB_SET_OBJECT_NAME(chooseProtocolPage);
             KDAB_SET_OBJECT_NAME(enterDetailsPage);
             KDAB_SET_OBJECT_NAME(keyCreationPage);
             KDAB_SET_OBJECT_NAME(resultPage);
 
             q->setOptions(DisabledBackButtonOnLastPage);
 
             q->setPage(ChooseProtocolPageId, &chooseProtocolPage);
             q->setPage(EnterDetailsPageId,   &enterDetailsPage);
             q->setPage(KeyCreationPageId,    &keyCreationPage);
             q->setPage(ResultPageId,         &resultPage);
 
             q->setStartId(ChooseProtocolPageId);
         }
 
     } ui;
 
 };
 
 NewCertificateWizard::NewCertificateWizard(QWidget *p)
     : QWizard(p), d(new Private(this))
 {
 
 }
 
 NewCertificateWizard::~NewCertificateWizard() {}
 
 void NewCertificateWizard::setProtocol(Protocol proto)
 {
     d->ui.chooseProtocolPage.setProtocol(proto);
     setStartId(proto == UnknownProtocol ? ChooseProtocolPageId : EnterDetailsPageId);
 }
 
 Protocol NewCertificateWizard::protocol() const
 {
     return d->ui.chooseProtocolPage.protocol();
 }
 
 static QString pgpLabel(const QString &attr)
 {
     if (attr == QLatin1String("NAME")) {
         return i18n("Name");
     }
     if (attr == QLatin1String("EMAIL")) {
         return i18n("EMail");
     }
     return QString();
 }
 
 static QString attributeLabel(const QString &attr, bool pgp)
 {
     if (attr.isEmpty()) {
         return QString();
     }
     const QString label = pgp ? pgpLabel(attr) : Kleo::DNAttributeMapper::instance()->name2label(attr);
     if (!label.isEmpty())
         if (pgp) {
             return label;
         } else
             return i18nc("Format string for the labels in the \"Your Personal Data\" page",
                          "%1 (%2)", label, attr);
     else {
         return attr;
     }
 }
 
 #if 0
 //Not used anywhere
 static QString attributeLabelWithColor(const QString &attr, bool pgp)
 {
     const QString result = attributeLabel(attr, pgp);
     if (result.isEmpty()) {
         return QString();
     } else {
         return result + ':';
     }
 }
 #endif
 
 static QString attributeFromKey(QString key)
 {
     return key.remove(QLatin1Char('!'));
 }
 
 QDir WizardPage::tmpDir() const
 {
     return wizard() ? QDir(wizard()->d->tmp.path()) : QDir::home();
 }
 
 void EnterDetailsPage::registerDialogPropertiesAsFields()
 {
 
     const QMetaObject *const mo = dialog.metaObject();
     for (unsigned int i = mo->propertyOffset(), end = i + mo->propertyCount(); i != end; ++i) {
         const QMetaProperty mp = mo->property(i);
         if (mp.isValid()) {
             registerField(QLatin1String(mp.name()), &dialog, mp.name(), SIGNAL(accepted()));
         }
     }
 
 }
 
 void EnterDetailsPage::saveValues()
 {
     for (const Line &line : std::as_const(lineList)) {
         savedValues[ attributeFromKey(line.attr) ] = line.edit->text().trimmed();
     }
 }
 
 void EnterDetailsPage::clearForm()
 {
     qDeleteAll(dynamicWidgets);
     dynamicWidgets.clear();
     lineList.clear();
 
     ui.nameLE->hide();
     ui.nameLE->clear();
     ui.nameLB->hide();
     ui.nameRequiredLB->hide();
 
     ui.emailLE->hide();
     ui.emailLE->clear();
     ui.emailLB->hide();
     ui.emailRequiredLB->hide();
 }
 
 static int row_index_of(QWidget *w, QGridLayout *l)
 {
     const int idx = l->indexOf(w);
     int r, c, rs, cs;
     l->getItemPosition(idx, &r, &c, &rs, &cs);
     return r;
 }
 
 static QLineEdit *adjust_row(QGridLayout *l, int row, const QString &label, const QString &preset, QValidator *validator, bool readonly, bool required)
 {
     Q_ASSERT(l);
     Q_ASSERT(row >= 0);
     Q_ASSERT(row < l->rowCount());
 
     auto lb = qobject_cast<QLabel *>(l->itemAtPosition(row, 0)->widget());
     Q_ASSERT(lb);
     auto le = qobject_cast<QLineEdit *>(l->itemAtPosition(row, 1)->widget());
     Q_ASSERT(le);
     lb->setBuddy(le);   // For better accessibility
     auto reqLB = qobject_cast<QLabel *>(l->itemAtPosition(row, 2)->widget());
     Q_ASSERT(reqLB);
 
     lb->setText(i18nc("interpunctation for labels", "%1:", label));
     le->setText(preset);
     reqLB->setText(required ? i18n("(required)") : i18n("(optional)"));
     delete le->validator();
     if (validator) {
         if (!validator->parent()) {
             validator->setParent(le);
         }
         le->setValidator(validator);
     }
 
     le->setReadOnly(readonly && le->hasAcceptableInput());
 
     lb->show();
     le->show();
     reqLB->show();
 
     return le;
 }
 
 static int add_row(QGridLayout *l, QList<QWidget *> *wl)
 {
     Q_ASSERT(l);
     Q_ASSERT(wl);
     const int row = l->rowCount();
     QWidget *w1, *w2, *w3;
     l->addWidget(w1 = new QLabel(l->parentWidget()),    row, 0);
     l->addWidget(w2 = new QLineEdit(l->parentWidget()), row, 1);
     l->addWidget(w3 = new QLabel(l->parentWidget()),    row, 2);
     wl->push_back(w1);
     wl->push_back(w2);
     wl->push_back(w3);
     return row;
 }
 
 void EnterDetailsPage::updateForm()
 {
 
     clearForm();
 
     const auto settings = Kleo::Settings{};
     const KConfigGroup config(KSharedConfig::openConfig(), "CertificateCreationWizard");
 
     QStringList attrOrder = config.readEntry(pgp() ? "OpenPGPAttributeOrder" : "DNAttributeOrder", QStringList());
     if (attrOrder.empty()) {
         if (pgp()) {
             attrOrder << QStringLiteral("NAME") << QStringLiteral("EMAIL");
         } else {
             attrOrder << QStringLiteral("CN!") << QStringLiteral("L") << QStringLiteral("OU") << QStringLiteral("O") << QStringLiteral("C") << QStringLiteral("EMAIL!");
         }
     }
 
     QList<QWidget *> widgets;
     widgets.push_back(ui.nameLE);
     widgets.push_back(ui.emailLE);
 
     QMap<int, Line> lines;
 
     for (const QString &rawKey : std::as_const(attrOrder)) {
         const QString key = rawKey.trimmed().toUpper();
         const QString attr = attributeFromKey(key);
         if (attr.isEmpty()) {
             continue;
         }
         const QString preset = savedValues.value(attr, config.readEntry(attr, QString()));
         const bool required = key.endsWith(QLatin1Char('!'));
         const bool readonly = config.isEntryImmutable(attr);
         const QString label = config.readEntry(attr + QLatin1String("_label"),
                                                attributeLabel(attr, pgp()));
         const QString regex = config.readEntry(attr + QLatin1String("_regex"));
         const QString placeholder = config.readEntry(attr + QLatin1String{"_placeholder"});
 
         int row;
         bool known = true;
         QValidator *validator = nullptr;
         if (attr == QLatin1String("EMAIL")) {
             row = row_index_of(ui.emailLE, ui.gridLayout);
             validator = regex.isEmpty() ? Validation::email() : Validation::email(QRegExp(regex));
         } else if (attr == QLatin1String("NAME") || attr == QLatin1String("CN")) {
             if ((pgp() && attr == QLatin1String("CN")) || (!pgp() && attr == QLatin1String("NAME"))) {
                 continue;
             }
             if (pgp()) {
                 validator = regex.isEmpty() ? Validation::pgpName() : Validation::pgpName(QRegExp(regex));
             }
             row = row_index_of(ui.nameLE, ui.gridLayout);
         } else {
             known = false;
             row = add_row(ui.gridLayout, &dynamicWidgets);
         }
         if (!validator && !regex.isEmpty()) {
             validator = new QRegExpValidator(QRegExp(regex), nullptr);
         }
 
         QLineEdit *le = adjust_row(ui.gridLayout, row, label, preset, validator, readonly, required);
         le->setPlaceholderText(placeholder);
 
         const Line line = { key, label, regex, le };
         lines[row] = line;
 
         if (!known) {
             widgets.push_back(le);
         }
 
         // don't connect twice:
         disconnect(le, &QLineEdit::textChanged, this, &EnterDetailsPage::slotUpdateResultLabel);
         connect(le, &QLineEdit::textChanged, this, &EnterDetailsPage::slotUpdateResultLabel);
     }
 
     // create lineList in visual order, so requirementsAreMet()
     // complains from top to bottom:
     lineList.reserve(lines.count());
     std::copy(lines.cbegin(), lines.cend(), std::back_inserter(lineList));
 
     widgets.push_back(ui.resultLE);
     widgets.push_back(ui.advancedPB);
 
     const bool prefillName = (pgp() && settings.prefillName()) || (!pgp() && settings.prefillCN());
     if (ui.nameLE->text().isEmpty() && prefillName) {
         ui.nameLE->setText(userFullName());
     }
     if (ui.emailLE->text().isEmpty() && settings.prefillEmail()) {
         ui.emailLE->setText(userEmailAddress());
     }
     ui.advancedPB->setVisible(!settings.hideAdvanced());
 
     set_tab_order(widgets);
 }
 
 QString EnterDetailsPage::cmsDN() const
 {
     DN dn;
     for (QVector<Line>::const_iterator it = lineList.begin(), end = lineList.end(); it != end; ++it) {
         const QString text = it->edit->text().trimmed();
         if (text.isEmpty()) {
             continue;
         }
         QString attr = attributeFromKey(it->attr);
         if (attr == QLatin1String("EMAIL")) {
             continue;
         }
         if (const char *const oid = oidForAttributeName(attr)) {
             attr = QString::fromUtf8(oid);
         }
         dn.append(DN::Attribute(attr, text));
     }
     return dn.dn();
 }
 
 QString EnterDetailsPage::pgpUserID() const
 {
     return Formatting::prettyNameAndEMail(OpenPGP, QString(),
                                           ui.nameLE->text().trimmed(),
                                           ui.emailLE->text().trimmed(),
                                           QString());
 }
 
 static bool has_intermediate_input(const QLineEdit *le)
 {
     QString text = le->text();
     int pos = le->cursorPosition();
     const QValidator *const v = le->validator();
     return v && v->validate(text, pos) == QValidator::Intermediate;
 }
 
 static bool requirementsAreMet(const QVector<Line> &list, QString &error)
 {
     bool allEmpty = true;
     for (const Line &line : list) {
         const QLineEdit *le = line.edit;
         if (!le) {
             continue;
         }
         const QString key = line.attr;
         qCDebug(KLEOPATRA_LOG) << "requirementsAreMet(): checking \"" << key << "\" against \"" << le->text() << "\":";
         if (le->text().trimmed().isEmpty()) {
             if (key.endsWith(QLatin1Char('!'))) {
                 if (line.regex.isEmpty()) {
                     error = xi18nc("@info", "<interface>%1</interface> is required, but empty.", line.label);
                 } else
                     error = xi18nc("@info", "<interface>%1</interface> is required, but empty.<nl/>"
                                    "Local Admin rule: <icode>%2</icode>", line.label, line.regex);
                 return false;
             }
         } else if (has_intermediate_input(le)) {
             if (line.regex.isEmpty()) {
                 error = xi18nc("@info", "<interface>%1</interface> is incomplete.", line.label);
             } else
                 error = xi18nc("@info", "<interface>%1</interface> is incomplete.<nl/>"
                                "Local Admin rule: <icode>%2</icode>", line.label, line.regex);
             return false;
         } else if (!le->hasAcceptableInput()) {
             if (line.regex.isEmpty()) {
                 error = xi18nc("@info", "<interface>%1</interface> is invalid.", line.label);
             } else
                 error = xi18nc("@info", "<interface>%1</interface> is invalid.<nl/>"
                                "Local Admin rule: <icode>%2</icode>", line.label, line.regex);
             return false;
         } else {
             allEmpty = false;
         }
     }
     // Ensure that at least one value is acceptable
     return !allEmpty;
 }
 
 bool EnterDetailsPage::isComplete() const
 {
     QString error;
     const bool ok = requirementsAreMet(lineList, error);
     ui.errorLB->setText(error);
     return ok;
 }
 
 void EnterDetailsPage::slotAdvancedSettingsClicked()
 {
     dialog.exec();
 }
 
 QStringList KeyCreationPage::keyUsages() const
 {
     QStringList usages;
     if (signingAllowed()) {
         usages << QStringLiteral("sign");
     }
     if (encryptionAllowed() && !is_ecdh(subkeyType()) &&
         !is_dsa(keyType()) && !is_rsa(subkeyType())) {
         usages << QStringLiteral("encrypt");
     }
     if (authenticationAllowed()) {
         usages << QStringLiteral("auth");
     }
     if (usages.empty() && certificationAllowed()) {
         /* Empty usages cause an error so we need to
          * add at least certify if nothing else is selected */
         usages << QStringLiteral("cert");
     }
     return usages;
 }
 
 QStringList KeyCreationPage::subkeyUsages() const
 {
     QStringList usages;
     if (encryptionAllowed() && (is_dsa(keyType()) || is_rsa(subkeyType()) ||
                                 is_ecdh(subkeyType()))) {
         Q_ASSERT(subkeyType());
         usages << QStringLiteral("encrypt");
     }
     return usages;
 }
 
 namespace
 {
 template <typename T = QString>
 struct Row {
     QString key;
     T value;
 
     Row(const QString &k, const T &v) : key(k), value(v) {}
 };
 template <typename T>
 QTextStream &operator<<(QTextStream &s, const Row<T> &row)
 {
     if (row.key.isEmpty()) {
         return s;
     } else {
         return s << "<tr><td>" << row.key << "</td><td>" << row.value << "</td></tr>";
     }
 }
 }
 
 QString KeyCreationPage::createGnupgKeyParms() const
 {
     KeyParameters keyParameters(pgp() ? KeyParameters::OpenPGP : KeyParameters::CMS);
 
     keyParameters.setKeyType(keyType());
     if (is_ecdsa(keyType()) || is_eddsa(keyType())) {
         keyParameters.setKeyCurve(keyCurve());
     } else if (const unsigned int strength = keyStrength()) {
         keyParameters.setKeyLength(strength);
     }
     keyParameters.setKeyUsages(keyUsages());
 
     if (subkeyType()) {
         keyParameters.setSubkeyType(subkeyType());
         if (is_ecdh(subkeyType())) {
             keyParameters.setSubkeyCurve(subkeyCurve());
         } else if (const unsigned int strength = subkeyStrength()) {
             keyParameters.setSubkeyLength(strength);
         }
         keyParameters.setSubkeyUsages(subkeyUsages());
     }
 
     if (pgp()) {
         if (expiryDate().isValid()) {
             keyParameters.setExpirationDate(expiryDate());
         }
         if (!name().isEmpty()) {
             keyParameters.setName(name());
         }
         if (!email().isEmpty()) {
             keyParameters.setEmail(email());
         }
     } else {
         keyParameters.setDN(dn());
         keyParameters.setEmail(email());
         const auto addesses{additionalEMailAddresses()};
         for (const QString &email : addesses) {
             keyParameters.addEmail(email);
         }
         const auto dnsN{dnsNames()};
         for (const QString &dns : dnsN) {
             keyParameters.addDomainName(dns);
         }
         const auto urisList{uris()};
         for (const QString &uri : urisList) {
             keyParameters.addURI(uri);
         }
     }
 
     const QString result = keyParameters.toString();
     qCDebug(KLEOPATRA_LOG) << '\n' << result;
     return result;
 }
 
 static void fill_combobox(QComboBox &cb, const QList<int> &sizes, const QStringList &labels)
 {
     cb.clear();
     for (int i = 0, end = sizes.size(); i != end; ++i) {
         const int size = std::abs(sizes[i]);
         /* As we respect the defaults configurable in GnuPG, and we also have configurable
          * defaults in Kleopatra its difficult to print out "default" here. To avoid confusion
          * about that its better not to show any default indication.  */
         cb.addItem(i < labels.size() && !labels[i].trimmed().isEmpty()
                    ? i18ncp("%2: some admin-supplied text, %1: key size in bits", "%2 (1 bit)", "%2 (%1 bits)", size, labels[i].trimmed())
                    : i18ncp("%1: key size in bits", "1 bit", "%1 bits", size),
                    size);
         if (sizes[i] < 0) {
             cb.setCurrentIndex(cb.count() - 1);
         }
     }
 }
 
 void AdvancedSettingsDialog::fillKeySizeComboBoxen()
 {
 
     const KConfigGroup config(KSharedConfig::openConfig(), "CertificateCreationWizard");
 
     QList<int> rsaKeySizes = config.readEntry(RSA_KEYSIZES_ENTRY, QList<int>() << 2048 << -3072 << 4096);
     if (Kleo::gnupgUsesDeVsCompliance()) {
         rsaKeySizes = config.readEntry(RSA_KEYSIZES_ENTRY, QList<int>() << -3072 << 4096);
     }
     const QList<int> dsaKeySizes = config.readEntry(DSA_KEYSIZES_ENTRY, QList<int>() << -2048);
     const QList<int> elgKeySizes = config.readEntry(ELG_KEYSIZES_ENTRY, QList<int>() << -2048 << 3072 << 4096);
 
     const QStringList rsaKeySizeLabels = config.readEntry(RSA_KEYSIZE_LABELS_ENTRY, QStringList());
     const QStringList dsaKeySizeLabels = config.readEntry(DSA_KEYSIZE_LABELS_ENTRY, QStringList());
     const QStringList elgKeySizeLabels = config.readEntry(ELG_KEYSIZE_LABELS_ENTRY, QStringList());
 
     fill_combobox(*ui.rsaKeyStrengthCB, rsaKeySizes, rsaKeySizeLabels);
     fill_combobox(*ui.rsaKeyStrengthSubCB, rsaKeySizes, rsaKeySizeLabels);
     fill_combobox(*ui.dsaKeyStrengthCB, dsaKeySizes, dsaKeySizeLabels);
     fill_combobox(*ui.elgKeyStrengthCB, elgKeySizes, elgKeySizeLabels);
     if (mEdDSASupported) {
         // If supported we recommend cv25519
         ui.ecdsaKeyCurvesCB->addItem(QStringLiteral("ed25519"));
         ui.ecdhKeyCurvesCB->addItem(QStringLiteral("cv25519"));
     }
     ui.ecdhKeyCurvesCB->addItems(curveNames);
     ui.ecdsaKeyCurvesCB->addItems(curveNames);
 }
 
 // Try to load the default key type from GnuPG
 void AdvancedSettingsDialog::loadDefaultGnuPGKeyType()
 {
     const auto conf = QGpgME::cryptoConfig();
     if (!conf) {
         qCWarning(KLEOPATRA_LOG) << "Failed to obtain cryptoConfig.";
         return;
     }
     const auto entry = getCryptoConfigEntry(conf, protocol == CMS ? "gpgsm" : "gpg", "default_pubkey_algo");
     if (!entry) {
         qCDebug(KLEOPATRA_LOG) << "GnuPG does not have default key type. Fallback to RSA";
         setKeyType(Subkey::AlgoRSA);
         setSubkeyType(Subkey::AlgoRSA);
         return;
     }
 
     qCDebug(KLEOPATRA_LOG) << "Have default key type: " << entry->stringValue();
 
     // Format is <primarytype>[/usage]+<subkeytype>[/usage]
     const auto split = entry->stringValue().split(QLatin1Char('+'));
     int size = 0;
     Subkey::PubkeyAlgo algo = Subkey::AlgoUnknown;
     QString curve;
 
     parseAlgoString(split[0], &size, &algo, curve);
     if (algo == Subkey::AlgoUnknown) {
         setSubkeyType(Subkey::AlgoRSA);
         return;
     }
 
     setKeyType(algo);
 
     if (is_rsa(algo) || is_elg(algo) || is_dsa(algo)) {
         setKeyStrength(size);
     } else {
         setKeyCurve(curve);
     }
 
     {
         auto algoString = (split.size() == 2) ? split[1] : split[0];
         // If it has no usage we assume encrypt subkey
         if (!algoString.contains(QLatin1Char('/'))) {
             algoString += QStringLiteral("/enc");
         }
 
         parseAlgoString(algoString, &size, &algo, curve);
 
         if (algo == Subkey::AlgoUnknown) {
             setSubkeyType(Subkey::AlgoRSA);
             return;
         }
 
         setSubkeyType(algo);
 
         if (is_rsa(algo) || is_elg(algo)) {
             setSubkeyStrength(size);
         } else {
             setSubkeyCurve(curve);
         }
     }
 }
 
 void AdvancedSettingsDialog::loadDefaultKeyType()
 {
 
     if (protocol != CMS && protocol != OpenPGP) {
         return;
     }
 
     const KConfigGroup config(KSharedConfig::openConfig(), "CertificateCreationWizard");
 
     const QString entry = protocol == CMS ? QLatin1String(CMS_KEY_TYPE_ENTRY) : QLatin1String(PGP_KEY_TYPE_ENTRY);
     const QString keyType = config.readEntry(entry).trimmed().toUpper();
 
     if (protocol == OpenPGP && keyType == QLatin1String("DSA")) {
         setKeyType(Subkey::AlgoDSA);
         setSubkeyType(Subkey::AlgoUnknown);
     } else if (protocol == OpenPGP && keyType == QLatin1String("DSA+ELG")) {
         setKeyType(Subkey::AlgoDSA);
         setSubkeyType(Subkey::AlgoELG_E);
     } else if (keyType.isEmpty() && engineIsVersion(2, 1, 17)) {
         loadDefaultGnuPGKeyType();
     } else {
         if (!keyType.isEmpty() && keyType != QLatin1String("RSA"))
             qCWarning(KLEOPATRA_LOG) << "invalid value \"" << qPrintable(keyType)
                                      << "\" for entry \"[CertificateCreationWizard]"
                                      << qPrintable(entry) << "\"";
         setKeyType(Subkey::AlgoRSA);
         setSubkeyType(Subkey::AlgoRSA);
     }
 
     keyTypeImmutable = config.isEntryImmutable(entry);
 }
 
 void AdvancedSettingsDialog::loadDefaultExpiration()
 {
     if (protocol != OpenPGP) {
         return;
     }
 
     setExpiryDate(defaultExpirationDate(OnUnlimitedValidity::ReturnInvalidDate));
 }
 
 void AdvancedSettingsDialog::loadDefaults()
 {
     loadDefaultKeyType();
     loadDefaultExpiration();
 
     updateWidgetVisibility();
 }
 
 void AdvancedSettingsDialog::updateWidgetVisibility()
 {
     // Personal Details Page
     if (protocol == OpenPGP) {    // ### hide until multi-uid is implemented
         if (ui.tabWidget->indexOf(ui.personalTab) != -1) {
             ui.tabWidget->removeTab(ui.tabWidget->indexOf(ui.personalTab));
         }
     } else {
         if (ui.tabWidget->indexOf(ui.personalTab) == -1) {
             ui.tabWidget->addTab(ui.personalTab, tr2i18n("Personal Details", nullptr));
         }
     }
     ui.uidGB->setVisible(protocol == OpenPGP);
     ui.uidGB->setEnabled(false);
     ui.uidGB->setToolTip(i18nc("@info:tooltip", "Adding more than one User ID is not yet implemented."));
     ui.emailGB->setVisible(protocol == CMS);
     ui.dnsGB->setVisible(protocol == CMS);
     ui.uriGB->setVisible(protocol == CMS);
 
     ui.ecdhCB->setVisible(mECCSupported);
     ui.ecdhKeyCurvesCB->setVisible(mECCSupported);
     ui.ecdsaKeyCurvesCB->setVisible(mECCSupported);
     ui.ecdsaRB->setVisible(mECCSupported);
     if (mEdDSASupported) {
         // We use the same radio button for EdDSA as we use for
         // ECDSA GnuPG does the same and this is really super technical
         // land.
         ui.ecdsaRB->setText(QStringLiteral("ECDSA/EdDSA"));
     }
 
     const bool deVsHack = Kleo::gnupgUsesDeVsCompliance();
 
     if (deVsHack) {
         // GnuPG Provides no API to query which keys are compliant for
         // a mode. If we request a different one it will error out so
         // we have to remove the options.
         //
         // Does anyone want to use NIST anyway?
         int i;
         while ((i = ui.ecdsaKeyCurvesCB->findText(QStringLiteral("NIST"), Qt::MatchStartsWith)) != -1 ||
                (i = ui.ecdsaKeyCurvesCB->findText(QStringLiteral("25519"), Qt::MatchEndsWith)) != -1) {
             ui.ecdsaKeyCurvesCB->removeItem(i);
         }
         while ((i = ui.ecdhKeyCurvesCB->findText(QStringLiteral("NIST"), Qt::MatchStartsWith)) != -1 ||
                (i = ui.ecdhKeyCurvesCB->findText(QStringLiteral("25519"), Qt::MatchEndsWith)) != -1) {
             ui.ecdhKeyCurvesCB->removeItem(i);
         }
     }
     // Technical Details Page
     if (keyTypeImmutable) {
         ui.rsaRB->setEnabled(false);
         ui.rsaSubCB->setEnabled(false);
         ui.dsaRB->setEnabled(false);
         ui.elgCB->setEnabled(false);
         ui.ecdsaRB->setEnabled(false);
         ui.ecdhCB->setEnabled(false);
     } else {
         ui.rsaRB->setEnabled(true);
         ui.rsaSubCB->setEnabled(protocol == OpenPGP);
         ui.dsaRB->setEnabled(protocol == OpenPGP && !deVsHack);
         ui.elgCB->setEnabled(protocol == OpenPGP && !deVsHack);
         ui.ecdsaRB->setEnabled(protocol == OpenPGP);
         ui.ecdhCB->setEnabled(protocol == OpenPGP);
     }
     ui.certificationCB->setVisible(protocol == OpenPGP);   // gpgsm limitation?
     ui.authenticationCB->setVisible(protocol == OpenPGP);
     if (protocol == OpenPGP) {   // pgp keys must have certify capability
         ui.certificationCB->setChecked(true);
         ui.certificationCB->setEnabled(false);
     }
     if (protocol == CMS) {
         ui.encryptionCB->setEnabled(true);
         ui.rsaSubCB->setChecked(false);
         ui.rsaKeyStrengthSubCB->setEnabled(false);
     }
 
     ui.expiryDE->setVisible(protocol == OpenPGP);
     ui.expiryCB->setVisible(protocol == OpenPGP);
     const auto settings = Kleo::Settings{};
     if (settings.isValidityPeriodInDaysImmutable()) {
         ui.expiryDE->setEnabled(false);
         ui.expiryCB->setEnabled(false);
     }
 
     slotKeyMaterialSelectionChanged();
 }
 
 #include "newcertificatewizard.moc"
diff --git a/src/view/keylistcontroller.cpp b/src/view/keylistcontroller.cpp
index 6522f5441..c7b8b3917 100644
--- a/src/view/keylistcontroller.cpp
+++ b/src/view/keylistcontroller.cpp
@@ -1,824 +1,830 @@
 /* -*- mode: c++; c-basic-offset:4 -*-
     controllers/keylistcontroller.cpp
 
     This file is part of Kleopatra, the KDE keymanager
     SPDX-FileCopyrightText: 2007 Klarälvdalens Datakonsult AB
 
     SPDX-License-Identifier: GPL-2.0-or-later
 */
 
 #include <config-kleopatra.h>
 
 #include "keylistcontroller.h"
 #include "tabwidget.h"
 
 #include <smartcard/readerstatus.h>
 
 #include <utils/action_data.h>
 
 #include <settings.h>
 #include "tooltippreferences.h"
 #include "kleopatra_debug.h"
 #include "commands/exportcertificatecommand.h"
 #include "commands/exportopenpgpcertstoservercommand.h"
-#include "commands/exportsecretkeycommand_old.h"
+#ifdef QGPGME_SUPPORTS_SECRET_KEY_EXPORT
+# include "commands/exportsecretkeycommand.h"
+#else
+# include "commands/exportsecretkeycommand_old.h"
+#endif
 #include "commands/importcertificatefromfilecommand.h"
 #include "commands/changepassphrasecommand.h"
 #include "commands/lookupcertificatescommand.h"
 #include "commands/reloadkeyscommand.h"
 #include "commands/refreshx509certscommand.h"
 #include "commands/refreshopenpgpcertscommand.h"
 #include "commands/detailscommand.h"
 #include "commands/deletecertificatescommand.h"
 #include "commands/decryptverifyfilescommand.h"
 #include "commands/signencryptfilescommand.h"
 #include "commands/signencryptfoldercommand.h"
 #include "commands/clearcrlcachecommand.h"
 #include "commands/dumpcrlcachecommand.h"
 #include "commands/dumpcertificatecommand.h"
 #include "commands/importcrlcommand.h"
 #include "commands/changeexpirycommand.h"
 #include "commands/changeownertrustcommand.h"
 #include "commands/changeroottrustcommand.h"
 #include "commands/certifycertificatecommand.h"
 #include "commands/revokecertificationcommand.h"
 #include "commands/adduseridcommand.h"
 #include "commands/newcertificatecommand.h"
 #include "commands/checksumverifyfilescommand.h"
 #include "commands/checksumcreatefilescommand.h"
 #include "commands/exportpaperkeycommand.h"
 
 #include <Libkleo/KeyCache>
 #include <Libkleo/KeyListModel>
 #include <Libkleo/Formatting>
 
 #include <gpgme++/key.h>
 
 #include <KActionCollection>
 #include <KLocalizedString>
 
 #include <QAbstractItemView>
 #include <QPointer>
 #include <QItemSelectionModel>
 #include <QAction>
 
 #include <algorithm>
 
 using namespace Kleo;
 using namespace Kleo::Commands;
 using namespace Kleo::SmartCard;
 using namespace GpgME;
+#ifndef QGPGME_SUPPORTS_SECRET_KEY_EXPORT
 using Kleo::Commands::Compat::ExportSecretKeyCommand;
+#endif
 
 class KeyListController::Private
 {
     friend class ::Kleo::KeyListController;
     KeyListController *const q;
 public:
     explicit Private(KeyListController *qq);
     ~Private();
 
     void connectView(QAbstractItemView *view);
     void connectCommand(Command *cmd);
 
     void connectTabWidget();
     void disconnectTabWidget();
 
     void addCommand(Command *cmd)
     {
         connectCommand(cmd);
         commands.insert(std::lower_bound(commands.begin(), commands.end(), cmd), cmd);
     }
     void addView(QAbstractItemView *view)
     {
         connectView(view);
         views.insert(std::lower_bound(views.begin(), views.end(), view), view);
     }
     void removeView(QAbstractItemView *view)
     {
         view->disconnect(q);
         view->selectionModel()->disconnect(q);
         views.erase(std::remove(views.begin(), views.end(), view), views.end());
     }
 
 public:
     void slotDestroyed(QObject *o)
     {
         qCDebug(KLEOPATRA_LOG) << (void *)o;
         views.erase(std::remove(views.begin(), views.end(), o), views.end());
         commands.erase(std::remove(commands.begin(), commands.end(), o), commands.end());
     }
     void slotDoubleClicked(const QModelIndex &idx);
     void slotActivated(const QModelIndex &idx);
     void slotSelectionChanged(const QItemSelection &old, const QItemSelection &new_);
     void slotContextMenu(const QPoint &pos);
     void slotCommandFinished();
     void slotAddKey(const Key &key);
     void slotAboutToRemoveKey(const Key &key);
     void slotProgress(const QString &what, int current, int total)
     {
         Q_EMIT q->progress(current, total);
         if (!what.isEmpty()) {
             Q_EMIT q->message(what);
         }
     }
     void slotActionTriggered();
     void slotCurrentViewChanged(QAbstractItemView *view)
     {
         if (view && !std::binary_search(views.cbegin(), views.cend(), view)) {
             qCDebug(KLEOPATRA_LOG) << "you need to register view" << view << "before trying to set it as the current view!";
             addView(view);
         }
         currentView = view;
         q->enableDisableActions(view ? view->selectionModel() : nullptr);
     }
 
 private:
     int toolTipOptions() const;
 
 private:
     static Command::Restrictions calculateRestrictionsMask(const QItemSelectionModel *sm);
 
 private:
     struct action_item {
         QPointer<QAction> action;
         Command::Restrictions restrictions;
         Command *(*createCommand)(QAbstractItemView *, KeyListController *);
     };
     std::vector<action_item> actions;
     std::vector<QAbstractItemView *> views;
     std::vector<Command *> commands;
     QPointer<QWidget> parentWidget;
     QPointer<TabWidget> tabWidget;
     QPointer<QAbstractItemView> currentView;
     QPointer<AbstractKeyListModel> flatModel, hierarchicalModel;
 };
 
 KeyListController::Private::Private(KeyListController *qq)
     : q(qq),
       actions(),
       views(),
       commands(),
       parentWidget(),
       tabWidget(),
       flatModel(),
       hierarchicalModel()
 {
     connect(KeyCache::mutableInstance().get(), SIGNAL(added(GpgME::Key)),
             q, SLOT(slotAddKey(GpgME::Key)));
     connect(KeyCache::mutableInstance().get(), SIGNAL(aboutToRemove(GpgME::Key)),
             q, SLOT(slotAboutToRemoveKey(GpgME::Key)));
 }
 
 KeyListController::Private::~Private() {}
 
 KeyListController::KeyListController(QObject *p)
     : QObject(p), d(new Private(this))
 {
 
 }
 
 KeyListController::~KeyListController() {}
 
 void KeyListController::Private::slotAddKey(const Key &key)
 {
     // ### make model act on keycache directly...
     if (flatModel) {
         flatModel->addKey(key);
     }
     if (hierarchicalModel) {
         hierarchicalModel->addKey(key);
     }
 }
 
 void KeyListController::Private::slotAboutToRemoveKey(const Key &key)
 {
     // ### make model act on keycache directly...
     if (flatModel) {
         flatModel->removeKey(key);
     }
     if (hierarchicalModel) {
         hierarchicalModel->removeKey(key);
     }
 }
 
 void KeyListController::addView(QAbstractItemView *view)
 {
     if (!view || std::binary_search(d->views.cbegin(), d->views.cend(), view)) {
         return;
     }
     d->addView(view);
 }
 
 void KeyListController::removeView(QAbstractItemView *view)
 {
     if (!view || !std::binary_search(d->views.cbegin(), d->views.cend(), view)) {
         return;
     }
     d->removeView(view);
 }
 
 void KeyListController::setCurrentView(QAbstractItemView *view)
 {
     d->slotCurrentViewChanged(view);
 }
 
 std::vector<QAbstractItemView *> KeyListController::views() const
 {
     return d->views;
 }
 
 void KeyListController::setFlatModel(AbstractKeyListModel *model)
 {
     if (model == d->flatModel) {
         return;
     }
 
     d->flatModel = model;
 
     if (model) {
         model->clear();
         if (KeyCache::instance()->initialized()) {
             model->addKeys(KeyCache::instance()->keys());
         }
         model->setToolTipOptions(d->toolTipOptions());
     }
 }
 
 void KeyListController::setHierarchicalModel(AbstractKeyListModel *model)
 {
     if (model == d->hierarchicalModel) {
         return;
     }
 
     d->hierarchicalModel = model;
 
     if (model) {
         model->clear();
         if (KeyCache::instance()->initialized()) {
             model->addKeys(KeyCache::instance()->keys());
         }
         model->setToolTipOptions(d->toolTipOptions());
     }
 }
 
 void KeyListController::setTabWidget(TabWidget *tabWidget)
 {
     if (tabWidget == d->tabWidget) {
         return;
     }
 
     d->disconnectTabWidget();
 
     d->tabWidget = tabWidget;
 
     d->connectTabWidget();
 
     d->slotCurrentViewChanged(tabWidget ? tabWidget->currentView() : nullptr);
 }
 
 void KeyListController::setParentWidget(QWidget *parent)
 {
     d->parentWidget = parent;
 }
 
 QWidget *KeyListController::parentWidget() const
 {
     return d->parentWidget;
 }
 
 static const struct {
     const char *signal;
     const char *slot;
 } tabs2controller[] = {
     { SIGNAL(viewAdded(QAbstractItemView*)),            SLOT(addView(QAbstractItemView*))                },
     { SIGNAL(viewAboutToBeRemoved(QAbstractItemView*)), SLOT(removeView(QAbstractItemView*))             },
     { SIGNAL(currentViewChanged(QAbstractItemView*)),   SLOT(slotCurrentViewChanged(QAbstractItemView*)) },
 };
 static const unsigned int numTabs2Controller = sizeof tabs2controller / sizeof * tabs2controller;
 
 void KeyListController::Private::connectTabWidget()
 {
     if (!tabWidget) {
         return;
     }
     const auto views = tabWidget->views();
     std::for_each(views.cbegin(), views.cend(),
                   [this](QAbstractItemView *view) { addView(view); });
     for (unsigned int i = 0; i < numTabs2Controller; ++i) {
         connect(tabWidget, tabs2controller[i].signal, q, tabs2controller[i].slot);
     }
 }
 
 void KeyListController::Private::disconnectTabWidget()
 {
     if (!tabWidget) {
         return;
     }
     for (unsigned int i = 0; i < numTabs2Controller; ++i) {
         disconnect(tabWidget, tabs2controller[i].signal, q, tabs2controller[i].slot);
     }
     const auto views = tabWidget->views();
     std::for_each(views.cbegin(), views.cend(),
                   [this](QAbstractItemView *view) { removeView(view); });
 }
 
 AbstractKeyListModel *KeyListController::flatModel() const
 {
     return d->flatModel;
 }
 
 AbstractKeyListModel *KeyListController::hierarchicalModel() const
 {
     return d->hierarchicalModel;
 }
 
 QAbstractItemView *KeyListController::currentView() const
 {
     return d->currentView;
 }
 
 TabWidget *KeyListController::tabWidget() const
 {
     return d->tabWidget;
 }
 
 void KeyListController::createActions(KActionCollection *coll)
 {
     static const std::vector<action_data> common_and_openpgp_action_data = {
         // File menu
         {
             "file_new_certificate", i18n("New Key Pair..."), QString(),
             "view-certificate-add", nullptr, nullptr, QStringLiteral("Ctrl+N"), false, true
         },
         {
             "file_export_certificates", i18n("Export..."), i18n("Export the selected certificate (public key) to a file"),
             "view-certificate-export", nullptr, nullptr, QStringLiteral("Ctrl+E"), false, true
         },
         {
             "file_export_certificates_to_server", i18n("Publish on Server..."), i18n("Publish the selected certificate (public key) on a public keyserver"),
             "view-certificate-export-server", nullptr, nullptr, QStringLiteral("Ctrl+Shift+E"), false, true
         },
         {
             "file_export_secret_keys", i18n("Backup Secret Keys..."), QString(),
             "view-certificate-export-secret", nullptr, nullptr, QString(), false, true
         },
         {
             "file_export_paper_key", i18n("Print Secret Key..."), QString(),
             "document-print", nullptr, nullptr, QString(), false, true
         },
         {
             "file_lookup_certificates", i18n("Lookup on Server..."), i18n("Search for certificates online using a public keyserver"),
             "edit-find", nullptr, nullptr, QStringLiteral("Shift+Ctrl+I"), false, true
         },
         {
             "file_import_certificates", i18n("Import..."), i18n("Import a certificate from a file"),
             "view-certificate-import", nullptr, nullptr, QStringLiteral("Ctrl+I"), false, true
         },
         {
             "file_decrypt_verify_files", i18n("Decrypt/Verify..."), i18n("Decrypt and/or verify files"),
             "document-edit-decrypt-verify", nullptr, nullptr, QString(), false, true
         },
         {
             "file_sign_encrypt_files", i18n("Sign/Encrypt..."), i18n("Encrypt and/or sign files"),
             "document-edit-sign-encrypt", nullptr, nullptr, QString(), false, true
         },
         {
             "file_sign_encrypt_folder", i18n("Sign/Encrypt Folder..."), i18n("Encrypt and/or sign folders"),
             nullptr/*"folder-edit-sign-encrypt"*/, nullptr, nullptr, QString(), false, true
         },
         {
             "file_checksum_create_files", i18n("Create Checksum Files..."), QString(),
             nullptr/*"document-checksum-create"*/, nullptr, nullptr, QString(), false, true
         },
         {
             "file_checksum_verify_files", i18n("Verify Checksum Files..."), QString(),
             nullptr/*"document-checksum-verify"*/, nullptr, nullptr, QString(), false, true
         },
         // View menu
         {
             "view_redisplay", i18n("Redisplay"), QString(),
             "view-refresh", nullptr, nullptr, QStringLiteral("F5"), false, true
         },
         {
             "view_stop_operations", i18n("Stop Operation"), QString(),
             "process-stop", this, SLOT(cancelCommands()), QStringLiteral("Escape"), false, false
         },
         {
             "view_certificate_details", i18n("Details"), QString(),
             "dialog-information", nullptr, nullptr, QString(), false, true
         },
         // Certificate menu
         {
             "certificates_delete", i18n("Delete"), i18n("Delete selected certificates"),
             "edit-delete", nullptr, nullptr, QStringLiteral("Delete"), false, true
         },
         {
             "certificates_certify_certificate", i18n("Certify..."), i18n("Certify the validity of the selected certificate"),
             "view-certificate-sign", nullptr, nullptr, QString(), false, true
         },
         {
             "certificates_revoke_certification", i18n("Revoke Certification..."), i18n("Revoke the certification of the selected certificate"),
             "view-certificate-revoke", nullptr, nullptr, QString(), false, true
         },
         {
             "certificates_change_expiry", i18n("Change Expiry Date..."), QString(),
             nullptr, nullptr, nullptr, QString(), false, true
         },
         {
             "certificates_change_owner_trust", i18n("Change Certification Trust..."), QString(),
             nullptr, nullptr, nullptr, QString(), false, true
         },
         {
             "certificates_change_passphrase", i18n("Change Passphrase..."), QString(),
             nullptr, nullptr, nullptr, QString(), false, true
         },
         {
             "certificates_add_userid", i18n("Add User-ID..."), QString(),
             nullptr, nullptr, nullptr, QString(), false, true
         },
         // Tools menu
         {
             "tools_refresh_openpgp_certificates", i18n("Refresh OpenPGP Certificates"), QString(),
             "view-refresh", nullptr, nullptr, QString(), false, true
         },
         // Window menu
         // (come from TabWidget)
         // Help menu
         // (come from MainWindow)
     };
 
     static const std::vector<action_data> cms_action_data = {
         // Certificate menu
         {
             "certificates_trust_root", i18n("Trust Root Certificate"), QString(),
             nullptr, nullptr, nullptr, QString(), false, true
         },
         {
             "certificates_distrust_root", i18n("Distrust Root Certificate"), QString(),
             nullptr, nullptr, nullptr, QString(), false, true
         },
         {
             "certificates_dump_certificate", i18n("Technical Details"), QString(),
             nullptr, nullptr, nullptr, QString(), false, true
         },
         // Tools menu
         {
             "tools_refresh_x509_certificates", i18n("Refresh S/MIME Certificates"), QString(),
             "view-refresh", nullptr, nullptr, QString(), false, true
         },
         {
             "crl_clear_crl_cache", i18n("Clear CRL Cache"), QString(),
             nullptr, nullptr, nullptr, QString(), false, true
         },
         {
             "crl_dump_crl_cache", i18n("Dump CRL Cache"), QString(),
             nullptr, nullptr, nullptr, QString(), false, true
         },
         {
             "crl_import_crl", i18n("Import CRL From File..."), QString(),
             nullptr, nullptr, nullptr, QString(), false, true
         },
     };
 
     std::vector<action_data> action_data = common_and_openpgp_action_data;
 
     if (Settings{}.cmsEnabled()) {
         action_data.reserve(action_data.size() + cms_action_data.size());
         std::copy(std::begin(cms_action_data), std::end(cms_action_data),
                   std::back_inserter(action_data));
     }
 
     make_actions_from_data(action_data, coll);
 
     if (QAction *action = coll->action(QStringLiteral("view_stop_operations"))) {
         connect(this, &KeyListController::commandsExecuting, action, &QAction::setEnabled);
     }
 
     // ### somehow make this better...
     registerActionForCommand<NewCertificateCommand>(coll->action(QStringLiteral("file_new_certificate")));
     //---
     registerActionForCommand<LookupCertificatesCommand>(coll->action(QStringLiteral("file_lookup_certificates")));
     registerActionForCommand<ImportCertificateFromFileCommand>(coll->action(QStringLiteral("file_import_certificates")));
     //---
     registerActionForCommand<ExportCertificateCommand>(coll->action(QStringLiteral("file_export_certificates")));
     registerActionForCommand<ExportSecretKeyCommand>(coll->action(QStringLiteral("file_export_secret_keys")));
     registerActionForCommand<ExportPaperKeyCommand>(coll->action(QStringLiteral("file_export_paper_key")));
     registerActionForCommand<ExportOpenPGPCertsToServerCommand>(coll->action(QStringLiteral("file_export_certificates_to_server")));
     //---
     registerActionForCommand<DecryptVerifyFilesCommand>(coll->action(QStringLiteral("file_decrypt_verify_files")));
     registerActionForCommand<SignEncryptFilesCommand>(coll->action(QStringLiteral("file_sign_encrypt_files")));
     registerActionForCommand<SignEncryptFolderCommand>(coll->action(QStringLiteral("file_sign_encrypt_folder")));
     //---
     registerActionForCommand<ChecksumCreateFilesCommand>(coll->action(QStringLiteral("file_checksum_create_files")));
     registerActionForCommand<ChecksumVerifyFilesCommand>(coll->action(QStringLiteral("file_checksum_verify_files")));
 
     registerActionForCommand<ReloadKeysCommand>(coll->action(QStringLiteral("view_redisplay")));
     //coll->action( "view_stop_operations" ) <-- already dealt with in make_actions_from_data()
     registerActionForCommand<DetailsCommand>(coll->action(QStringLiteral("view_certificate_details")));
 
     registerActionForCommand<ChangeOwnerTrustCommand>(coll->action(QStringLiteral("certificates_change_owner_trust")));
     registerActionForCommand<TrustRootCommand>(coll->action(QStringLiteral("certificates_trust_root")));
     registerActionForCommand<DistrustRootCommand>(coll->action(QStringLiteral("certificates_distrust_root")));
     //---
     registerActionForCommand<CertifyCertificateCommand>(coll->action(QStringLiteral("certificates_certify_certificate")));
     if (RevokeCertificationCommand::isSupported()) {
         registerActionForCommand<RevokeCertificationCommand>(coll->action(QStringLiteral("certificates_revoke_certification")));
     }
     //---
     registerActionForCommand<ChangeExpiryCommand>(coll->action(QStringLiteral("certificates_change_expiry")));
     registerActionForCommand<ChangePassphraseCommand>(coll->action(QStringLiteral("certificates_change_passphrase")));
     registerActionForCommand<AddUserIDCommand>(coll->action(QStringLiteral("certificates_add_userid")));
     //---
     registerActionForCommand<DeleteCertificatesCommand>(coll->action(QStringLiteral("certificates_delete")));
     //---
     registerActionForCommand<DumpCertificateCommand>(coll->action(QStringLiteral("certificates_dump_certificate")));
 
     registerActionForCommand<RefreshX509CertsCommand>(coll->action(QStringLiteral("tools_refresh_x509_certificates")));
     registerActionForCommand<RefreshOpenPGPCertsCommand>(coll->action(QStringLiteral("tools_refresh_openpgp_certificates")));
     //---
     registerActionForCommand<ImportCrlCommand>(coll->action(QStringLiteral("crl_import_crl")));
     //---
     registerActionForCommand<ClearCrlCacheCommand>(coll->action(QStringLiteral("crl_clear_crl_cache")));
     registerActionForCommand<DumpCrlCacheCommand>(coll->action(QStringLiteral("crl_dump_crl_cache")));
 
     enableDisableActions(nullptr);
 }
 
 void KeyListController::registerAction(QAction *action, Command::Restrictions restrictions, Command * (*create)(QAbstractItemView *, KeyListController *))
 {
     if (!action) {
         return;
     }
     Q_ASSERT(!action->isCheckable());   // can be added later, for now, disallow
 
     const Private::action_item ai = {
         action, restrictions, create
     };
     connect(action, SIGNAL(triggered()), this, SLOT(slotActionTriggered()));
     d->actions.push_back(ai);
 }
 
 void KeyListController::registerCommand(Command *cmd)
 {
     if (!cmd || std::binary_search(d->commands.cbegin(), d->commands.cend(), cmd)) {
         return;
     }
     d->addCommand(cmd);
     qCDebug(KLEOPATRA_LOG) << (void *)cmd;
     if (d->commands.size() == 1) {
         Q_EMIT commandsExecuting(true);
     }
 }
 
 bool KeyListController::hasRunningCommands() const
 {
     return !d->commands.empty();
 }
 
 bool KeyListController::shutdownWarningRequired() const
 {
     return std::any_of(d->commands.cbegin(), d->commands.cend(), std::mem_fn(&Command::warnWhenRunningAtShutdown));
 }
 
 // slot
 void KeyListController::cancelCommands()
 {
     std::for_each(d->commands.begin(), d->commands.end(), std::mem_fn(&Command::cancel));
 }
 
 void KeyListController::Private::connectView(QAbstractItemView *view)
 {
 
     connect(view, SIGNAL(destroyed(QObject*)),
             q, SLOT(slotDestroyed(QObject*)));
     connect(view, SIGNAL(doubleClicked(QModelIndex)),
             q, SLOT(slotDoubleClicked(QModelIndex)));
     connect(view, SIGNAL(activated(QModelIndex)),
             q, SLOT(slotActivated(QModelIndex)));
     connect(view->selectionModel(), SIGNAL(selectionChanged(QItemSelection,QItemSelection)),
             q, SLOT(slotSelectionChanged(QItemSelection,QItemSelection)));
 
     view->setContextMenuPolicy(Qt::CustomContextMenu);
     connect(view, SIGNAL(customContextMenuRequested(QPoint)),
             q, SLOT(slotContextMenu(QPoint)));
 }
 
 void KeyListController::Private::connectCommand(Command *cmd)
 {
     if (!cmd) {
         return;
     }
     connect(cmd, SIGNAL(destroyed(QObject*)), q, SLOT(slotDestroyed(QObject*)));
     connect(cmd, SIGNAL(finished()), q, SLOT(slotCommandFinished()));
     //connect( cmd, SIGNAL(canceled()), q, SLOT(slotCommandCanceled()) );
     connect(cmd, &Command::info, q, &KeyListController::message);
     connect(cmd, SIGNAL(progress(QString,int,int)), q, SLOT(slotProgress(QString,int,int)));
 }
 
 void KeyListController::Private::slotDoubleClicked(const QModelIndex &idx)
 {
     QAbstractItemView *const view = qobject_cast<QAbstractItemView *>(q->sender());
     if (!view || !std::binary_search(views.cbegin(), views.cend(), view)) {
         return;
     }
 
     DetailsCommand *const c = new DetailsCommand(view, q);
     if (parentWidget) {
         c->setParentWidget(parentWidget);
     }
 
     c->setIndex(idx);
     c->start();
 }
 
 void KeyListController::Private::slotActivated(const QModelIndex &idx)
 {
     Q_UNUSED(idx)
     QAbstractItemView *const view = qobject_cast<QAbstractItemView *>(q->sender());
     if (!view || !std::binary_search(views.cbegin(), views.cend(), view)) {
         return;
     }
 
 }
 
 void KeyListController::Private::slotSelectionChanged(const QItemSelection &old, const QItemSelection &new_)
 {
     Q_UNUSED(old)
     Q_UNUSED(new_)
 
     const QItemSelectionModel *const sm = qobject_cast<QItemSelectionModel *>(q->sender());
     if (!sm) {
         return;
     }
     q->enableDisableActions(sm);
 }
 
 void KeyListController::Private::slotContextMenu(const QPoint &p)
 {
     QAbstractItemView *const view = qobject_cast<QAbstractItemView *>(q->sender());
     if (view && std::binary_search(views.cbegin(), views.cend(), view)) {
         Q_EMIT q->contextMenuRequested(view, view->viewport()->mapToGlobal(p));
     } else {
         qCDebug(KLEOPATRA_LOG) << "sender is not a QAbstractItemView*!";
     }
 }
 
 void KeyListController::Private::slotCommandFinished()
 {
     Command *const cmd = qobject_cast<Command *>(q->sender());
     if (!cmd || !std::binary_search(commands.cbegin(), commands.cend(), cmd)) {
         return;
     }
     qCDebug(KLEOPATRA_LOG) << (void *)cmd;
     if (commands.size() == 1) {
         Q_EMIT q->commandsExecuting(false);
     }
 }
 
 void KeyListController::enableDisableActions(const QItemSelectionModel *sm) const
 {
     const Command::Restrictions restrictionsMask = d->calculateRestrictionsMask(sm);
     for (const Private::action_item &ai : std::as_const(d->actions))
         if (ai.action) {
             ai.action->setEnabled(ai.restrictions == (ai.restrictions & restrictionsMask));
         }
 }
 
 static bool all_secret_are_not_owner_trust_ultimate(const std::vector<Key> &keys)
 {
     for (const Key &key : keys)
         if (key.hasSecret() && key.ownerTrust() == Key::Ultimate) {
             return false;
         }
     return true;
 }
 
 Command::Restrictions find_root_restrictions(const std::vector<Key> &keys)
 {
     bool trusted = false, untrusted = false;
     for (const Key &key : keys)
         if (key.isRoot())
             if (key.userID(0).validity() == UserID::Ultimate) {
                 trusted = true;
             } else {
                 untrusted = true;
             }
         else {
             return Command::NoRestriction;
         }
     if (trusted)
         if (untrusted) {
             return Command::NoRestriction;
         } else {
             return Command::MustBeTrustedRoot;
         }
     else if (untrusted) {
         return Command::MustBeUntrustedRoot;
     } else {
         return Command::NoRestriction;
     }
 }
 
 Command::Restrictions KeyListController::Private::calculateRestrictionsMask(const QItemSelectionModel *sm)
 {
     if (!sm) {
         return Command::NoRestriction;
     }
 
     const KeyListModelInterface *const m = dynamic_cast<const KeyListModelInterface *>(sm->model());
     if (!m) {
         return Command::NoRestriction;
     }
 
     const std::vector<Key> keys = m->keys(sm->selectedRows());
     if (keys.empty()) {
         return Command::NoRestriction;
     }
 
     Command::Restrictions result = Command::NeedSelection;
 
     if (keys.size() == 1) {
         result |= Command::OnlyOneKey;
     }
 
     if (std::all_of(keys.cbegin(), keys.cend(), std::mem_fn(&Key::hasSecret))) {
         result |= Command::NeedSecretKey;
     } else if (!std::any_of(keys.cbegin(), keys.cend(), std::mem_fn(&Key::hasSecret))) {
         result |= Command::MustNotBeSecretKey;
     }
 
     if (std::all_of(keys.cbegin(), keys.cend(), [](const Key &key) { return key.protocol() == OpenPGP; })) {
         result |= Command::MustBeOpenPGP;
     } else if (std::all_of(keys.cbegin(), keys.cend(), [](const Key &key) { return key.protocol() == CMS; })) {
         result |= Command::MustBeCMS;
     }
 
     if (all_secret_are_not_owner_trust_ultimate(keys)) {
         result |= Command::MayOnlyBeSecretKeyIfOwnerTrustIsNotYetUltimate;
     }
 
     result |= find_root_restrictions(keys);
 
     if (const ReaderStatus *rs = ReaderStatus::instance()) {
         if (!rs->firstCardWithNullPin().empty()) {
             result |= Command::AnyCardHasNullPin;
         }
         if (rs->anyCardCanLearnKeys()) {
             result |= Command::AnyCardCanLearnKeys;
         }
     }
 
     return result;
 }
 
 void KeyListController::Private::slotActionTriggered()
 {
     if (const QObject *const s = q->sender()) {
         const auto it = std::find_if(actions.cbegin(), actions.cend(),
                                      [this](const action_item &item) { return item.action == q->sender(); });
         if (it != actions.end())
             if (Command *const c = it->createCommand(this->currentView, q)) {
                 if (parentWidget) {
                     c->setParentWidget(parentWidget);
                 }
                 c->start();
             } else
                 qCDebug(KLEOPATRA_LOG) << "createCommand() == NULL for action(?) \""
                                        << qPrintable(s->objectName()) << "\"";
         else {
             qCDebug(KLEOPATRA_LOG) << "I don't know anything about action(?) \"%s\"", qPrintable(s->objectName());
         }
     } else {
         qCDebug(KLEOPATRA_LOG) << "not called through a signal/slot connection (sender() == NULL)";
     }
 }
 
 int KeyListController::Private::toolTipOptions() const
 {
     using namespace Kleo::Formatting;
     static const int validityFlags = Validity | Issuer | ExpiryDates | CertificateUsage;
     static const int ownerFlags = Subject | UserIDs | OwnerTrust;
     static const int detailsFlags = StorageLocation | CertificateType | SerialNumber | Fingerprint;
 
     const TooltipPreferences prefs;
 
     int flags = KeyID;
     flags |= prefs.showValidity() ? validityFlags : 0;
     flags |= prefs.showOwnerInformation() ? ownerFlags : 0;
     flags |= prefs.showCertificateDetails() ? detailsFlags : 0;
     return flags;
 }
 
 void KeyListController::updateConfig()
 {
     const int opts = d->toolTipOptions();
     if (d->flatModel) {
         d->flatModel->setToolTipOptions(opts);
     }
     if (d->hierarchicalModel) {
         d->hierarchicalModel->setToolTipOptions(opts);
     }
 }
 
 #include "moc_keylistcontroller.cpp"