I was trying to use a class 3 certificate to sign my emails (using KMail). with the class 1 certificate it works fine, but not using class 3 certificate. When selecting the sertificates in KMail, the class1 certificate is marked with a green check sign, but the class 3 certificate is marked with a red cross. I think that should be related to the trust setting in kleopatra. Here is the whole storry: I have imported the CAcert (www.cacert.org) root certificates class 1 and class 3. Beside that, I also imported my personal CAcert certifactes signed by the class 1 and the class3 CAcert certificates. So in Kleoparta it looks like this: - CA Cert Signing Autohority - A - - <MyPersonalCertificate signed by the class 1> - B - - CAcert Class 3 Root -C - - <MyPersonalCertificate signed by the class 3> - D - Kleopatra shows me (using customized colors for certificate categories), that: -A- is a trusted root certificate -B- does not fit to the categories (Black bold text, as in default settings) -C- category other keys (non-bold black text) -D- Same as -B- Using the right mouse button, I can trust and not trust the certificate -A-. The coloring changes in relation to my selection, but this never changes coloring of the sub-certificates. I can not change my trust in certificate -C-. I already added the fingerprints of the CAcert class 1 and class 3 certificate to gnupgp trustlist.txt. But still I can not change the trust on class 3 certificate. Maybe this is not possible, because it's listed as a sub-certificate of the class 1 certificate? Anyhow, KMail only works using the class 1 certificate to sign my emails. Reproducible: Always Steps to Reproduce: 1. Import the class 1 and class 3 certificate of www.cacert.org 2. Try to change the trust of class 3 CAcert root certificate 3. Actual Results: Can change my trust in the class 1 certificate. Can not change my trust in the class 3 certificate. Expected Results: Can change my trust in the class 1 certificate. Can change my trust in the class 3 certificate.
Please try: enable Kleopatra/GnuPG option "allow mark trusted" and import root certificate. Click "yes" to mark certificate as trusted.