April 17, 2026
10:30 p.m.
Not sure if that should be blocking this patch, but I think the way it is done can't be fully correct. Thing is, ncrypt is physically unable to export private key if ncrypt provider is security device (e. g., TPM with MS_PLATFORM_CRYPTO_PROVIDER). We currently do not support that (like, well, keys persistence at all in ncrypt as well as ncrypt provider structure), but the correct way is not to rely on extracting keys but use NCrypt functions whenever signature or encryption / decryption is required. I am not sure offhand if it is possible to hook exactly that with gnutls. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/10561#note_136878