gpgsm does not support OAEP. Actually it does not make much sense to use this padding scheme at all. It has not advantage over PKCS#1. Thus I change this to a feature request to allow decryption using OAEP

Here is the change:

diff --git a/configure.ac b/configure.ac
index 30be86b5..ac2696e5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3073,7 +3073,8 @@ AC_CHECK_FUNCS(strtoul memmove stricmp atexit raise)
 AC_CHECK_FUNCS(strerror rand mmap getpagesize sysconf waitpid wait4)
 AC_CHECK_FUNCS(gettimeofday getrusage gethrtime clock_gettime syslog)
 AC_CHECK_FUNCS(syscall fcntl ftruncate flockfile getauxval elf_aux_info)
-AC_CHECK_FUNCS(explicit_bzero explicit_memset getentropy sysctlbyname)
+AC_CHECK_FUNCS(memset_explicit explicit_bzero explicit_memset)
+AC_CHECK_FUNCS(getentropy sysctlbyname)

Still does not work on vsd-3.3.7-beta90.9 @ win10. Essentially the same behavior as before:

Do I understand this correctly, that on CLI key generation the public key of the designated revoker should be fetched automatically?

Reporter has tested 2.5 - the code in 2.2 is identical; no need for separate testing

I reworked the reading using our dedicated line reading functions which is used at other places. Extra benefit is that the code now also prints a status line ERROR which gives information on the first faulty line. Thus gpg-connect-agent listtrusted /bye can be sued to quickly check for errors without configuring a log file.

Without GpgsmCompatibility set and with the trust in the Root-CA established in the global trustlist file (the local one does not work for vs-complicane without GpgsmCompatibility=de-vs-trustlist , as expected), the compliance of a signature or decryption is now shown correctly and in accordance with the certificate status shown in Kleopatra. If the Root-CA is only trusted locally, the certificate and the signature are shown as "certified" resp. "not-compliant".
In short: everything works as expected if GpgsmCompatibility is not set.

Looks good to me on vsd-3.3.7-beta90.9 @ win10:

auto-key-upload should not be triggered on revocation cert import, so everything seems fine.

Looks good to me on vsd-3.3.7-beta90.9 @ win10.

Note: Keyserver has to start with ldap: for this to work, otherwise it is silently ignored.

It is also shown in gpd-5.0.2:

I found the description in ARM Architecture Reference Manual:
https://developer.arm.com/documentation/ddi0487/mb/-Part-D-The-AArch64-System-Level-Architecture/-Chapter-D11-The-Guarded-Control-Stack/-D11-1-Introduction/-D11-1-3-Overview?lang=en

In general looks good to me on vsd-3.3.90.9 / gpg 2.2.54-beta4.

with GnuPG-VS-Desktop-3.3.90.9-Beta-Standard gpgsm now never shows the line [GNUPG:] VERIFICATION_COMPLIANCE_MODE 23. Therefore Kleopatra always shows "not VS compliant" now on verification and decryption. Even though the certificate is shown a VS-compliant in the list an when encryping: