Applying following SOS-handling, the key can be handled.

diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index 9cb254e24..be7fc6d67 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -188,6 +188,76 @@ mpi_read (iobuf_t inp, unsigned int *ret_nread, int secure)
 }

Note that there is no problem for encrypted key, because it is handled by opaque MPI.

One bug is fixed in rGdd4fb1c8f668: gpg: Fix first zero-byte case for SOS handling..

Fixed in 2.2 branch.
Also, I found another issue of libgcrypt master, which is fixed in rC361a0588489c: ecc: Handle removed zeros at the beginning for Ed25519..
Further, I found different issue, and created T5116: GnuPG master shows an error when importing Ed25519 keys generated.

I think that it may occur with eddsa secret keys generated with 2.2, too. (In the 50% probability)

IIUC, it is an issue of GnuPG 2.2.
The condition is where the secret 'd' starts by the first bit = 1 (that is, >= 0x80).
I located the bug in agent/cvt-openpgp.c. The function do_unprotect calls convert_secret_key with skey[1] as usual MPI (not opaque),
and gcry_sexp_build with "(d%m)" will put additional 0x00 at the beginning, which results 33-byte secret in R_KEY. Then, when gcry_pk_testkey is called with R_KEY, when it checks, because 32-byte is expected, it returns GPG_ERR_INV_OBJ. Then, do_unprotect returns GPG_ERR_BAD_PASSPHRASE.

With Debian's GnuPG 2.2.12, I got an error:

With bata1449, I cannot reproduce it.
I can import by gpg --import key-uids-sec.pgp
I tested with Debian's libgcrypt, as well as libgcrypt master (4a50c6b8).

Pushed the change.

IIUC, fix can be like this:

diff --git a/lang/python/src/core.py b/lang/python/src/core.py
index 996c3b0f..646bbc60 100644
--- a/lang/python/src/core.py
+++ b/lang/python/src/core.py
@@ -147,7 +147,12 @@ class GpgmeWrapper(object):
                     gpgme.gpg_raise_callback_exception(slf)
                 return result

SCD commands:

• DEVINFO
  • returns app apecific serialno
• SERIALNO
  • returns app specific serialno
• LEARN
  • returns canonical serialno

Pushed the change.

Only enabled for UNIX #ifdef/#else/#endif

I had overlooked this fix rG044379772fc5: common: Fix the previous commit., after the commit of rGb1c56cf9e2bb: common: Use gnupg_spawn_process_fd to invoke gpg-agent/dirmngr..

I created this patch D509: Yubikey supports two (or more) apps, serial number problem.

No, the above patch makes OpenPGP app stop working.

(I don't know well about Yubikey specific serial number.)

I'm testing:

diff --git a/agent/findkey.c b/agent/findkey.c
index fa9e5b548..eec85ba67 100644
--- a/agent/findkey.c
+++ b/agent/findkey.c
@@ -996,7 +996,10 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce,
   if (r_passphrase)
     *r_passphrase = NULL;

Perhaps, don't allow automatic use of available card keys would be better:

diff --git a/agent/command.c b/agent/command.c
index 160979dae..b6286becf 100644
--- a/agent/command.c
+++ b/agent/command.c
@@ -2292,13 +2292,7 @@ cmd_scd (assuan_context_t ctx, char *line)
       if ((argc == 1 && !strcmp (argv[0], "SERIALNO"))
           || (argc == 2
               && !strcmp (argv[0], "GETINFO")
-              && !strcmp (argv[1], "version"))
-          || (argc == 2
-              && !strcmp (argv[0], "GETATTR")
-              && !strcmp (argv[1], "KEY-FPR"))
-          || (argc == 2
-              && !strcmp (argv[0], "KEYINFO")
-              && !strcmp (argv[1], "--list=encr")))
+              && !strcmp (argv[1], "version")))
         xfree (l);
       else
         {

This is due to access control for "extra" socket.
Fixed in T5062: gpg: error getting version from 'scdaemon': Forbidden.

Good catch. Thank you.

I think that rG61aea64b3c17: scd: Fix the use case of verify_chv2 by CHECKPIN. fixes this issue.

I observed that the card reader's going erroneous state when I removed a card during its communication.
In this state, it never reports the card removal by the interrupt transfer.
I applied rG920f258eb601: scd: Internal CCID driver: More fix for SPR532. for this problem.

Thanks for your report.