Yes, we should introduce an INDICATOR_KDF thing.

The primary version of that script is in libgpg-error. Thus it needs to be fixed therefirst.

We use GetConsoleOutputCP but fallback to GetACP if the former fails. For some reasons one of the functions seems to return 437.

Given that you are already using libgcrypt 1.9, can you please try gnupg 2.3.4.

That is annoying enough that we should do a new release. I close this bug, though.

For the next release I'll change the gnupg.net mappings to use the Ubuntu server also for non-TLS connections.

See T5758. The workaround is not to set a reader-port.

We have full Unicode support on the command line since 2.2.28 (2021-06-10)

Backport done but diligent testing is required.

The debug log was from gpg and not from dirmngr and thus it is not helpful. I also guess that an older dirmngr was still running, because the LE bug has been fixed in 2.3.4.

The odds for this case are infinitesimal so this should not have high priority. I consider this only a code-is-as-specified thing.

The problem is just that there are not that much keyservers left and thus I added those running by large organisations. I really don't want to overload your servers. I would also trust nlnet more than canoncial which is why I started with them.
Its all a mess. Maybe no keyserver should be the default.

Please see https://gnupg.org

FWIW, We have a similar mechanism for the secure memory

That is a security feature of WIndows. We can't do much about it except for bad hacks. Checkout Kleopatra to see how you can improve this.

Things are not that easy. I actually introduced a bug in 2.3.4. Here is a comment from my working copy:

For support please use the mailing list and not the bug tracker.

Seen. @jukivili can you please add it to the AUTHORS file?

We can even remove the hexfingerrprint call. Will go into 2.3.4. Thanks.

It would be easier to educate gpgme about the 11.

The use of register_trusted_key in do_generate_keypair was a dirty hack utilizing a bug in --trusted-key ; it would be better to set the key as ultimately trusted.

Please be so kind and describe the regressions you see. 3 log files from your software are not very helpful.

ikloecker: Please go ahead

IIRC, the problem is/was that this breaks some old keyservers. But there are no more old keyservers - if there are useful keyservers at all.

A clumsy workaround for the Kleo bug is to put "keyserver ldap:///" into the global gpg.conf after an ignore section containing keyserver. This will let gpgconf emit "ldap:///" unless a local gpg.conf exists.

Thanks for the offer. However, the core developers are using tokens for more than a decade meanwhile. We even make our own tokens ;-).

The first is a warning and the other error codes are exactly what we want.