Here is a patch.

diff --git a/agent/divert-scd.c b/agent/divert-scd.c
index 1e5de4671..bb42dd3b4 100644
--- a/agent/divert-scd.c
+++ b/agent/divert-scd.c
@@ -517,6 +517,9 @@ agent_card_ecc_kem (ctrl_t ctrl, const unsigned char *ecc_ct,

Add gpd5x tag to ensure testing with Gpg4win.

It's intentional that with Gpg4win migration from %LOCALAPPDATA% does not work because %LOCALAPPDATA% is used by VSD (and GPD) but not by any old Gpg4win.

As timegrid has not experienced the older versions himself, he misunderstood this. Ingo's description is correct.
(%LOCALAPPDATA% was the location of kleopatragroupsrc before VSD 3.3.0.)

The issue remains with gpg 2.5.9 from Gpg4win-5.0.0-beta345.
Here a gpg-agent log for the failed decryption:

a: expired certificate
Dialog text:
The signature is invalid: The signing certificate has expired.

After further discussion, I propose the following. All tool tips and the last dialog text were changed:

I have not tested this extensively but it seems to me after some fast checks that the pivotal point here is the usage of a brainpool key on a smart card for the decryption.

I have not tested this extensively but it seems to me after some fast checks that the pivotal point here is the usage of a brainpool key on a smart card for the decryption.

tested with Gpg4win 5.0Beta-336

Likely connected to T7705: Okular: Error on signature if the original file is overwritten

I can confirm this.

Edit 2025-06-26:
And please Fix the ALT shortcut in the "Sign / Encrypt", "Sign" and "Encrypt" button to S or E, respectively. One can hardly see the mark at the "i" and its unintuitive, anyway:

Staring at some Process Monitor logs I noticed that dirmngr wastes 3-4 seconds trying to connect to localhost:9050 and localhost:9150 looking for tor. After adding no-use-tor to dirmngr.conf dirmngr starts reasonably fast.

In T7379#195089, @ikloecker wrote:

Kleopatra does now read the certificates from the card and import them itself instead of relying on gpgsm --learn-card.

Remove the lines starting with ShowResultsAfter[...] in kleopatrarc

I have built the run-* test programs of gpgme for Windows. run-keylist --cms --secret takes about 23 seconds. 3.7 seconds are gpgme initialization/setup (gpgconf --list-dirs, gpgconf --list-components, gpg --version, gpgsm --version, gpgconf --version). Most time (2 x 6-8 s) is lost starting gpg-agent and dirmngr. (keyboxd is not enabled here.)

commands with -v

Please always add -v t commands like "gpg --decrypt test.txt.gpg". To decide whether this is smartcard or gpg-agent releated, I need to see a log file form gpg-agent and scdaemon. The latter is more important. I would suggest "debug ipc,app,cardio"

For KF5-based builds this is resolved because the improved heuristic for detecting light high-contrast themes (like "Desert") is used for VSD 3.3 and Gpg4win 4.4.

For simplicity (and because I think entering tab characters isn't really essential for the notepad) I decided to go with the first solution.

Ready for testing.

and for certification revocation (and some other places): https://invent.kde.org/pim/libkleo/-/merge_requests/197

For card stuff: https://invent.kde.org/pim/kleopatra/-/merge_requests/400

For the tooltips: https://invent.kde.org/pim/libkleo/-/merge_requests/196

Ok, it was a missing update (although windows claimed to be up-to-date).
After installing 2025-06 [...] KB5060829 the Microsoft Print to PDF feature is available again and printing also works in Kleopatra/Okular.

A second patch fixes the problem with the button in the smart card view.

I have added a patch to disable recoloring of the status icons in Gpg4win. This ensures that the status icons in the selected rows don't get all-white.

Upstream bug report for invisible status icons: https://bugs.kde.org/show_bug.cgi?id=506434 (Icon coloring is inherently incompatible with colored Breeze status icons)

It's also the same error in Okular, when a pdf is printed.

Same on gpg4win-4.4.1 @ win11 (here a bit more debugview context)

3	3.503991	8584	kleopatra.exe	org.kde.pim.kleopatra: Paperkey export finished:  0 status:  QProcess::NormalExit
4	3.691599	8584	kleopatra.exe	QPrintDialog: Cannot be used on non-native printers
5	3.691981	8584	kleopatra.exe	QPrintDialog: Cannot be used on non-native printers
6	3.692752	8584	kleopatra.exe	org.kde.pim.kleopatra: Printing aborted.

Works fine here.

version

C:\Users\g10\Desktop\tmp\scdecrypt>gpg --version
gpg (GnuPG) 2.5.8
libgcrypt 1.11.1
Copyright (C) 2025 g10 Code GmbH
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg --version?
gpg -K?

You're right, it also errors on gpg directly:

I can't reproduce. Please check whether this works if you use gpg directly; it's a bit unlikely that this is kleopatra-specific, since kleopatra doesn't really care whether the key is on a smartcard or not.

a: expired certificate

In T7639#202620, @timegrid wrote:

If this should also work in gpg4win-5.0.0-beta336 @ win10 (beta compliance mode), it does not: