Sending a private key with just the local protection is not a good idea. It is better to export the key and then send it in an encrypted mail - for example in symmetric mode with a strong password.

Please no holy wars on the type of curves. NIST as its opinon, Europe has its opinion, DJB has of course a different opinion. Please use the the cryptography ML for such political/technical discussions.

No, these are simply the technically available algorithms. I'll see what I can do.

I don't know about pinentry-mac but it seems to be another name for
one our our regular pinentry variants.

Rename the file and you are done.

Thanks for diving into the history of that code.

Yes, we should introduce an INDICATOR_KDF thing.

The primary version of that script is in libgpg-error. Thus it needs to be fixed therefirst.

We use GetConsoleOutputCP but fallback to GetACP if the former fails. For some reasons one of the functions seems to return 437.

Given that you are already using libgcrypt 1.9, can you please try gnupg 2.3.4.

That is annoying enough that we should do a new release. I close this bug, though.

For the next release I'll change the gnupg.net mappings to use the Ubuntu server also for non-TLS connections.

See T5758. The workaround is not to set a reader-port.

We have full Unicode support on the command line since 2.2.28 (2021-06-10)

Backport done but diligent testing is required.

The debug log was from gpg and not from dirmngr and thus it is not helpful. I also guess that an older dirmngr was still running, because the LE bug has been fixed in 2.3.4.

The odds for this case are infinitesimal so this should not have high priority. I consider this only a code-is-as-specified thing.

The problem is just that there are not that much keyservers left and thus I added those running by large organisations. I really don't want to overload your servers. I would also trust nlnet more than canoncial which is why I started with them.
Its all a mess. Maybe no keyserver should be the default.

Please see https://gnupg.org

FWIW, We have a similar mechanism for the secure memory

That is a security feature of WIndows. We can't do much about it except for bad hacks. Checkout Kleopatra to see how you can improve this.

Things are not that easy. I actually introduced a bug in 2.3.4. Here is a comment from my working copy:

For support please use the mailing list and not the bug tracker.

Seen. @jukivili can you please add it to the AUTHORS file?

We can even remove the hexfingerrprint call. Will go into 2.3.4. Thanks.

It would be easier to educate gpgme about the 11.

The use of register_trusted_key in do_generate_keypair was a dirty hack utilizing a bug in --trusted-key ; it would be better to set the key as ultimately trusted.