Thanks for the report, since you are using it on the command line and it works I assume that trust-model is set to tofu+pgp? Because in the Test code there is no context flag for tofu+pgp trust model.

@aheinecke maybe recheck with GNUPG 2.2.6 or 2.2.7.

I'm using the kdepim-docker for tests, that is based on KDE Neon, that is based on Ubuntu xenial (16.04), so the version for GnuPG2 is 2.1.11-6ubuntu2. Good to know, that the GnuPG version also matters for this stuff.

data.gpg is fine and data2.gpg shows this wired behaviour. The difference is at the end of file last two bytes : 0040 vs. 0a40.
Initally i took data.gpg to create the base64 encoded version for the message.

Oh sorry i mixed my explanation. I create a normal encrypted file with gpg --encrypt and this file can be decrypted successfully with "gpg -d".
But if I give that encrypted file to gpgme i get the described error, instead of GpgME::Error(0 (Success))).

I think with the SRV entry, I can configure the server in the way I want to....

In T3437#104021, @werner wrote:

dirmngr has its own stub resolver to do DNS resolution via TCP so that it can be routed via Tor (to 8.8.8.8 which is a heavy traffic resolver and thus it will be hard to single out requests to other often used addresses.).

thanks for the links to documents.
we've setup submisson-address and policy links.

In T3438#104050, @werner wrote:

Our standard test on whether WKD is supported is by looking up the file submission-address in the WKD. If it exists we assume that there is some way to upload the keys.

https://netzguerilla.net/.well-known/openpgpkey/submission-address

does not return anything.

okay, I see. Than I havn't found the documentation for this feature. This is enough for defining a different sever.

I know, that I can't handle all WKD request under one domain for multiple once. But i could make sure, that autoconfig.<domain> would result under another IP adresse so I can handle all of the WKD request at another server. Add a own VirtualHost entry etc.