config file: Sorry, I got confused, it has to be %APPDATA%\GnuPG VS-Desktop\kleopatrarc in this case (VS-Desktop-4.0.90.1203-Beta), of course. And this one works.
Registry entry SOFTWARE\GnuPG VS-Desktop\Kleopatra\CMS\SaveCSRAsPEM does not work, though. But this is a separate issue, seems all Registry entries do not work in that build.

• config file: According to T7717: Location of qt-application config files %APPDATA%/Gpg4win/kleopatrarc should work.
• registry: According to T5707: Kleopatra: Use windows registry additionally to config files this should be SOFTWARE\Gpg4win\Kleopatra\CMS\SaveCSRAsPEM now

Works with VS-Desktop-4.0.90.1203-Beta when putting this in C:\Program Files\GnuPG VS-Desktop\share\kleopatrarc
CSR is then saved as .pem file with ascii-armored content.

Also backported for VSD 3.4.

Now also available in Gpg4win 5.

Ready for testing in VSD 3.3

What about always using PEM for all generated CSRs? As far as I can see, gpgsm command line always uses PEM when generating CSRs.

Test with beta32

VS-Desktop-3.3.90.31-Beta shows no warning any more for the export of a newly generated key.

So this means, the order in the description should be implemented, right?

Yes, by definition an immutable group doesn't allow any changes for that group. Don't mark a group as immutable if you want to allow changes.

The [KDE Action Restrictions][$i] in XDG_SYSTEM_DIRS/kleopatrarc prevents any changes within the whole group afterwards.
I guess, this is intended by defining an "immutable group", but i doubt that we want to prevent admins to change those settings?

So, regarding the minor version change: the change of order seems not critical (as there was no settings file before), but the introduction of the settings file might be.

I verified, that both in vsd 3.3.2 and vsd 3.3.3 beta90.29 the current implementation is

And we shouldn't change the precedence in a minor release, I believe.

The configuration readout order still needs to be specified/fixed.

Looks good to me on vsd-3.3.3-beta90.29 @ win11

Backported for VSD 3.4 and VSD 3.3.

I couldn't reproduce the problem because I had apparently told Kleopatra in the past "Do not ask again". :/

gpgme log for key creation and export with warning for VSD-Beta29

This is also the case in the latest VSD-Beta29

And when I switch of read-as-plain, both testmails in the inbox are displayed as expected but one of the ones from the sent-folder has an empty body:

This is a gif to show the UX. It is to complicated for words…

with 3.3.90.29-Beta:

Looks good to me on gpg4win-5.0.0-beta395 @ win11 (tested with/without keyboxd, 20 keygen rsa3072 each, with/without password)

that's probably at least partly another issue: https://dev.gnupg.org/T7843

additionally, the body of the messages is (in most cases) not shown any more.

With the beta-25 the body of the mail is not saved back to the server any more but the security level tags are. So the test mail still seems to be a signed and decrypted empty mail even if you deactivate gpgol.

We did decrypt the mail successfully and called put_oom_string to update the Body successfully, but for some reason for new mails the put calls succeed but the displayed Text is not updated i.e. no "OpenGPG Message Please wait..." or decrypted message.
When closing the mail window the mail is still open in the preview pane and we should get back the mail content (Body), but we don't get back what we set with the put call but what is displayed i.e nothing (empty string).
So we pass on the close call which does write back our put value. (Plaintext leak)

Happens on vsd 3.3.2, too.

At which point did were you asked for the passphrase for decryption? You flushed the gpg-agent cache, right?