* gpg: Changed the way keys are detected on a smartcards; this
allows the use of non-OpenPGP cards. In the case of a not very
likely regression the new option --use-only-openpgp-card is
available. [T4681]
* gpg: The commands --full-gen-key and --quick-gen-key now allow
direct key generation from supported cards. [T4681]
* gpg: Prepare against chosen-prefix SHA-1 collisions in key
signatures. This change removes all SHA-1 based key signature
newer than 2019-01-19 from the web-of-trust. Note that this
includes all key signature created with dsa1024 keys. The new
option --allow-weak-key-signatues can be used to override the new
and safer behaviour. [T4755,CVE-2019-14855]
* gpg: Improve performance for import of large keyblocks. [T4592]
* gpg: Implement a keybox compression run. [T4644]
* gpg: Show warnings from dirmngr about redirect and certificate
problems (details require --verbose as usual).
* gpg: Allow to pass the empty string for the passphrase if the
'--passphase=' syntax is used. [T4633]
* gpg: Fix printing of the KDF object attributes.
* gpg: Avoid surprises with --locate-external-key and certain
--auto-key-locate settings. [T4662]
* gpg: Improve selection of best matching key. [T4713]
* gpg: Delete key binding signature when deletring a subkey.
[T4665,#4457]
* gpg: Fix a potential loss of key sigantures during import with
self-sigs-only active. [T4628]
* gpg: Silence "marked as ultimately trusted" diagnostics if
option --quiet is used. [T4634]
* gpg: Silence some diagnostics during in key listsing even with
option --verbose. [T4627]
* gpg, gpgsm: Change parsing of agent's pkdecrypt results. [T4652]
* gpgsm: Support AES-256 keys.
* gpgsm: Fix a bug in triggering a keybox compression run if
--faked-system-time is used.
* dirmngr: System CA certificates are no longer used for the SKS
pool if GNUTLS instead of NTBTLS is used as TLS library. [T4594]
* dirmngr: On Windows detect usability of IPv4 and IPv6 interfaces
to avoid long timeouts. [T4165]
* scd: Fix BWI value for APDU level transfers to make Gemalto Ezio
Shield and Trustica Cryptoucan work. [T4654,T4566]
* wkd: gpg-wks-client --install-key now installs the required policy
file.