* options.h, g10.c (main), import.c (parse_import_options, import_one,
[gnupg.git] / g10 / g10.c
index 1be39a7..20d781c 100644 (file)
--- a/g10/g10.c
+++ b/g10/g10.c
@@ -1,5 +1,6 @@
 /* g10.c - The GnuPG utility (main for gpg)
- * Copyright (C) 1998,1999,2000,2001,2002,2003 Free Software Foundation, Inc.
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002,
+ *               2003 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
 #include "g10defs.h"
 #include "keyserver-internal.h"
 #include "exec.h"
+#include "cardglue.h"
 
-enum cmd_and_opt_values { aNull = 0,
+enum cmd_and_opt_values
+  {
+    aNull = 0,
     oArmor       = 'a',
     aDetachedSign = 'b',
     aSym         = 'c',
     aDecrypt     = 'd',
     aEncr        = 'e',
-    aEncrFiles,
     oInteractive  = 'i',
     oKOption     = 'k',
     oDryRun      = 'n',
@@ -77,11 +80,14 @@ enum cmd_and_opt_values { aNull = 0,
     oCertNotation,
     oShowNotation,
     oNoShowNotation,
-    aDecryptFiles,                          
+    aEncrFiles,
+    aEncrSym,
+    aDecryptFiles,
     aClearsign,
     aStore,
     aKeygen,
     aSignEncr,
+    aSignEncrSym,
     aSignSym,
     aSignKey,
     aLSignKey,
@@ -128,6 +134,9 @@ enum cmd_and_opt_values { aNull = 0,
     aPipeMode,
     aRebuildKeydbCaches,
     aRefreshKeys,
+    aCardStatus,
+    aCardEdit,
+    aChangePIN,
 
     oTextmode,
     oNoTextmode,
@@ -181,6 +190,9 @@ enum cmd_and_opt_values { aNull = 0,
     oDigestAlgo,
     oCertDigestAlgo,
     oCompressAlgo,
+    oCompressLevel,
+    oBZ2CompressLevel,
+    oBZ2CompressLowmem,
     oPasswdFD,
 #ifdef __riscos__
     oPasswdFile,
@@ -210,7 +222,6 @@ enum cmd_and_opt_values { aNull = 0,
     oAlwaysTrust,
     oTrustModel,
     oForceOwnertrust,
-    oEmuChecksumBug,
     oRunAsShmCP,
     oSetFilename,
     oForYourEyesOnly,
@@ -224,6 +235,7 @@ enum cmd_and_opt_values { aNull = 0,
     oUseEmbeddedFilename,
     oComment,
     oDefaultComment,
+    oNoComments,
     oThrowKeyid,
     oNoThrowKeyid,
     oShowPhotos,
@@ -304,19 +316,27 @@ enum cmd_and_opt_values { aNull = 0,
     oPersonalCipherPreferences,
     oPersonalDigestPreferences,
     oPersonalCompressPreferences,
-    oEmuMDEncodeBug,
     oDisplay,
     oTTYname,
     oTTYtype,
     oLCctype,
     oLCmessages,
     oGroup,
+    oNoGroups,
     oStrict,
     oNoStrict,
     oMangleDosFilenames,
     oNoMangleDosFilenames,
-    oEnableProgressFilter,                          
-aTest };
+    oEnableProgressFilter,
+    oMultifile,
+
+    oReaderPort,
+    octapiDriver,
+    opcscDriver,
+    oDisableCCID,
+
+    aTest
+  };
 
 
 static ARGPARSE_OPTS opts[] = {
@@ -324,20 +344,20 @@ static ARGPARSE_OPTS opts[] = {
     { 300, NULL, 0, N_("@Commands:\n ") },
 
     { aSign, "sign",      256, N_("|[file]|make a signature")},
-    { aClearsign, "clearsign", 256, N_("|[file]|make a clear text signature") },
+    { aClearsign, "clearsign", 256, N_("|[file]|make a clear text signature")},
     { aDetachedSign, "detach-sign", 256, N_("make a detached signature")},
     { aEncr, "encrypt",   256, N_("encrypt data")},
-    { aEncrFiles, "encrypt-files", 256, N_("|[files]|encrypt files")},
+    { aEncrFiles, "encrypt-files", 256, "@"},
     { aSym, "symmetric", 256, N_("encryption only with symmetric cipher")},
-    { aStore, "store",     256, N_("store only")},
+    { aStore, "store",     256, "@"},
     { aDecrypt, "decrypt",   256, N_("decrypt data (default)")},
-    { aDecryptFiles, "decrypt-files", 256, N_("|[files]|decrypt files")},
+    { aDecryptFiles, "decrypt-files", 256, "@"},
     { aVerify, "verify"   , 256, N_("verify a signature")},
     { aVerifyFiles, "verify-files" , 256, "@" },
     { aListKeys, "list-keys", 256, N_("list keys")},
     { aListKeys, "list-public-keys", 256, "@" },
     { aListSigs, "list-sigs", 256, N_("list keys and signatures")},
-    { aCheckKeys, "check-sigs",256, N_("check key signatures")},
+    { aCheckKeys, "check-sigs",256, N_("list and check key signatures")},
     { oFingerprint, "fingerprint", 256, N_("list keys and fingerprints")},
     { aListSecretKeys, "list-secret-keys", 256, N_("list secret keys")},
     { aKeygen,    "gen-key",  256, N_("generate a new key pair")},
@@ -346,8 +366,8 @@ static ARGPARSE_OPTS opts[] = {
                                    N_("remove keys from the secret keyring")},
     { aSignKey,  "sign-key"   ,256, N_("sign a key")},
     { aLSignKey, "lsign-key"  ,256, N_("sign a key locally")},
-    { aNRSignKey, "nrsign-key"  ,256, N_("sign a key non-revocably")},
-    { aNRLSignKey, "nrlsign-key"  ,256, N_("sign a key locally and non-revocably")},
+    { aNRSignKey, "nrsign-key"  ,256, "@"},
+    { aNRLSignKey, "nrlsign-key"  ,256, "@"},
     { aEditKey,  "edit-key"   ,256, N_("sign or edit a key")},
     { aGenRevoke, "gen-revoke",256, N_("generate a revocation certificate")},
     { aDesigRevoke, "desig-revoke",256, "@" },
@@ -363,20 +383,22 @@ static ARGPARSE_OPTS opts[] = {
     { aExportSecretSub, "export-secret-subkeys" , 256, "@" },
     { aImport, "import",      256     , N_("import/merge keys")},
     { aFastImport, "fast-import",  256 , "@"},
-    { aListPackets, "list-packets",256,N_("list only the sequence of packets")},
-    { aExportOwnerTrust,
-             "export-ownertrust", 256, N_("export the ownertrust values")},
-    { aImportOwnerTrust,
-             "import-ownertrust", 256, N_("import ownertrust values")},
+#ifdef ENABLE_CARD_SUPPORT
+    { aCardStatus,  "card-status", 256, N_("print the card status")},
+    { aCardEdit,   "card-edit",  256, N_("change data on a card")},
+    { aChangePIN,  "change-pin", 256, N_("change a card's PIN")},
+#endif
+    { aListPackets, "list-packets",256, "@"},
+    { aExportOwnerTrust, "export-ownertrust", 256, "@"},
+    { aImportOwnerTrust, "import-ownertrust", 256, "@"},
     { aUpdateTrustDB,
              "update-trustdb",0 , N_("update the trust database")},
-    { aCheckTrustDB,
-             "check-trustdb",0 , N_("unattended trust database update")},
-    { aFixTrustDB, "fix-trustdb",0 , N_("fix a corrupted trust database")},
-    { aDeArmor, "dearmor", 256, N_("De-Armor a file or stdin") },
-    { aDeArmor, "dearmour", 256, "@" },
-    { aEnArmor, "enarmor", 256, N_("En-Armor a file or stdin") },
-    { aEnArmor, "enarmour", 256, "@" },
+    { aCheckTrustDB, "check-trustdb", 0, "@"},
+    { aFixTrustDB, "fix-trustdb", 0, "@"},
+    { aDeArmor, "dearmor", 256, "@"},
+    { aDeArmor, "dearmour", 256, "@"},
+    { aEnArmor, "enarmor", 256, "@"},
+    { aEnArmor, "enarmour", 256, "@"},
     { aPrintMD,  "print-md" , 256, N_("|algo [files]|print message digests")},
     { aPrimegen, "gen-prime" , 256, "@" },
     { aGenRandom, "gen-random" , 256, "@" },
@@ -388,10 +410,8 @@ static ARGPARSE_OPTS opts[] = {
     { oRecipient, "recipient", 2, N_("|NAME|encrypt for NAME")},
     { oHiddenRecipient, "hidden-recipient", 2, "@" },
     { oRecipient, "remote-user", 2, "@"},  /* old option name */
-    { oDefRecipient, "default-recipient" ,2,
-                                 N_("|NAME|use NAME as default recipient")},
-    { oDefRecipientSelf, "default-recipient-self" ,0,
-                               N_("use the default key as default recipient")},
+    { oDefRecipient, "default-recipient", 2, "@"},
+    { oDefRecipientSelf, "default-recipient-self", 0, "@"},
     { oNoDefRecipient, "no-default-recipient", 0, "@" },
     { oTempDir, "temp-directory", 2, "@" },
     { oExecPath, "exec-path", 2, "@" },
@@ -399,7 +419,10 @@ static ARGPARSE_OPTS opts[] = {
     { oHiddenEncryptTo, "hidden-encrypt-to", 2, "@" },
     { oNoEncryptTo, "no-encrypt-to", 0, "@" },
     { oUser, "local-user",2, N_("use this user-id to sign or decrypt")},
-    { oCompress, NULL,       1, N_("|N|set compress level N (0 disables)") },
+    { oCompress, NULL, 1, N_("|N|set compress level N (0 disables)") },
+    { oCompressLevel, "compress-level", 1, "@" },
+    { oBZ2CompressLevel, "bzip2-compress-level", 1, "@" },
+    { oBZ2CompressLowmem, "bzip2-compress-lowmem", 0, "@" },
     { oTextmodeShort, NULL,   0, "@"},
     { oTextmode, "textmode",  0, N_("use canonical text mode")},
     { oNoTextmode, "no-textmode",  0, "@"},
@@ -411,79 +434,75 @@ static ARGPARSE_OPTS opts[] = {
     { oNoAskCertExpire, "no-ask-cert-expire",   0, "@"},
     { oOutput, "output",    2, N_("use as output file")},
     { oVerbose, "verbose",   0, N_("verbose") },
-    { oQuiet,  "quiet",   0, N_("be somewhat more quiet") },
-    { oNoTTY, "no-tty", 0, N_("don't use the terminal at all") },
-    { oForceV3Sigs, "force-v3-sigs", 0, N_("force v3 signatures") },
-    { oNoForceV3Sigs, "no-force-v3-sigs", 0, N_("do not force v3 signatures") },
-    { oForceV4Certs, "force-v4-certs", 0, N_("force v4 key signatures") },
-    { oNoForceV4Certs, "no-force-v4-certs", 0, N_("do not force v4 key signatures") },
-    { oForceMDC, "force-mdc", 0, N_("always use a MDC for encryption") },
+    { oQuiet,  "quiet",   0, "@"},
+    { oNoTTY, "no-tty", 0, "@"},
+    { oForceV3Sigs, "force-v3-sigs", 0, "@"},
+    { oNoForceV3Sigs, "no-force-v3-sigs", 0, "@"},
+    { oForceV4Certs, "force-v4-certs", 0, "@"},
+    { oNoForceV4Certs, "no-force-v4-certs", 0, "@"},
+    { oForceMDC, "force-mdc", 0, "@"},
     { oNoForceMDC, "no-force-mdc", 0, "@" },
-    { oDisableMDC, "disable-mdc", 0, N_("never use a MDC for encryption") },
+    { oDisableMDC, "disable-mdc", 0, "@"},
     { oNoDisableMDC, "no-disable-mdc", 0, "@" },
     { oDryRun, "dry-run",   0, N_("do not make any changes") },
     { oInteractive, "interactive", 0, N_("prompt before overwriting") },
-    { oUseAgent, "use-agent",0, N_("use the gpg-agent")},
+    { oUseAgent, "use-agent",0, "@"},
     { oNoUseAgent, "no-use-agent",0, "@"},
     { oGpgAgentInfo, "gpg-agent-info",2, "@"},
-    { oBatch, "batch",     0, N_("batch mode: never ask")},
-    { oAnswerYes, "yes",       0, N_("assume yes on most questions")},
-    { oAnswerNo,  "no",        0, N_("assume no on most questions")},
-    { oKeyring, "keyring"   ,2, N_("add this keyring to the list of keyrings")},
+    { oBatch, "batch", 0, "@"},
+    { oAnswerYes, "yes", 0, "@"},
+    { oAnswerNo, "no", 0, "@"},
+    { oKeyring, "keyring", 2, "@"},
     { oPrimaryKeyring, "primary-keyring",2, "@" },
-    { oSecretKeyring, "secret-keyring" ,2, N_("add this secret keyring to the list")},
+    { oSecretKeyring, "secret-keyring", 2, "@"},
     { oShowKeyring, "show-keyring", 0, "@"},
-    { oDefaultKey, "default-key" ,2, N_("|NAME|use NAME as default secret key")},
-    { oKeyServer, "keyserver",2, N_("|HOST|use this keyserver to lookup keys")},
+    { oDefaultKey, "default-key", 2, "@"},
+    { oKeyServer, "keyserver", 2, "@"},
     { oKeyServerOptions, "keyserver-options",2,"@"},
     { oImportOptions, "import-options",2,"@"},
     { oExportOptions, "export-options",2,"@"},
     { oListOptions, "list-options",2,"@"},
     { oVerifyOptions, "verify-options",2,"@"},
-    { oCharset, "charset"   , 2, N_("|NAME|set terminal charset to NAME") },
-    { oOptions, "options"   , 2, N_("read options from file")},
-
+    { oCharset, "charset", 2, "@"},
+    { oOptions, "options", 2, "@"},
     { oDebug, "debug"     ,4|16, "@"},
     { oDebugAll, "debug-all" ,0, "@"},
-    { oStatusFD, "status-fd" ,1, N_("|FD|write status info to this FD") },
+    { oStatusFD, "status-fd" ,1, "@"},
 #ifdef __riscos__
-    { oStatusFile, "status-file" ,2, N_("|[file]|write status info to file") },
+    { oStatusFile, "status-file" ,2, "@"},
 #endif /* __riscos__ */
     { oAttributeFD, "attribute-fd" ,1, "@" },
 #ifdef __riscos__
     { oAttributeFile, "attribute-file" ,2, "@" },
 #endif /* __riscos__ */
-    { oNoSKComments, "no-comment", 0,   "@"},
     { oNoSKComments, "no-sk-comments", 0,   "@"},
     { oSKComments, "sk-comments", 0,   "@"},
     { oCompletesNeeded, "completes-needed", 1, "@"},
     { oMarginalsNeeded, "marginals-needed", 1, "@"},
     { oMaxCertDepth,   "max-cert-depth", 1, "@" },
-    { oTrustedKey, "trusted-key", 2, N_("|KEYID|ultimately trust this key")},
-    { oLoadExtension, "load-extension" ,2, N_("|FILE|load extension module FILE")},
+    { oTrustedKey, "trusted-key", 2, "@"},
+    { oLoadExtension, "load-extension", 2, "@"},
     { oGnuPG, "gnupg",   0, "@"},
     { oGnuPG, "no-pgp2", 0, "@"},
     { oGnuPG, "no-pgp6", 0, "@"},
     { oGnuPG, "no-pgp7", 0, "@"},
     { oGnuPG, "no-pgp8", 0, "@"},
-    { oRFC1991, "rfc1991",   0, N_("emulate the mode described in RFC1991")},
+    { oRFC1991, "rfc1991",   0, "@"},
     { oRFC2440, "rfc2440", 0, "@" },
-    { oOpenPGP, "openpgp", 0, N_("set all packet, cipher and digest options to OpenPGP behavior")},
-    { oPGP2, "pgp2", 0, N_("set all packet, cipher and digest options to PGP 2.x behavior")},
+    { oOpenPGP, "openpgp", 0, N_("use strict OpenPGP behavior")},
+    { oPGP2, "pgp2", 0, N_("generate PGP 2.x compatible messages")},
     { oPGP6, "pgp6", 0, "@"},
     { oPGP7, "pgp7", 0, "@"},
     { oPGP8, "pgp8", 0, "@"},
-    { oS2KMode, "s2k-mode",  1, N_("|N|use passphrase mode N")},
-    { oS2KDigest, "s2k-digest-algo",2,
-               N_("|NAME|use message digest algorithm NAME for passphrases")},
-    { oS2KCipher, "s2k-cipher-algo",2,
-               N_("|NAME|use cipher algorithm NAME for passphrases")},
+    { oS2KMode, "s2k-mode", 1, "@"},
+    { oS2KDigest, "s2k-digest-algo", 2, "@"},
+    { oS2KCipher, "s2k-cipher-algo", 2, "@"},
     { oSimpleSKChecksum, "simple-sk-checksum", 0, "@"},
-    { oCipherAlgo, "cipher-algo", 2 , N_("|NAME|use cipher algorithm NAME")},
-    { oDigestAlgo, "digest-algo", 2 , N_("|NAME|use message digest algorithm NAME")},
+    { oCipherAlgo, "cipher-algo", 2, "@"},
+    { oDigestAlgo, "digest-algo", 2, "@"},
     { oCertDigestAlgo, "cert-digest-algo", 2 , "@" },
-    { oCompressAlgo,"compress-algo",2,N_("|NAME|use compression algorithm NAME")},
-    { oThrowKeyid, "throw-keyid", 0, N_("throw keyid field of encrypted packets")},
+    { oCompressAlgo,"compress-algo", 2, "@"},
+    { oThrowKeyid, "throw-keyid", 0, "@"},
     { oNoThrowKeyid, "no-throw-keyid", 0, "@" },
     { oShowPhotos,   "show-photos", 0, "@" },
     { oNoShowPhotos, "no-show-photos", 0, "@" },
@@ -546,7 +565,6 @@ static ARGPARSE_OPTS opts[] = {
     { oAlwaysTrust, "always-trust", 0, "@"},
     { oTrustModel, "trust-model", 2, "@"},
     { oForceOwnertrust, "force-ownertrust", 2, "@"},
-    { oEmuChecksumBug, "emulate-checksum-bug", 0, "@"},
     { oRunAsShmCP, "run-as-shm-coprocess", 4, "@" },
     { oSetFilename, "set-filename", 2, "@" },
     { oForYourEyesOnly, "for-your-eyes-only", 0, "@" },
@@ -556,11 +574,12 @@ static ARGPARSE_OPTS opts[] = {
     { oCertPolicyURL, "cert-policy-url", 2, "@" },
     { oShowPolicyURL, "show-policy-url", 0, "@" },
     { oNoShowPolicyURL, "no-show-policy-url", 0, "@" },
-    { oSigKeyserverURL, "sig-preferred-keyserver", 2, "@" },
+    { oSigKeyserverURL, "sig-keyserver-url", 2, "@" },
     { oShowNotation, "show-notation", 0, "@" },
     { oNoShowNotation, "no-show-notation", 0, "@" },
     { oComment, "comment", 2, "@" },
     { oDefaultComment, "default-comment", 0, "@" },
+    { oNoComments, "no-comments", 0, "@" },
     { oEmitVersion, "emit-version", 0, "@"},
     { oNoEmitVersion, "no-emit-version", 0, "@"},
     { oNoEmitVersion, "no-version", 0, "@"}, /* alias */
@@ -615,20 +634,31 @@ static ARGPARSE_OPTS opts[] = {
     { oPersonalCipherPreferences,  "personal-cipher-preferences", 2, "@"},
     { oPersonalDigestPreferences,  "personal-digest-preferences", 2, "@"},
     { oPersonalCompressPreferences,  "personal-compress-preferences", 2, "@"},
-    { oEmuMDEncodeBug, "emulate-md-encode-bug", 0, "@"},
+    /* Aliases.  I constantly mistype these, and assume other people
+       do as well. */
+    { oPersonalCipherPreferences, "personal-cipher-prefs", 2, "@"},
+    { oPersonalDigestPreferences, "personal-digest-prefs", 2, "@"},
+    { oPersonalCompressPreferences, "personal-compress-prefs", 2, "@"},
     { oDisplay,    "display",     2, "@" },
     { oTTYname,    "ttyname",     2, "@" },
     { oTTYtype,    "ttytype",     2, "@" },
     { oLCctype,    "lc-ctype",    2, "@" },
     { oLCmessages, "lc-messages", 2, "@" },
     { oGroup,      "group",       2, "@" },
+    { oNoGroups,   "no-groups",    0, "@" },
     { oStrict,     "strict",      0, "@" },
     { oNoStrict,   "no-strict",   0, "@" },
     { oMangleDosFilenames, "mangle-dos-filenames", 0, "@" },
     { oNoMangleDosFilenames, "no-mangle-dos-filenames", 0, "@" },
     { oEnableProgressFilter, "enable-progress-filter", 0, "@" },
-{0} };
+    { oMultifile, "multifile", 0, "@" },
+
+    { oReaderPort, "reader-port",    2, "@"},
+    { octapiDriver, "ctapi-driver",  2, "@"},
+    { opcscDriver, "pcsc-driver",    2, "@"},
+    { oDisableCCID, "disable-ccid", 0, "@"},
 
+{0} };
 
 
 int g10_errors_seen = 0;
@@ -645,10 +675,6 @@ static void add_notation_data( const char *string, int which );
 static void add_policy_url( const char *string, int which );
 static void add_keyserver_url( const char *string, int which );
 
-#ifdef __riscos__
-RISCOS_GLOBAL_STATICS("GnuPG Heap")
-#endif /* __riscos__ */
-
 const char *
 strusage( int level )
 {
@@ -662,6 +688,19 @@ strusage( int level )
       case 19: p =
            _("Please report bugs to <gnupg-bugs@gnu.org>.\n");
        break;
+
+#ifdef IS_DEVELOPMENT_VERSION
+      case 20:
+       p="NOTE: THIS IS A DEVELOPMENT VERSION!";
+       break;
+      case 21:
+       p="It is only intended for test purposes and should NOT be";
+       break;
+      case 22:
+       p="used in a production environment or with production keys!";
+       break;
+#endif
+
       case 1:
       case 40: p =
            _("Usage: gpg [options] [files] (-h for help)");
@@ -844,8 +883,18 @@ set_cmd( enum cmd_and_opt_values *ret_cmd, enum cmd_and_opt_values new_cmd )
        cmd = aSignSym;
     else if( cmd == aSym && new_cmd == aSign )
        cmd = aSignSym;
+    else if( cmd == aSym && new_cmd == aEncr )
+       cmd = aEncrSym;
+    else if( cmd == aEncr && new_cmd == aSym )
+       cmd = aEncrSym;
     else if( cmd == aKMode && new_cmd == aSym )
        cmd = aKModeC;
+    else if (cmd == aSignEncr && new_cmd == aSym)
+        cmd = aSignEncrSym;
+    else if (cmd == aSignSym && new_cmd == aEncr)
+        cmd = aSignEncrSym;
+    else if (cmd == aEncrSym && new_cmd == aSign)
+        cmd = aSignEncrSym;
     else if(   ( cmd == aSign     && new_cmd == aClearsign )
             || ( cmd == aClearsign && new_cmd == aSign )  )
        cmd = aClearsign;
@@ -1121,7 +1170,7 @@ main( int argc, char **argv )
     const char *trustdb_name = NULL;
     char *def_cipher_string = NULL;
     char *def_digest_string = NULL;
-    char *def_compress_string = NULL;
+    char *compress_algo_string = NULL;
     char *cert_digest_string = NULL;
     char *s2k_cipher_string = NULL;
     char *s2k_digest_string = NULL;
@@ -1129,6 +1178,7 @@ main( int argc, char **argv )
     char *pers_digest_list = NULL;
     char *pers_compress_list = NULL;
     int eyes_only=0;
+    int multifile=0;
     int pwfd = -1;
     int with_fpr = 0; /* make an option out of --fingerprint */
     int any_explicit_recipient = 0;
@@ -1137,7 +1187,6 @@ main( int argc, char **argv )
 #endif
 
 #ifdef __riscos__
-    riscos_global_defaults();
     opt.lock_once = 1;
 #endif /* __riscos__ */
 
@@ -1154,12 +1203,13 @@ main( int argc, char **argv )
     create_dotlock(NULL); /* register locking cleanup */
     i18n_init();
     opt.command_fd = -1; /* no command fd */
-    opt.compress = -1; /* defaults to standard compress level */
+    opt.compress_level = -1; /* defaults to standard compress level */
+    opt.bz2_compress_level = -1; /* defaults to standard compress level */
     /* note: if you change these lines, look at oOpenPGP */
     opt.def_cipher_algo = 0;
     opt.def_digest_algo = 0;
     opt.cert_digest_algo = 0;
-    opt.def_compress_algo = -1;
+    opt.compress_algo = -1; /* defaults to DEFAULT_COMPRESS_ALGO */
     opt.s2k_mode = 3; /* iterated+salted */
     opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
 #ifdef USE_CAST5
@@ -1183,9 +1233,9 @@ main( int argc, char **argv )
     opt.keyserver_options.include_revoked=1;
     opt.keyserver_options.try_dns_srv=1;
     opt.verify_options=
-      VERIFY_SHOW_POLICY|VERIFY_SHOW_NOTATION|VERIFY_SHOW_KEYSERVER;
+      VERIFY_SHOW_POLICY_URLS|VERIFY_SHOW_NOTATIONS|VERIFY_SHOW_KEYSERVER_URLS;
     opt.trust_model=TM_AUTO;
-    opt.mangle_dos_filenames = 1;
+    opt.mangle_dos_filenames = 0;
 #if defined (_WIN32)
     set_homedir ( read_w32_registry_string( NULL,
                                     "Software\\GNU\\GnuPG", "HomeDir" ));
@@ -1195,6 +1245,14 @@ main( int argc, char **argv )
     if( !*opt.homedir )
        set_homedir ( GNUPG_HOMEDIR );
 
+#ifdef ENABLE_CARD_SUPPORT
+# ifdef _WIN32
+    opt.pcsc_driver = "winscard.dll"; 
+#else
+    opt.pcsc_driver = "libpcsclite.so"; 
+#endif
+#endif /*ENABLE_CARD_SUPPORT*/
+
     /* check whether we have a config file on the commandline */
     orig_argc = argc;
     orig_argv = argv;
@@ -1263,17 +1321,37 @@ main( int argc, char **argv )
 
     set_native_charset (NULL); /* Try to auto set the character set */
 
+    /* Try for a version specific config file first */
     if( default_config )
       {
-       /* Try for a version specific config file first */
-       configname = make_filename(opt.homedir,
-                                  "gpg" EXTSEP_S "conf-" SAFE_VERSION, NULL );
-       if(access(configname,R_OK))
+       char *name=m_strdup("gpg" EXTSEP_S "conf-" SAFE_VERSION);
+       char *ver=&name[strlen("gpg" EXTSEP_S "conf-")];
+
+       do
          {
-           m_free(configname);
-           configname = make_filename(opt.homedir,
-                                      "gpg" EXTSEP_S "conf", NULL );
+           if(configname)
+             {
+               char *tok;
+
+               m_free(configname);
+               configname=NULL;
+
+               if((tok=strrchr(ver,SAFE_VERSION_DASH)))
+                 *tok='\0';
+               else if((tok=strrchr(ver,SAFE_VERSION_DOT)))
+                 *tok='\0';
+               else
+                 break;
+             }
+
+           configname = make_filename(opt.homedir,name,NULL);
          }
+       while(access(configname,R_OK));
+
+       m_free(name);
+
+       if(!configname)
+         configname=make_filename(opt.homedir, "gpg" EXTSEP_S "conf", NULL );
         if (!access (configname, R_OK))
           { /* Print a warning when both config files are present. */
             char *p = make_filename(opt.homedir, "options", NULL );
@@ -1330,8 +1408,10 @@ main( int argc, char **argv )
     }
 
     while( optfile_parse( configfp, configname, &configlineno,
-                                               &pargs, opts) ) {
-       switch( pargs.r_opt ) {
+                                               &pargs, opts) )
+      {
+       switch( pargs.r_opt )
+         {
          case aCheckKeys: set_cmd( &cmd, aCheckKeys); break;
          case aListPackets: set_cmd( &cmd, aListPackets); break;
          case aImport: set_cmd( &cmd, aImport); break;
@@ -1341,7 +1421,10 @@ main( int argc, char **argv )
          case aSearchKeys: set_cmd( &cmd, aSearchKeys); break;
          case aRefreshKeys: set_cmd( &cmd, aRefreshKeys); break;
          case aExport: set_cmd( &cmd, aExport); break;
-         case aExportAll: set_cmd( &cmd, aExportAll); break;
+         case aExportAll:
+           opt.export_options|=EXPORT_INCLUDE_NON_RFC;
+           set_cmd(&cmd,aExport);
+           break;
          case aListKeys: set_cmd( &cmd, aListKeys); break;
          case aListSigs: set_cmd( &cmd, aListSigs); break;
          case aExportSecret: set_cmd( &cmd, aExportSecret); break;
@@ -1357,11 +1440,15 @@ main( int argc, char **argv )
          case aDetachedSign: detached_sig = 1; set_cmd( &cmd, aSign ); break;
          case aSym: set_cmd( &cmd, aSym); break;
 
+         case aDecryptFiles: multifile=1; /* fall through */
          case aDecrypt: set_cmd( &cmd, aDecrypt); break;
-          case aDecryptFiles: set_cmd( &cmd, aDecryptFiles); break;
 
+         case aEncrFiles: multifile=1; /* fall through */
          case aEncr: set_cmd( &cmd, aEncr); break;
-         case aEncrFiles: set_cmd( &cmd, aEncrFiles ); break;
+
+         case aVerifyFiles: multifile=1; /* fall through */
+         case aVerify: set_cmd( &cmd, aVerify); break;
+
          case aSign: set_cmd( &cmd, aSign );  break;
          case aKeygen: set_cmd( &cmd, aKeygen); greeting=1; break;
          case aSignKey: set_cmd( &cmd, aSignKey); break;
@@ -1373,8 +1460,6 @@ main( int argc, char **argv )
          case aClearsign: set_cmd( &cmd, aClearsign); break;
          case aGenRevoke: set_cmd( &cmd, aGenRevoke); break;
          case aDesigRevoke: set_cmd( &cmd, aDesigRevoke); break;
-         case aVerify: set_cmd( &cmd, aVerify); break;
-         case aVerifyFiles: set_cmd( &cmd, aVerifyFiles); break;
          case aPrimegen: set_cmd( &cmd, aPrimegen); break;
          case aGenRandom: set_cmd( &cmd, aGenRandom); break;
          case aPrintMD: set_cmd( &cmd, aPrintMD); break;
@@ -1394,14 +1479,29 @@ main( int argc, char **argv )
           case aPipeMode: set_cmd( &cmd, aPipeMode); break;
           case aRebuildKeydbCaches: set_cmd( &cmd, aRebuildKeydbCaches); break;
 
+#ifdef ENABLE_CARD_SUPPORT
+          case aCardStatus: set_cmd (&cmd, aCardStatus); break;
+          case aCardEdit: set_cmd (&cmd, aCardEdit); break;
+          case aChangePIN: set_cmd (&cmd, aChangePIN); break;
+          case oReaderPort:
+            card_set_reader_port (pargs.r.ret_str);
+            break;
+          case octapiDriver: opt.ctapi_driver = pargs.r.ret_str; break;
+          case opcscDriver: opt.pcsc_driver = pargs.r.ret_str; break;
+          case oDisableCCID: opt.disable_ccid = 1; break;
+#endif /* ENABLE_CARD_SUPPORT*/
+
          case oArmor: opt.armor = 1; opt.no_armor=0; break;
          case oOutput: opt.outfile = pargs.r.ret_str; break;
          case oQuiet: opt.quiet = 1; break;
          case oNoTTY: tty_no_terminal(1); break;
          case oDryRun: opt.dry_run = 1; break;
          case oInteractive: opt.interactive = 1; break;
-         case oVerbose: g10_opt_verbose++;
-                   opt.verbose++; opt.list_sigs=1; break;
+         case oVerbose:
+           g10_opt_verbose++;
+           opt.verbose++;
+           opt.list_options|=LIST_SHOW_UNUSABLE_UIDS;
+           break;
          case oKOption: set_cmd( &cmd, aKMode ); break;
 
          case oBatch: opt.batch = 1; nogreeting = 1; break;
@@ -1422,7 +1522,11 @@ main( int argc, char **argv )
            sl=append_to_strlist( &nrings, pargs.r.ret_str);
            sl->flags=2;
            break;
-         case oShowKeyring: opt.list_options|=LIST_SHOW_KEYRING; break;
+         case oShowKeyring:
+           deprecated_warning(configname,configlineno,"--show-keyring",
+                              "--list-options ","show-keyring");
+           opt.list_options|=LIST_SHOW_KEYRING;
+           break;
          case oDebug: opt.debug |= pargs.r.ret_ulong; break;
          case oDebugAll: opt.debug = ~0; break;
          case oStatusFD:
@@ -1544,7 +1648,6 @@ main( int argc, char **argv )
          case oRFC1991:
            opt.compliance = CO_RFC1991;
            opt.force_v4_certs = 0;
-           opt.disable_mdc = 1;
            opt.escape_from = 1;
            break;
          case oRFC2440:
@@ -1552,7 +1655,6 @@ main( int argc, char **argv )
            /* TODO: When 2440bis becomes a RFC, these may need
                changing. */
            opt.compliance = CO_RFC2440;
-           opt.disable_mdc = 1;
            opt.allow_non_selfsigned_uid = 1;
            opt.allow_freeform_uid = 1;
            opt.pgp2_workarounds = 0;
@@ -1564,7 +1666,7 @@ main( int argc, char **argv )
            opt.def_cipher_algo = 0;
            opt.def_digest_algo = 0;
            opt.cert_digest_algo = 0;
-           opt.def_compress_algo = -1;
+           opt.compress_algo = -1;
             opt.s2k_mode = 3; /* iterated+salted */
            opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
            opt.s2k_cipher_algo = CIPHER_ALGO_3DES;
@@ -1574,7 +1676,6 @@ main( int argc, char **argv )
          case oPGP7:  opt.compliance = CO_PGP7;  break;
          case oPGP8:  opt.compliance = CO_PGP8;  break;
          case oGnuPG: opt.compliance = CO_GNUPG; break;
-         case oEmuMDEncodeBug: opt.emulate_bugs |= EMUBUG_MDENCODE; break;
          case oCompressSigs: opt.compress_sigs = 1; break;
          case oRunAsShmCP:
 #ifndef __riscos__
@@ -1597,24 +1698,50 @@ main( int argc, char **argv )
          case oSigPolicyURL: add_policy_url(pargs.r.ret_str,0); break;
          case oCertPolicyURL: add_policy_url(pargs.r.ret_str,1); break;
           case oShowPolicyURL:
-           opt.list_options|=LIST_SHOW_POLICY;
-           opt.verify_options|=VERIFY_SHOW_POLICY;
+           deprecated_warning(configname,configlineno,"--show-policy-url",
+                              "--list-options ","show-policy-urls");
+           deprecated_warning(configname,configlineno,"--show-policy-url",
+                              "--verify-options ","show-policy-urls");
+           opt.list_options|=LIST_SHOW_POLICY_URLS;
+           opt.verify_options|=VERIFY_SHOW_POLICY_URLS;
            break;
          case oNoShowPolicyURL:
-           opt.list_options&=~LIST_SHOW_POLICY;
-           opt.verify_options&=~VERIFY_SHOW_POLICY;
+           deprecated_warning(configname,configlineno,"--no-show-policy-url",
+                              "--list-options ","no-show-policy-urls");
+           deprecated_warning(configname,configlineno,"--no-show-policy-url",
+                              "--verify-options ","no-show-policy-urls");
+           opt.list_options&=~LIST_SHOW_POLICY_URLS;
+           opt.verify_options&=~VERIFY_SHOW_POLICY_URLS;
            break;
          case oSigKeyserverURL: add_keyserver_url(pargs.r.ret_str,0); break;
          case oUseEmbeddedFilename: opt.use_embedded_filename = 1; break;
-         case oComment: opt.comment_string = pargs.r.ret_str; break;
-         case oDefaultComment: opt.comment_string = NULL; break;
+         case oComment:
+           if(pargs.r.ret_str[0])
+             add_to_strlist(&opt.comments,pargs.r.ret_str);
+           break;
+         case oDefaultComment:
+           deprecated_warning(configname,configlineno,
+                              "--default-comment","--no-comments","");
+           /* fall through */
+         case oNoComments:
+           free_strlist(opt.comments);
+           opt.comments=NULL;
+           break;
          case oThrowKeyid: opt.throw_keyid = 1; break;
          case oNoThrowKeyid: opt.throw_keyid = 0; break;
-         case oShowPhotos: 
+         case oShowPhotos:
+           deprecated_warning(configname,configlineno,"--show-photos",
+                              "--list-options ","show-photos");
+           deprecated_warning(configname,configlineno,"--show-photos",
+                              "--verify-options ","show-photos");
            opt.list_options|=LIST_SHOW_PHOTOS;
            opt.verify_options|=VERIFY_SHOW_PHOTOS;
            break;
          case oNoShowPhotos:
+           deprecated_warning(configname,configlineno,"--no-show-photos",
+                              "--list-options ","no-show-photos");
+           deprecated_warning(configname,configlineno,"--no-show-photos",
+                              "--verify-options ","no-show-photos");
            opt.list_options&=~LIST_SHOW_PHOTOS;
            opt.verify_options&=~VERIFY_SHOW_PHOTOS;
            break;
@@ -1661,7 +1788,13 @@ main( int argc, char **argv )
          case oUser: /* store the local users */
            add_to_strlist2( &locusr, pargs.r.ret_str, utf8_strings );
            break;
-         case oCompress: opt.compress = pargs.r.ret_int; break;
+         case oCompress:
+           /* this is the -z command line option */
+           opt.compress_level = opt.bz2_compress_level = pargs.r.ret_int;
+           break;
+         case oCompressLevel: opt.compress_level = pargs.r.ret_int; break;
+         case oBZ2CompressLevel: opt.bz2_compress_level = pargs.r.ret_int; break;
+         case oBZ2CompressLowmem: opt.bz2_compress_lowmem=1; break;
          case oPasswdFD:
             pwfd = iobuf_translate_file_handle (pargs.r.ret_int, 0);
             opt.use_agent = 0;
@@ -1697,12 +1830,12 @@ main( int argc, char **argv )
 
              if(*pt=='\0')
                {
-                 def_compress_string=m_alloc(strlen(pargs.r.ret_str)+2);
-                 strcpy(def_compress_string,"Z");
-                 strcat(def_compress_string,pargs.r.ret_str);
+                 compress_algo_string=m_alloc(strlen(pargs.r.ret_str)+2);
+                 strcpy(compress_algo_string,"Z");
+                 strcat(compress_algo_string,pargs.r.ret_str);
                }
              else
-               def_compress_string = m_strdup(pargs.r.ret_str);
+               compress_algo_string = m_strdup(pargs.r.ret_str);
            }
            break;
          case oCertDigestAlgo: cert_digest_string = m_strdup(pargs.r.ret_str); break;
@@ -1735,7 +1868,7 @@ main( int argc, char **argv )
            parse_keyserver_options(pargs.r.ret_str);
            break;
          case oImportOptions:
-           if(!parse_import_options(pargs.r.ret_str,&opt.import_options))
+           if(!parse_import_options(pargs.r.ret_str,&opt.import_options,1))
              {
                if(configname)
                  log_error(_("%s:%d: invalid import options\n"),
@@ -1745,7 +1878,7 @@ main( int argc, char **argv )
              }
            break;
          case oExportOptions:
-           if(!parse_export_options(pargs.r.ret_str,&opt.export_options))
+           if(!parse_export_options(pargs.r.ret_str,&opt.export_options,1))
              {
                if(configname)
                  log_error(_("%s:%d: invalid export options\n"),
@@ -1759,17 +1892,18 @@ main( int argc, char **argv )
              struct parse_options lopts[]=
                {
                  {"show-photos",LIST_SHOW_PHOTOS},
-                 {"show-policy-url",LIST_SHOW_POLICY},
-                 {"show-notation",LIST_SHOW_NOTATION},
-                 {"show-preferred-keyserver",LIST_SHOW_KEYSERVER},
+                 {"show-policy-urls",LIST_SHOW_POLICY_URLS},
+                 {"show-notations",LIST_SHOW_NOTATIONS},
+                 {"show-keyserver-urls",LIST_SHOW_KEYSERVER_URLS},
                  {"show-validity",LIST_SHOW_VALIDITY},
-                 {"show-long-keyid",LIST_SHOW_LONG_KEYID},
+                 {"show-long-keyids",LIST_SHOW_LONG_KEYIDS},
+                 {"show-unusable-uids",LIST_SHOW_UNUSABLE_UIDS},
                  {"show-keyring",LIST_SHOW_KEYRING},
                  {"show-sig-expire",LIST_SHOW_SIG_EXPIRE},
                  {NULL,0}
                };
 
-             if(!parse_options(pargs.r.ret_str,&opt.list_options,lopts))
+             if(!parse_options(pargs.r.ret_str,&opt.list_options,lopts,1))
                {
                  if(configname)
                    log_error(_("%s:%d: invalid list options\n"),
@@ -1784,15 +1918,16 @@ main( int argc, char **argv )
              struct parse_options vopts[]=
                {
                  {"show-photos",VERIFY_SHOW_PHOTOS},
-                 {"show-policy-url",VERIFY_SHOW_POLICY},
-                 {"show-notation",VERIFY_SHOW_NOTATION},
-                 {"show-preferred-keyserver",VERIFY_SHOW_KEYSERVER},
+                 {"show-policy-urls",VERIFY_SHOW_POLICY_URLS},
+                 {"show-notations",VERIFY_SHOW_NOTATIONS},
+                 {"show-keyserver-urls",VERIFY_SHOW_KEYSERVER_URLS},
                  {"show-validity",VERIFY_SHOW_VALIDITY},
-                 {"show-long-keyid",VERIFY_SHOW_LONG_KEYID},
+                 {"show-long-keyids",VERIFY_SHOW_LONG_KEYIDS},
+                 {"show-unusable-uids",VERIFY_SHOW_UNUSABLE_UIDS},
                  {NULL,0}
                };
 
-             if(!parse_options(pargs.r.ret_str,&opt.verify_options,vopts))
+             if(!parse_options(pargs.r.ret_str,&opt.verify_options,vopts,1))
                {
                  if(configname)
                    log_error(_("%s:%d: invalid verify options\n"),
@@ -1816,12 +1951,20 @@ main( int argc, char **argv )
          case oSigNotation: add_notation_data( pargs.r.ret_str, 0 ); break;
          case oCertNotation: add_notation_data( pargs.r.ret_str, 1 ); break;
          case oShowNotation:
-           opt.list_options|=LIST_SHOW_NOTATION;
-           opt.verify_options|=VERIFY_SHOW_NOTATION;
+           deprecated_warning(configname,configlineno,"--show-notation",
+                              "--list-options ","show-notations");
+           deprecated_warning(configname,configlineno,"--show-notation",
+                              "--verify-options ","show-notations");
+           opt.list_options|=LIST_SHOW_NOTATIONS;
+           opt.verify_options|=VERIFY_SHOW_NOTATIONS;
            break;
          case oNoShowNotation:
-           opt.list_options&=~LIST_SHOW_NOTATION;
-           opt.verify_options&=~VERIFY_SHOW_NOTATION;
+           deprecated_warning(configname,configlineno,"--no-show-notation",
+                              "--list-options ","no-show-notations");
+           deprecated_warning(configname,configlineno,"--no-show-notation",
+                              "--verify-options ","no-show-notations");
+           opt.list_options&=~LIST_SHOW_NOTATIONS;
+           opt.verify_options&=~VERIFY_SHOW_NOTATIONS;
            break;
          case oUtf8Strings: utf8_strings = 1; break;
          case oNoUtf8Strings: utf8_strings = 0; break;
@@ -1840,11 +1983,10 @@ main( int argc, char **argv )
          case oNoLiteral: opt.no_literal = 1; break;
          case oSetFilesize: opt.set_filesize = pargs.r.ret_ulong; break;
          case oHonorHttpProxy:
-                opt.keyserver_options.honor_http_proxy = 1;
+               add_to_strlist(&opt.keyserver_options.other,"http-proxy");
                deprecated_warning(configname,configlineno,
                                   "--honor-http-proxy",
-                                  "--keyserver-options ",
-                                  "honor-http-proxy");
+                                  "--keyserver-options ","http-proxy");
                break;
          case oFastListMode: opt.fast_list_mode = 1; break;
          case oFixedListMode: opt.fixed_list_mode = 1; break;
@@ -1868,7 +2010,11 @@ main( int argc, char **argv )
          case oOverrideSessionKey:
                opt.override_session_key = pargs.r.ret_str;
                break;
-         case oMergeOnly: opt.merge_only = 1; break;
+         case oMergeOnly:
+               deprecated_warning(configname,configlineno,"--merge-only",
+                                  "--import-options ","merge-only");
+               opt.import_options|=IMPORT_MERGE_ONLY;
+           break;
           case oAllowSecretKeyImport: /* obsolete */ break;
          case oTryAllSecrets: opt.try_all_secrets = 1; break;
           case oTrustedKey: register_trusted_key( pargs.r.ret_str ); break;
@@ -1897,17 +2043,25 @@ main( int argc, char **argv )
           case oLCctype: opt.lc_ctype = pargs.r.ret_str; break;
           case oLCmessages: opt.lc_messages = pargs.r.ret_str; break;
          case oGroup: add_group(pargs.r.ret_str); break;
+         case oNoGroups:
+           while(opt.grouplist)
+             {
+               struct groupitem *iter=opt.grouplist;
+               free_strlist(iter->values);
+               opt.grouplist=opt.grouplist->next;
+               m_free(iter);
+             }
+           break;
          case oStrict: opt.strict=1; log_set_strict(1); break;
          case oNoStrict: opt.strict=0; log_set_strict(0); break;
-
           case oMangleDosFilenames: opt.mangle_dos_filenames = 1; break;
           case oNoMangleDosFilenames: opt.mangle_dos_filenames = 0; break;
-
           case oEnableProgressFilter: opt.enable_progress_filter = 1; break;
+         case oMultifile: multifile=1; break;
 
          default : pargs.err = configfp? 1:2; break;
-       }
-    }
+         }
+      }
 
     if( configfp ) {
        fclose( configfp );
@@ -1927,11 +2081,17 @@ main( int argc, char **argv )
        fprintf(stderr, "%s\n", strusage(15) );
     }
 #ifdef IS_DEVELOPMENT_VERSION
-    if( !opt.batch ) {
-       log_info("NOTE: THIS IS A DEVELOPMENT VERSION!\n");
-       log_info("It is only intended for test purposes and should NOT be\n");
-       log_info("used in a production environment or with production keys!\n");
-    }
+    if( !opt.batch )
+      {
+       const char *s;
+
+       if((s=strusage(20)))
+         log_info("%s\n",s);
+       if((s=strusage(21)))
+         log_info("%s\n",s);
+       if((s=strusage(22)))
+         log_info("%s\n",s);
+      }
 #endif
 
     if (opt.verbose > 2)
@@ -2027,8 +2187,6 @@ main( int argc, char **argv )
          compliance_failure();
        else
          {
-           opt.force_mdc = 0;
-           opt.disable_mdc = 1;
            opt.force_v4_certs = 0;
            opt.sk_comments = 0;
            opt.escape_from = 1;
@@ -2038,7 +2196,7 @@ main( int argc, char **argv )
            opt.ask_cert_expire = 0;
            m_free(def_digest_string);
            def_digest_string = m_strdup("md5");
-           opt.def_compress_algo = 1;
+           opt.compress_algo = COMPRESS_ALGO_ZIP;
          }
       }
     else if(PGP6)
@@ -2047,8 +2205,6 @@ main( int argc, char **argv )
        opt.escape_from=1;
        opt.force_v3_sigs=1;
        opt.ask_sig_expire=0;
-       opt.force_mdc=0;
-       opt.disable_mdc=1;
       }
     else if(PGP7)
       {
@@ -2080,10 +2236,10 @@ main( int argc, char **argv )
        if( check_digest_algo(opt.def_digest_algo) )
            log_error(_("selected digest algorithm is invalid\n"));
     }
-    if( def_compress_string ) {
-       opt.def_compress_algo = string_to_compress_algo(def_compress_string);
-       m_free(def_compress_string); def_compress_string = NULL;
-       if( check_compress_algo(opt.def_compress_algo) )
+    if( compress_algo_string ) {
+       opt.compress_algo = string_to_compress_algo(compress_algo_string);
+       m_free(compress_algo_string); compress_algo_string = NULL;
+       if( check_compress_algo(opt.compress_algo) )
            log_error(_("selected compression algorithm is invalid\n"));
     }
     if( cert_digest_string ) {
@@ -2144,6 +2300,40 @@ main( int argc, char **argv )
        keygen_set_std_prefs(pers_compress_list,PREFTYPE_ZIP))
       log_error(_("invalid personal compress preferences\n"));
 
+    /* We don't support all possible commands with multifile yet */
+    if(multifile)
+      {
+       char *cmdname;
+
+       switch(cmd)
+         {
+         case aSign:
+           cmdname="--sign";
+           break;
+         case aClearsign:
+           cmdname="--clearsign";
+           break;
+         case aDetachedSign:
+           cmdname="--detach-sign";
+           break;
+         case aSym:
+           cmdname="--symmetric";
+           break;
+         case aEncrSym:
+           cmdname="--symmetric --encrypt";
+           break;
+         case aStore:
+           cmdname="--store";
+           break;
+         default:
+           cmdname=NULL;
+           break;
+         }
+
+       if(cmdname)
+         log_error(_("%s does not yet work with %s\n"),cmdname,"--multifile");
+      }
+
     if( log_get_errorcount(0) )
        g10_exit(2);
 
@@ -2173,10 +2363,10 @@ main( int argc, char **argv )
            badalg=digest_algo_to_string(opt.cert_digest_algo);
            badtype=PREFTYPE_HASH;
          }
-       else if(opt.def_compress_algo!=-1
-               && !algo_available(PREFTYPE_ZIP,opt.def_compress_algo,NULL))
+       else if(opt.compress_algo!=-1
+               && !algo_available(PREFTYPE_ZIP,opt.compress_algo,NULL))
          {
-           badalg=compress_algo_to_string(opt.def_compress_algo);
+           badalg=compress_algo_to_string(opt.compress_algo);
            badtype=PREFTYPE_ZIP;
          }
 
@@ -2233,10 +2423,6 @@ main( int argc, char **argv )
        g10_opt_verbose = opt.verbose;
     }
 
-    /* Compression algorithm 0 means no compression at all */
-    if( opt.def_compress_algo == 0)
-        opt.compress = 0;
-
     /* kludge to let -sat generate a clear text signature */
     if( opt.textmode == 2 && !detached_sig && opt.armor && cmd == aSign )
        cmd = aClearsign;
@@ -2252,8 +2438,7 @@ main( int argc, char **argv )
        && !(cmd == aKMode && argc == 2 ) ) 
       {
         if (cmd != aCheckKeys && cmd != aListSigs && cmd != aListKeys
-            && cmd != aVerify && cmd != aVerifyFiles
-            && cmd != aSym)
+            && cmd != aVerify && cmd != aSym)
           {
             if (!sec_nrings || default_keyring) /* add default secret rings */
               keydb_add_resource ("secring" EXTSEP_S "gpg", 0, 1);
@@ -2322,16 +2507,39 @@ main( int argc, char **argv )
        break;
 
       case aEncr: /* encrypt the given file */
+       if(multifile)
+         encode_crypt_files(argc, argv, remusr);
+       else
+         {
+           if( argc > 1 )
+             wrong_args(_("--encrypt [filename]"));
+           if( (rc = encode_crypt(fname,remusr,0)) )
+             log_error("%s: encryption failed: %s\n",
+                       print_fname_stdin(fname), g10_errstr(rc) );
+         }
+       break;
+
+      case aEncrSym:
+       /* This works with PGP 8 in the sense that it acts just like a
+          symmetric message.  It doesn't work at all with 2 or 6.  It
+          might work with 7, but alas, I don't have a copy to test
+          with right now. */
        if( argc > 1 )
-           wrong_args(_("--encrypt [filename]"));
-       if( (rc = encode_crypt(fname,remusr)) )
-           log_error("%s: encryption failed: %s\n", print_fname_stdin(fname), g10_errstr(rc) );
+         wrong_args(_("--symmetric --encrypt [filename]"));
+       else if(opt.s2k_mode==0)
+         log_error(_("you cannot use --symmetric --encrypt"
+                     " with --s2k-mode 0\n"));
+       else if(PGP2 || PGP6 || PGP7 || RFC1991)
+         log_error(_("you cannot use --symmetric --encrypt"
+                     " while in %s mode\n"),compliance_option_string());
+       else
+         {
+           if( (rc = encode_crypt(fname,remusr,1)) )
+             log_error("%s: encryption failed: %s\n",
+                       print_fname_stdin(fname), g10_errstr(rc) );
+         }
        break;
 
-      case aEncrFiles: /* encrypt the given files */
-        encode_crypt_files(argc, argv, remusr);
-       break;
-          
       case aSign: /* sign the given file */
        sl = NULL;
        if( detached_sig ) { /* sign all files */
@@ -2361,10 +2569,36 @@ main( int argc, char **argv )
        else
            sl = NULL;
        if( (rc = sign_file(sl, detached_sig, locusr, 1, remusr, NULL)) )
-           log_error("%s: sign+encrypt failed: %s\n", print_fname_stdin(fname), g10_errstr(rc) );
+           log_error("%s: sign+encrypt failed: %s\n",
+                     print_fname_stdin(fname), g10_errstr(rc) );
        free_strlist(sl);
        break;
 
+      case aSignEncrSym: /* sign and encrypt the given file */
+       if( argc > 1 )
+           wrong_args(_("--symmetric --sign --encrypt [filename]"));
+       else if(opt.s2k_mode==0)
+         log_error(_("you cannot use --symmetric --sign --encrypt"
+                     " with --s2k-mode 0\n"));
+       else if(PGP2 || PGP6 || PGP7 || RFC1991)
+         log_error(_("you cannot use --symmetric --sign --encrypt"
+                     " while in %s mode\n"),compliance_option_string());
+       else
+         {
+           if( argc )
+             {
+               sl = m_alloc_clear( sizeof *sl + strlen(fname));
+               strcpy(sl->d, fname);
+             }
+           else
+             sl = NULL;
+           if( (rc = sign_file(sl, detached_sig, locusr, 2, remusr, NULL)) )
+             log_error("%s: symmetric+sign+encrypt failed: %s\n",
+                       print_fname_stdin(fname), g10_errstr(rc) );
+           free_strlist(sl);
+         }
+       break;
+
       case aSignSym: /* sign and conventionally encrypt the given file */
        if (argc > 1)
            wrong_args(_("--sign --symmetric [filename]"));
@@ -2383,25 +2617,29 @@ main( int argc, char **argv )
        break;
 
       case aVerify:
-       if( (rc = verify_signatures( argc, argv ) ))
-           log_error("verify signatures failed: %s\n", g10_errstr(rc) );
-       break;
-
-      case aVerifyFiles:
-       if( (rc = verify_files( argc, argv ) ))
-           log_error("verify files failed: %s\n", g10_errstr(rc) );
+       if(multifile)
+         {
+           if( (rc = verify_files( argc, argv ) ))
+             log_error("verify files failed: %s\n", g10_errstr(rc) );
+         }
+       else
+         {
+           if( (rc = verify_signatures( argc, argv ) ))
+             log_error("verify signatures failed: %s\n", g10_errstr(rc) );
+         }
        break;
 
       case aDecrypt:
-       if( argc > 1 )
-           wrong_args(_("--decrypt [filename]"));
-       if( (rc = decrypt_message( fname ) ))
-           log_error("decrypt_message failed: %s\n", g10_errstr(rc) );
+        if(multifile)
+         decrypt_messages(argc, argv);
+       else
+         {
+           if( argc > 1 )
+             wrong_args(_("--decrypt [filename]"));
+           if( (rc = decrypt_message( fname ) ))
+             log_error("decrypt_message failed: %s\n", g10_errstr(rc) );
+         }
        break;
-
-      case aDecryptFiles:
-        decrypt_messages(argc, argv);
-        break;
             
       case aSignKey: /* sign the key given as argument */
        if( argc != 1 )
@@ -2515,12 +2753,12 @@ main( int argc, char **argv )
        if( opt.batch ) {
            if( argc > 1 )
                wrong_args("--gen-key [parameterfile]");
-           generate_keypair( argc? *argv : NULL );
+           generate_keypair( argc? *argv : NULL, NULL );
        }
        else {
            if( argc )
                wrong_args("--gen-key");
-           generate_keypair(NULL);
+           generate_keypair(NULL, NULL);
        }
        break;
 
@@ -2531,7 +2769,6 @@ main( int argc, char **argv )
        break;
 
       case aExport:
-      case aExportAll:
       case aSendKeys:
       case aRecvKeys:
        sl = NULL;
@@ -2559,7 +2796,6 @@ main( int argc, char **argv )
        sl = NULL;
        for( ; argc; argc--, argv++ )
          append_to_strlist2( &sl, *argv, utf8_strings );
-
        rc=keyserver_search( sl );
        if(rc)
          log_error(_("keyserver search failed: %s\n"),g10_errstr(rc));
@@ -2790,6 +3026,36 @@ main( int argc, char **argv )
         keydb_rebuild_caches ();
         break;
 
+#ifdef ENABLE_CARD_SUPPORT
+      case aCardStatus:
+        if (argc)
+            wrong_args ("--card-status");
+        card_status (stdout, NULL, 0);
+        break;
+
+      case aCardEdit:
+        if (argc) {
+            sl = NULL;
+            for (argc--, argv++ ; argc; argc--, argv++)
+                append_to_strlist (&sl, *argv);
+            card_edit (sl);
+            free_strlist (sl);
+       }
+        else
+            card_edit (NULL);
+        break;
+
+      case aChangePIN:
+        if (!argc)
+            change_pin (0);
+        else if (argc == 1)
+            change_pin ( atoi (*argv));
+        else
+        wrong_args ("--change-pin [no]");
+        break;
+#endif /* ENABLE_CARD_SUPPORT*/
+
+
       case aListPackets:
        opt.list_packets=2;
       default:
@@ -2833,6 +3099,9 @@ main( int argc, char **argv )
 void
 g10_exit( int rc )
 {
+#ifdef ENABLE_CARD_SUPPORT
+    card_close ();
+#endif
     update_random_seed_file();
     if( opt.debug & DBG_MEMSTAT_VALUE ) {
        m_print_stats("on exit");
@@ -2867,8 +3136,6 @@ print_hex( MD_HANDLE md, int algo, const char *fname )
 
   if(algo==DIGEST_ALGO_RMD160)
     indent+=printf("RMD160 = ");
-  else if(algo==DIGEST_ALGO_TIGER)
-    indent+=printf(" TIGER = ");
   else if(algo>0)
     indent+=printf("%6s = ",digest_algo_to_string(algo));
   else
@@ -2985,9 +3252,6 @@ print_mds( const char *fname, int algo )
        md_enable( md, DIGEST_ALGO_MD5 );
        md_enable( md, DIGEST_ALGO_SHA1 );
        md_enable( md, DIGEST_ALGO_RMD160 );
-#ifdef USE_TIGER192
-       md_enable( md, DIGEST_ALGO_TIGER );
-#endif
 #ifdef USE_SHA256
        md_enable( md, DIGEST_ALGO_SHA256 );
 #endif
@@ -3010,9 +3274,6 @@ print_mds( const char *fname, int algo )
                 print_hashline( md, DIGEST_ALGO_MD5, fname );
                 print_hashline( md, DIGEST_ALGO_SHA1, fname );
                 print_hashline( md, DIGEST_ALGO_RMD160, fname );
-#ifdef USE_TIGER192
-               print_hashline( md, DIGEST_ALGO_TIGER, fname );
-#endif
 #ifdef USE_SHA256
                 print_hashline( md, DIGEST_ALGO_SHA256, fname );
 #endif
@@ -3029,9 +3290,6 @@ print_mds( const char *fname, int algo )
                 print_hex( md, DIGEST_ALGO_MD5, fname );
                 print_hex( md, DIGEST_ALGO_SHA1, fname );
                 print_hex( md, DIGEST_ALGO_RMD160, fname );
-#ifdef USE_TIGER192
-               print_hex( md, DIGEST_ALGO_TIGER, fname );
-#endif
 #ifdef USE_SHA256
                 print_hex( md, DIGEST_ALGO_SHA256, fname );
 #endif
@@ -3171,8 +3429,8 @@ add_keyserver_url( const char *string, int which )
       if(which)
        BUG();
       else
-       log_error(_("the given signature preferred keyserver "
-                   "URL is invalid\n"));
+       log_error(_("the given signature preferred"
+                   " keyserver URL is invalid\n"));
     }
 
   if(which)