Fix for bug 537
[gnupg.git] / g10 / keyedit.c
index 174fef9..71ad9f0 100644 (file)
@@ -1,6 +1,6 @@
 /* keyedit.c - keyedit stuff
 /* keyedit.c - keyedit stuff
- * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
- *               2005 Free Software Foundation, Inc.
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
+ *               2006 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
  *
  * This file is part of GnuPG.
  *
 #include <assert.h>
 #include <ctype.h>
 #ifdef HAVE_LIBREADLINE
 #include <assert.h>
 #include <ctype.h>
 #ifdef HAVE_LIBREADLINE
-#include <stdio.h>
+#define GNUPG_LIBREADLINE_H_INCLUDED
 #include <readline/readline.h>
 #endif
 #include <readline/readline.h>
 #endif
+
+#include "gpg.h"
 #include "options.h"
 #include "packet.h"
 #include "errors.h"
 #include "iobuf.h"
 #include "keydb.h"
 #include "options.h"
 #include "packet.h"
 #include "errors.h"
 #include "iobuf.h"
 #include "keydb.h"
-#include "memory.h"
 #include "photoid.h"
 #include "util.h"
 #include "main.h"
 #include "photoid.h"
 #include "util.h"
 #include "main.h"
@@ -67,6 +68,8 @@ static int menu_set_primary_uid( KBNODE pub_keyblock, KBNODE sec_keyblock );
 static int menu_set_preferences( KBNODE pub_keyblock, KBNODE sec_keyblock );
 static int menu_set_keyserver_url (const char *url,
                                   KBNODE pub_keyblock, KBNODE sec_keyblock );
 static int menu_set_preferences( KBNODE pub_keyblock, KBNODE sec_keyblock );
 static int menu_set_keyserver_url (const char *url,
                                   KBNODE pub_keyblock, KBNODE sec_keyblock );
+static int menu_set_notation(const char *string,
+                            KBNODE pub_keyblock,KBNODE sec_keyblock);
 static int menu_select_uid( KBNODE keyblock, int idx );
 static int menu_select_uid_namehash( KBNODE keyblock, const char *namehash );
 static int menu_select_key( KBNODE keyblock, int idx );
 static int menu_select_uid( KBNODE keyblock, int idx );
 static int menu_select_uid_namehash( KBNODE keyblock, const char *namehash );
 static int menu_select_key( KBNODE keyblock, int idx );
@@ -504,7 +507,7 @@ trustsig_prompt(byte *trust_value,byte *trust_depth,char **regexp)
  * if some user_ids are marked those will be signed.
  */
 static int
  * if some user_ids are marked those will be signed.
  */
 static int
-sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
+sign_uids( KBNODE keyblock, strlist_t locusr, int *ret_modified,
           int local, int nonrevocable, int trust, int interactive )
 {
     int rc = 0;
           int local, int nonrevocable, int trust, int interactive )
 {
     int rc = 0;
@@ -546,7 +549,7 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
        byte trust_depth=0,trust_value=0;
 
        if(local || nonrevocable || trust ||
        byte trust_depth=0,trust_value=0;
 
        if(local || nonrevocable || trust ||
-          opt.cert_policy_url || opt.cert_notation_data)
+          opt.cert_policy_url || opt.cert_notations)
          force_v4=1;
 
        /* we have to use a copy of the sk, because make_keysig_packet
          force_v4=1;
 
        /* we have to use a copy of the sk, because make_keysig_packet
@@ -1339,8 +1342,9 @@ enum cmdids
     cmdSAVE, cmdADDUID, cmdADDPHOTO, cmdDELUID, cmdADDKEY, cmdDELKEY,
     cmdADDREVOKER, cmdTOGGLE, cmdSELKEY, cmdPASSWD, cmdTRUST, cmdPREF,
     cmdEXPIRE, cmdBACKSIGN, cmdENABLEKEY, cmdDISABLEKEY, cmdSHOWPREF,
     cmdSAVE, cmdADDUID, cmdADDPHOTO, cmdDELUID, cmdADDKEY, cmdDELKEY,
     cmdADDREVOKER, cmdTOGGLE, cmdSELKEY, cmdPASSWD, cmdTRUST, cmdPREF,
     cmdEXPIRE, cmdBACKSIGN, cmdENABLEKEY, cmdDISABLEKEY, cmdSHOWPREF,
-    cmdSETPREF, cmdPREFKS, cmdINVCMD, cmdSHOWPHOTO, cmdUPDTRUST, cmdCHKTRUST,
-    cmdADDCARDKEY, cmdKEYTOCARD, cmdBKUPTOCARD, cmdCLEAN, cmdMINIMIZE, cmdNOP
+    cmdSETPREF, cmdPREFKS, cmdNOTATION, cmdINVCMD, cmdSHOWPHOTO, cmdUPDTRUST,
+    cmdCHKTRUST, cmdADDCARDKEY, cmdKEYTOCARD, cmdBKUPTOCARD, cmdCLEAN,
+    cmdMINIMIZE, cmdNOP
   };
 
 static struct
   };
 
 static struct
@@ -1363,6 +1367,7 @@ static struct
     { "key"     , cmdSELKEY    , 0, N_("select subkey N") },
     { "check"   , cmdCHECK     , 0, N_("check signatures") },
     { "c"       , cmdCHECK     , 0, NULL },
     { "key"     , cmdSELKEY    , 0, N_("select subkey N") },
     { "check"   , cmdCHECK     , 0, N_("check signatures") },
     { "c"       , cmdCHECK     , 0, NULL },
+    { "cross-certify", cmdBACKSIGN  , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK, NULL },
     { "backsign", cmdBACKSIGN  , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK, NULL },
     { "sign"    , cmdSIGN      , KEYEDIT_NOT_SK|KEYEDIT_TAIL_MATCH,
       N_("sign selected user IDs [* see below for related commands]") },
     { "backsign", cmdBACKSIGN  , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK, NULL },
     { "sign"    , cmdSIGN      , KEYEDIT_NOT_SK|KEYEDIT_TAIL_MATCH,
       N_("sign selected user IDs [* see below for related commands]") },
@@ -1421,7 +1426,9 @@ static struct
     { "updpref" , cmdSETPREF   , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK, NULL },
 
     { "keyserver",cmdPREFKS    , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
     { "updpref" , cmdSETPREF   , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK, NULL },
 
     { "keyserver",cmdPREFKS    , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
-      N_("set preferred keyserver URL for the selected user IDs")},
+      N_("set the preferred keyserver URL for the selected user IDs")},
+    { "notation", cmdNOTATION  , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
+      N_("set a notation for the selected user IDs")},
     { "passwd"  , cmdPASSWD    , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
       N_("change the passphrase") },
     /* Alias */
     { "passwd"  , cmdPASSWD    , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
       N_("change the passphrase") },
     /* Alias */
@@ -1494,8 +1501,8 @@ keyedit_completion(const char *text, int start, int end)
 
 
 void
 
 
 void
-keyedit_menu( const char *username, STRLIST locusr,
-             STRLIST commands, int quiet, int seckey_check )
+keyedit_menu( const char *username, strlist_t locusr,
+             strlist_t commands, int quiet, int seckey_check )
 {
     enum cmdids cmd = 0;
     int rc = 0;
 {
     enum cmdids cmd = 0;
     int rc = 0;
@@ -2150,6 +2157,16 @@ keyedit_menu( const char *username, STRLIST locusr,
              }
            break;
 
              }
            break;
 
+         case cmdNOTATION:
+           if( menu_set_notation ( *arg_string?arg_string:NULL,
+                                   keyblock, sec_keyblock ) )
+             {
+               merge_keys_and_selfsig( keyblock );
+               modified = 1;
+               redisplay = 1;
+             }
+           break;
+
          case cmdNOP:
            break;
 
          case cmdNOP:
            break;
 
@@ -2237,8 +2254,36 @@ keyedit_menu( const char *username, STRLIST locusr,
     xfree(answer);
 }
 
     xfree(answer);
 }
 
+static void
+tty_print_notations(int indent,PKT_signature *sig)
+{
+  int first=1;
+  struct notation *notation,*nd;
+
+  if(indent<0)
+    {
+      first=0;
+      indent=-indent;
+    }
+
+  notation=sig_to_notation(sig);
+
+  for(nd=notation;nd;nd=nd->next)
+    {
+      if(!first)
+       tty_printf("%*s",indent,"");
+      else
+       first=0;
+
+      tty_print_utf8_string(nd->name,strlen(nd->name));
+      tty_printf("=");
+      tty_print_utf8_string(nd->value,strlen(nd->value));
+      tty_printf("\n");
+    }
+
+  free_notation(notation);
+}
 
 
-\f
 /****************
  * show preferences of a public keyblock.
  */
 /****************
  * show preferences of a public keyblock.
  */
@@ -2266,7 +2311,7 @@ show_prefs (PKT_user_id *uid, PKT_signature *selfsig, int verbose)
        tty_printf (_("Cipher: "));
         for(i=any=0; prefs[i].type; i++ ) {
             if( prefs[i].type == PREFTYPE_SYM ) {
        tty_printf (_("Cipher: "));
         for(i=any=0; prefs[i].type; i++ ) {
             if( prefs[i].type == PREFTYPE_SYM ) {
-                const char *s = cipher_algo_to_string (prefs[i].value);
+                const char *s = gcry_cipher_algo_name (prefs[i].value);
                 
                 if (any)
                     tty_printf (", ");
                 
                 if (any)
                     tty_printf (", ");
@@ -2283,13 +2328,13 @@ show_prefs (PKT_user_id *uid, PKT_signature *selfsig, int verbose)
         if (!des_seen) {
             if (any)
                 tty_printf (", ");
         if (!des_seen) {
             if (any)
                 tty_printf (", ");
-            tty_printf ("%s",cipher_algo_to_string(CIPHER_ALGO_3DES));
+            tty_printf ("%s", gcry_cipher_algo_name (CIPHER_ALGO_3DES));
         }
         tty_printf ("\n     ");
        tty_printf (_("Digest: "));
         for(i=any=0; prefs[i].type; i++ ) {
             if( prefs[i].type == PREFTYPE_HASH ) {
         }
         tty_printf ("\n     ");
        tty_printf (_("Digest: "));
         for(i=any=0; prefs[i].type; i++ ) {
             if( prefs[i].type == PREFTYPE_HASH ) {
-                const char *s = digest_algo_to_string (prefs[i].value);
+                const char *s = gcry_md_algo_name (prefs[i].value);
                 
                 if (any)
                     tty_printf (", ");
                 
                 if (any)
                     tty_printf (", ");
@@ -2306,7 +2351,7 @@ show_prefs (PKT_user_id *uid, PKT_signature *selfsig, int verbose)
         if (!sha1_seen) {
             if (any)
                 tty_printf (", ");
         if (!sha1_seen) {
             if (any)
                 tty_printf (", ");
-            tty_printf ("%s",digest_algo_to_string(DIGEST_ALGO_SHA1));
+            tty_printf ("%s", gcry_md_algo_name (DIGEST_ALGO_SHA1));
         }
         tty_printf ("\n     ");
        tty_printf (_("Compression: "));
         }
         tty_printf ("\n     ");
        tty_printf (_("Compression: "));
@@ -2368,6 +2413,13 @@ show_prefs (PKT_user_id *uid, PKT_signature *selfsig, int verbose)
                tty_print_utf8_string(pref_ks,pref_ks_len);
                tty_printf("\n");
              }
                tty_print_utf8_string(pref_ks,pref_ks_len);
                tty_printf("\n");
              }
+
+           if(selfsig->flags.notation)
+             {
+               tty_printf ("     ");
+               tty_printf(_("Notations: "));
+               tty_print_notations(5+strlen(_("Notations: ")),selfsig);
+             }
          }
     }
     else {
          }
     }
     else {
@@ -2442,24 +2494,7 @@ show_key_with_all_names_colon (KBNODE keyblock)
           putchar('\n');
           
           print_fingerprint (pk, NULL, 0);
           putchar('\n');
           
           print_fingerprint (pk, NULL, 0);
-
-          /* print the revoker record */
-          if( !pk->revkey && pk->numrevkeys )
-            BUG();
-          else
-            {
-              for (i=0; i < pk->numrevkeys; i++)
-                {
-                  byte *p;
-
-                  printf ("rvk:::%d::::::", pk->revkey[i].algid);
-                  p = pk->revkey[i].fpr;
-                  for (j=0; j < 20; j++, p++ )
-                    printf ("%02X", *p);
-                  printf (":%02x%s:\n", pk->revkey[i].class,
-                          (pk->revkey[i].class&0x40)?"s":"");
-                }
-            }
+         print_revokers(pk);
         }
     }
   
         }
     }
   
@@ -2651,7 +2686,7 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
            if(pk->is_revoked)
              {
                char *user=get_user_id_string_native(pk->revoked.keyid);
            if(pk->is_revoked)
              {
                char *user=get_user_id_string_native(pk->revoked.keyid);
-               const char *algo=pubkey_algo_to_string(pk->revoked.algo);
+               const char *algo = gcry_pk_algo_name (pk->revoked.algo);
                tty_printf(_("This key was revoked on %s by %s key %s\n"),
                           revokestr_from_pk(pk),algo?algo:"?",user);
                xfree(user);
                tty_printf(_("This key was revoked on %s by %s key %s\n"),
                           revokestr_from_pk(pk),algo?algo:"?",user);
                xfree(user);
@@ -2666,9 +2701,9 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
                    {
                      u32 r_keyid[2];
                      char *user;
                    {
                      u32 r_keyid[2];
                      char *user;
-                     const char *algo=
-                       pubkey_algo_to_string(pk->revkey[i].algid);
+                     const char *algo;
 
 
+                      algo = gcry_pk_algo_name (pk->revkey[i].algid);
                      keyid_from_fingerprint(pk->revkey[i].fpr,
                                             MAX_FINGERPRINT_LEN,r_keyid);
 
                      keyid_from_fingerprint(pk->revkey[i].fpr,
                                             MAX_FINGERPRINT_LEN,r_keyid);
 
@@ -3626,10 +3661,21 @@ menu_backsign(KBNODE pub_keyblock,KBNODE sec_keyblock)
        }
 
       /* Find a signing subkey with no backsig */
        }
 
       /* Find a signing subkey with no backsig */
-      if(node->pkt->pkttype==PKT_PUBLIC_SUBKEY
-         && (node->pkt->pkt.public_key->pubkey_usage&PUBKEY_USAGE_SIG)
-         && !node->pkt->pkt.public_key->backsig)
-        sub_pk=node->pkt->pkt.public_key;
+      if(node->pkt->pkttype==PKT_PUBLIC_SUBKEY)
+       {
+         if(node->pkt->pkt.public_key->pubkey_usage&PUBKEY_USAGE_SIG)
+           {
+             if(node->pkt->pkt.public_key->backsig)
+               tty_printf(_("signing subkey %s is already cross-certified\n"),
+                          keystr_from_pk(node->pkt->pkt.public_key));
+             else
+               sub_pk=node->pkt->pkt.public_key;
+           }
+         else
+           tty_printf(_("subkey %s does not sign and so does"
+                        " not need to be cross-certified\n"),
+                      keystr_from_pk(node->pkt->pkt.public_key));
+       }
 
       if(!sub_pk)
        continue;
 
       if(!sub_pk)
        continue;
@@ -3658,16 +3704,21 @@ menu_backsign(KBNODE pub_keyblock,KBNODE sec_keyblock)
          }
 
       if(!sub_sk)
          }
 
       if(!sub_sk)
-       continue;
+       {
+         tty_printf(_("no secret subkey for public subkey %s - ignoring\n"),
+                    keystr_from_pk(sub_pk));
+         continue;
+       }
 
       /* Now finally find the matching selfsig on the secret subkey.
         We can't use chosen_selfsig here (it's not set for secret
         keys), so we just pick the selfsig with the right class.
         This is what menu_expire does as well. */
       for(node2=node2->next;
 
       /* Now finally find the matching selfsig on the secret subkey.
         We can't use chosen_selfsig here (it's not set for secret
         keys), so we just pick the selfsig with the right class.
         This is what menu_expire does as well. */
       for(node2=node2->next;
-         node2 && node2->pkt->pkttype==PKT_SIGNATURE;
+         node2 && node2->pkt->pkttype!=PKT_SECRET_SUBKEY;
          node2=node2->next)
          node2=node2->next)
-       if(node2->pkt->pkt.signature->version>=4
+       if(node2->pkt->pkttype==PKT_SIGNATURE
+          && node2->pkt->pkt.signature->version>=4
           && node2->pkt->pkt.signature->keyid[0]==sig_pk->pkt->pkt.signature->keyid[0]
           && node2->pkt->pkt.signature->keyid[1]==sig_pk->pkt->pkt.signature->keyid[1]
           && node2->pkt->pkt.signature->sig_class==sig_pk->pkt->pkt.signature->sig_class)
           && node2->pkt->pkt.signature->keyid[0]==sig_pk->pkt->pkt.signature->keyid[0]
           && node2->pkt->pkt.signature->keyid[1]==sig_pk->pkt->pkt.signature->keyid[1]
           && node2->pkt->pkt.signature->sig_class==sig_pk->pkt->pkt.signature->sig_class)
@@ -3676,11 +3727,8 @@ menu_backsign(KBNODE pub_keyblock,KBNODE sec_keyblock)
            break;
          }
 
            break;
          }
 
-      if(!sig_sk)
-       continue;
-
       /* Now we can get to work.  We have a main key and secret part,
       /* Now we can get to work.  We have a main key and secret part,
-        a signing subkey with signature and secret part with
+        a signing subkey with signature and secret part possibly with
         signature. */
 
       passphrase=get_last_passphrase();
         signature. */
 
       passphrase=get_last_passphrase();
@@ -3709,13 +3757,16 @@ menu_backsign(KBNODE pub_keyblock,KBNODE sec_keyblock)
              xfree(sig_pk->pkt);
              sig_pk->pkt=newpkt;
 
              xfree(sig_pk->pkt);
              sig_pk->pkt=newpkt;
 
-             /* Put the new sig into place on the seckey */
-             newpkt=xmalloc_clear(sizeof(*newpkt));
-             newpkt->pkttype=PKT_SIGNATURE;
-             newpkt->pkt.signature=copy_signature(NULL,newsig);
-             free_packet(sig_sk->pkt);
-             xfree(sig_sk->pkt);
-             sig_sk->pkt=newpkt;
+             if(sig_sk)
+               {
+                 /* Put the new sig into place on the seckey */
+                 newpkt=xmalloc_clear(sizeof(*newpkt));
+                 newpkt->pkttype=PKT_SIGNATURE;
+                 newpkt->pkt.signature=copy_signature(NULL,newsig);
+                 free_packet(sig_sk->pkt);
+                 xfree(sig_sk->pkt);
+                 sig_sk->pkt=newpkt;
+               }
 
              modified=1;
            }
 
              modified=1;
            }
@@ -4116,6 +4167,219 @@ menu_set_keyserver_url (const char *url,
   return modified;
 }
 
   return modified;
 }
 
+static int
+menu_set_notation(const char *string,KBNODE pub_keyblock,KBNODE sec_keyblock)
+{
+  PKT_secret_key *sk;    /* copy of the main sk */
+  PKT_public_key *main_pk;
+  PKT_user_id *uid;
+  KBNODE node;
+  u32 keyid[2];
+  int selected, select_all;
+  int modified = 0;
+  char *answer;
+  struct notation *notation;
+
+  no_primary_warning(pub_keyblock);
+
+  if(string)
+    answer=xstrdup(string);
+  else
+    {
+      answer=cpr_get_utf8("keyedit.add_notation",
+                         _("Enter the notation: "));
+      if(answer[0]=='\0' || answer[0]=='\004')
+       {
+         xfree(answer);
+         return 0;
+       }
+    }
+
+  if(ascii_strcasecmp(answer,"none")==0
+     || ascii_strcasecmp(answer,"-")==0)
+    notation=NULL; /* delete them all */
+  else
+    {
+      notation=string_to_notation(answer,0);
+      if(!notation)
+       {
+         xfree(answer);
+         return 0;
+       }
+    }
+
+  xfree(answer);
+
+  select_all = !count_selected_uids (pub_keyblock);
+
+  node = find_kbnode( sec_keyblock, PKT_SECRET_KEY );
+  sk = copy_secret_key( NULL, node->pkt->pkt.secret_key);
+
+  /* Now we can actually change the self signature(s) */
+  main_pk = NULL;
+  uid = NULL;
+  selected = 0;
+  for ( node=pub_keyblock; node; node = node->next )
+    {
+      if ( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
+       break; /* ready */
+
+      if ( node->pkt->pkttype == PKT_PUBLIC_KEY )
+       {
+         main_pk = node->pkt->pkt.public_key;
+         keyid_from_pk( main_pk, keyid );
+       }
+      else if ( node->pkt->pkttype == PKT_USER_ID )
+       {
+         uid = node->pkt->pkt.user_id;
+         selected = select_all || (node->flag & NODFLG_SELUID);
+       }
+      else if ( main_pk && uid && selected
+               && node->pkt->pkttype == PKT_SIGNATURE )
+       {
+         PKT_signature *sig = node->pkt->pkt.signature;
+         if ( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1]
+              && (uid && (sig->sig_class&~3) == 0x10)
+              && sig->flags.chosen_selfsig)
+           {
+             char *user=utf8_to_native(uid->name,strlen(uid->name),0);
+             if( sig->version < 4 )
+               log_info(_("skipping v3 self-signature on user ID \"%s\"\n"),
+                        user);
+             else
+               {
+                 PKT_signature *newsig;
+                 PACKET *newpkt;
+                 int rc,skip=0,addonly=1;
+
+                 if(sig->flags.notation)
+                   {
+                     tty_printf("Current notations for user ID \"%s\":\n",
+                                user);
+                     tty_print_notations(-9,sig);
+                   }
+                 else
+                   {
+                     tty_printf("No notations on user ID \"%s\"\n",user);
+                     if(notation==NULL)
+                       {
+                         /* There are no current notations, so there
+                            is no point in trying to un-set them. */
+                         continue;
+                       }
+                   }
+
+                 if(notation)
+                   {
+                     struct notation *n;
+                     int deleting=0;
+
+                     notation->next=sig_to_notation(sig);
+
+                     for(n=notation->next;n;n=n->next)
+                       if(strcmp(n->name,notation->name)==0)
+                         {
+                           if(notation->value)
+                             {
+                               if(strcmp(n->value,notation->value)==0)
+                                 {
+                                   if(notation->flags.ignore)
+                                     {
+                                       /* Value match with a delete
+                                          flag. */
+                                       n->flags.ignore=1;
+                                       deleting=1;
+                                     }
+                                   else
+                                     {
+                                       /* Adding the same notation
+                                          twice, so don't add it at
+                                          all. */
+                                       skip=1;
+                                       tty_printf("Skipping notation:"
+                                                  " %s=%s\n",
+                                                  notation->name,
+                                                  notation->value);
+                                       break;
+                                     }
+                                 }
+                             }
+                           else
+                             {
+                               /* No value, so it means delete. */
+                               n->flags.ignore=1;
+                               deleting=1;
+                             }
+
+                           if(n->flags.ignore)
+                             {
+                               tty_printf("Removing notation: %s=%s\n",
+                                          n->name,n->value);
+                               addonly=0;
+                             }
+                         }
+
+                     if(!notation->flags.ignore && !skip)
+                       tty_printf("Adding notation: %s=%s\n",
+                                  notation->name,notation->value);
+
+                     /* We tried to delete, but had no matches */
+                     if(notation->flags.ignore && !deleting)
+                       continue;
+                   }
+                 else
+                   {
+                     tty_printf("Removing all notations\n");
+                     addonly=0;
+                   }
+
+                 if(skip
+                    || (!addonly
+                        && !cpr_get_answer_is_yes("keyedit.confirm_notation",
+                                                  _("Proceed? (y/N) "))))
+                   continue;
+
+                 rc = update_keysig_packet (&newsig, sig,
+                                            main_pk, uid, NULL,
+                                            sk,
+                                            keygen_add_notations, notation );
+                 if( rc )
+                   {
+                     log_error ("update_keysig_packet failed: %s\n",
+                                g10_errstr(rc));
+                     free_secret_key( sk );
+                     free_notation(notation);
+                     xfree(user);
+                     return 0;
+                   }
+
+                 /* replace the packet */
+                 newpkt = xmalloc_clear( sizeof *newpkt );
+                 newpkt->pkttype = PKT_SIGNATURE;
+                 newpkt->pkt.signature = newsig;
+                 free_packet( node->pkt );
+                 xfree( node->pkt );
+                 node->pkt = newpkt;
+                 modified = 1;
+
+                 if(notation)
+                   {
+                     /* Snip off the notation list from the sig */
+                     free_notation(notation->next);
+                     notation->next=NULL;
+                   }
+
+                 xfree(user);
+               }
+           }
+       }
+    }
+
+  free_notation(notation);
+  free_secret_key( sk );
+  return modified;
+}
+
 
 /****************
  * Select one user id or remove all selection if index is 0.
 
 /****************
  * Select one user id or remove all selection if index is 0.