* keyedit.c (sign_uids, keyedit_menu): When the user requests to sign
[gnupg.git] / g10 / keyedit.c
index 5da2f82..7db46cf 100644 (file)
@@ -1,6 +1,6 @@
 /* keyedit.c - keyedit stuff
- * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
- *               2004 Free Software Foundation, Inc.
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+ *               2005 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
 #include <errno.h>
 #include <assert.h>
 #include <ctype.h>
-
+#ifdef HAVE_LIBREADLINE
+#include <stdio.h>
+#include <readline/readline.h>
+#endif
 #include "options.h"
 #include "packet.h"
 #include "errors.h"
@@ -69,6 +72,7 @@ static int count_selected_keys( KBNODE keyblock );
 static int menu_revsig( KBNODE keyblock );
 static int menu_revuid( KBNODE keyblock, KBNODE sec_keyblock );
 static int menu_revkey( KBNODE pub_keyblock, KBNODE sec_keyblock );
+static int menu_revsubkey( KBNODE pub_keyblock, KBNODE sec_keyblock );
 static int enable_disable_key( KBNODE keyblock, int disable );
 static void menu_showphoto( KBNODE keyblock );
 
@@ -167,7 +171,7 @@ print_and_check_one_sig_colon( KBNODE keyblock, KBNODE node,
   if( sigrc != '?' || print_without_key )
     {
       printf("sig:%c::%d:%08lX%08lX:%lu:%lu:",
-            sigrc,sig->pubkey_algo,(ulong)sig->keyid[1],(ulong)sig->keyid[2],
+            sigrc,sig->pubkey_algo,(ulong)sig->keyid[0],(ulong)sig->keyid[1],
             (ulong)sig->timestamp,(ulong)sig->expiredate);
 
       if(sig->trust_depth || sig->trust_value)
@@ -257,7 +261,8 @@ print_and_check_one_sig( KBNODE keyblock, KBNODE node,
          {
            size_t n;
            char *p = get_user_id( sig->keyid, &n );
-           tty_print_utf8_string2( p, n, opt.screen_columns-keystrlen()-26 );
+           tty_print_utf8_string2(p, n, opt.screen_columns-keystrlen()-26-
+                              ((opt.list_options&LIST_SHOW_SIG_EXPIRE)?11:0));
            m_free(p);
          }
        tty_printf("\n");
@@ -397,14 +402,13 @@ trustsig_prompt(byte *trust_value,byte *trust_depth,char **regexp)
   *trust_depth=0;
   *regexp=NULL;
 
-  tty_printf("\n");
   /* Same string as pkclist.c:do_edit_ownertrust */
-  tty_printf(_(
-              "Please decide how far you trust this user to correctly\n"
-              "verify other users' keys (by looking at passports,\n"
-              "checking fingerprints from different sources...)?\n\n"));
-  tty_printf (_("   (%d) I trust marginally\n"), 1);
-  tty_printf (_("   (%d) I trust fully\n"), 2);
+  tty_printf(_("Please decide how far you trust this user to correctly verify"
+              " other users' keys\n(by looking at passports, checking"
+              " fingerprints from different sources, etc.)\n"));
+  tty_printf("\n");
+  tty_printf (_("  %d = I trust marginally\n"), 1);
+  tty_printf (_("  %d = I trust fully\n"), 2);
   tty_printf("\n");
 
   while(*trust_value==0)
@@ -494,7 +498,7 @@ trustsig_prompt(byte *trust_value,byte *trust_depth,char **regexp)
  */
 static int
 sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
-          int local, int nonrevocable, int trust )
+          int local, int nonrevocable, int trust, int interactive )
 {
     int rc = 0;
     SK_LIST sk_list = NULL;
@@ -502,7 +506,7 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
     PKT_secret_key *sk = NULL;
     KBNODE node, uidnode;
     PKT_public_key *primary_pk=NULL;
-    int select_all = !count_selected_uids(keyblock);
+    int select_all = !count_selected_uids(keyblock) || interactive;
     int all_v3=1;
 
     /* Are there any non-v3 sigs on this key already? */
@@ -529,7 +533,6 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
     /* loop over all signators */
     for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
         u32 sk_keyid[2],pk_keyid[2];
-       size_t n;
        char *p,*trust_regexp=NULL;
        int force_v4=0,class=0,selfsig=0;
        u32 duration=0,timestamp=0;
@@ -572,10 +575,12 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
                    force_v4=0;
                  }
            }
-           else if( node->pkt->pkttype == PKT_USER_ID ) {
+           else if( node->pkt->pkttype == PKT_USER_ID )
+             {
                uidnode = (node->flag & NODFLG_MARK_A)? node : NULL;
                if(uidnode)
                  {
+                   int yesreally=0;
                    char *user=utf8_to_native(uidnode->pkt->pkt.user_id->name,
                                              uidnode->pkt->pkt.user_id->len,
                                              0);
@@ -598,6 +603,8 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
                                uidnode->flag &= ~NODFLG_MARK_A;
                                uidnode=NULL;
                              }
+                           else if(interactive)
+                             yesreally=1;
                          }
                        else
                          {
@@ -624,6 +631,8 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
                                uidnode->flag &= ~NODFLG_MARK_A;
                                uidnode=NULL;
                              }
+                           else if(interactive)
+                             yesreally=1;
                          }
                        else
                          {
@@ -649,6 +658,8 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
                                uidnode->flag &= ~NODFLG_MARK_A;
                                uidnode=NULL;
                              }
+                           else if(interactive)
+                             yesreally=1;
                          }
                        else
                          {
@@ -658,9 +669,20 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
                          }
                      }
 
+                   if(uidnode && interactive && !yesreally)
+                     {
+                       tty_printf(_("User ID \"%s\" is signable.  "),user);
+                       if(!cpr_get_answer_is_yes("sign_uid.sign_okay",
+                                                 _("Sign it? (y/N) ")))
+                         {
+                           uidnode->flag &= ~NODFLG_MARK_A;
+                           uidnode=NULL;
+                         }
+                     }
+
                    m_free(user);
                  }
-           }
+             }
            else if( uidnode && node->pkt->pkttype == PKT_SIGNATURE
                && (node->pkt->pkt.signature->sig_class&~3) == 0x10 ) {
                if( sk_keyid[0] == node->pkt->pkt.signature->keyid[0]
@@ -893,7 +915,7 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
                while(class==0)
                  {
                    answer = cpr_get("sign_uid.class",_("Your selection? "
-                                       "(enter '?' for more information): "));
+                                       "(enter `?' for more information): "));
                    if(answer[0]=='\0')
                      class=0x10+opt.def_cert_level; /* Default */
                    else if(ascii_strcasecmp(answer,"0")==0)
@@ -915,49 +937,63 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
              trustsig_prompt(&trust_value,&trust_depth,&trust_regexp);
          }
 
-       tty_printf(_("Are you really sure that you want to sign this key\n"
-                    "with your key: \""));
-       p = get_user_id( sk_keyid, &n );
-       tty_print_utf8_string( p, n );
-       m_free(p); p = NULL;
-       tty_printf("\" (%s)\n",keystr_from_sk(sk));
+       p=get_user_id_native(sk_keyid);
+       tty_printf(_("Are you sure that you want to sign this key with your\n"
+                    "key \"%s\" (%s)\n"),p,keystr_from_sk(sk));
+       m_free(p);
 
        if(selfsig)
          {
-           tty_printf(_("\nThis will be a self-signature.\n"));
+            tty_printf("\n");
+           tty_printf(_("This will be a self-signature.\n"));
 
            if( local )
-             tty_printf(
-                        _("\nWARNING: the signature will not be marked "
+              {
+                tty_printf("\n");
+                tty_printf(
+                        _("WARNING: the signature will not be marked "
                           "as non-exportable.\n"));
+              }
 
            if( nonrevocable )
-             tty_printf(
-                        _("\nWARNING: the signature will not be marked "
+              {
+                tty_printf("\n");
+                tty_printf(
+                        _("WARNING: the signature will not be marked "
                           "as non-revocable.\n"));
+              }
          }
        else
          {
            if( local )
-             tty_printf(
-                    _("\nThe signature will be marked as non-exportable.\n"));
+              {
+                tty_printf("\n");
+                tty_printf(
+                    _("The signature will be marked as non-exportable.\n"));
+              }
 
            if( nonrevocable )
-             tty_printf(
-                     _("\nThe signature will be marked as non-revocable.\n"));
+              {
+                tty_printf("\n");
+                tty_printf(
+                     _("The signature will be marked as non-revocable.\n"));
+              }
 
            switch(class)
              {
              case 0x11:
-               tty_printf(_("\nI have not checked this key at all.\n"));
+                tty_printf("\n");
+               tty_printf(_("I have not checked this key at all.\n"));
                break;
 
              case 0x12:
-               tty_printf(_("\nI have checked this key casually.\n"));
+                tty_printf("\n");
+               tty_printf(_("I have checked this key casually.\n"));
                break;
 
              case 0x13:
-               tty_printf(_("\nI have checked this key very carefully.\n"));
+                tty_printf("\n");
+               tty_printf(_("I have checked this key very carefully.\n"));
                break;
              }
          }
@@ -966,7 +1002,8 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
 
        if( opt.batch && opt.answer_yes )
          ;
-       else if( !cpr_get_answer_is_yes("sign_uid.okay", _("Really sign? ")) )
+       else if( !cpr_get_answer_is_yes("sign_uid.okay",
+                                       _("Really sign? (y/N) ")) )
            continue;
 
        /* now we can sign the user ids */
@@ -1054,6 +1091,7 @@ change_passphrase( KBNODE keyblock )
     PKT_secret_key *sk;
     char *passphrase = NULL;
     int no_primary_secrets = 0;
+    int any;
 
     node = find_kbnode( keyblock, PKT_SECRET_KEY );
     if( !node ) {
@@ -1062,6 +1100,25 @@ change_passphrase( KBNODE keyblock )
     }
     sk = node->pkt->pkt.secret_key;
 
+    for (any = 0, node=keyblock; node; node = node->next) {
+       if (node->pkt->pkttype == PKT_SECRET_KEY 
+            || node->pkt->pkttype == PKT_SECRET_SUBKEY) {
+           PKT_secret_key *tmpsk = node->pkt->pkt.secret_key;
+            if (!(tmpsk->is_protected
+                  && (tmpsk->protect.s2k.mode == 1001 
+                      || tmpsk->protect.s2k.mode == 1002))) {
+                any = 1;
+                break;
+            }
+        }
+    }
+    if (!any) {
+        tty_printf (_("Key has only stub or on-card key items - "
+                      "no passphrase to change.\n"));
+        goto leave;
+    }
+        
+    /* See how to handle this key.  */
     switch( is_secret_key_protected( sk ) ) {
       case -1:
        rc = G10ERR_PUBKEY_ALGO;
@@ -1074,6 +1131,10 @@ change_passphrase( KBNODE keyblock )
            tty_printf(_("Secret parts of primary key are not available.\n"));
            no_primary_secrets = 1;
        }
+       else if( sk->protect.s2k.mode == 1002 ) {
+           tty_printf(_("Secret parts of primary key are stored on-card.\n"));
+           no_primary_secrets = 1;
+       }
        else {
            tty_printf(_("Key is protected.\n"));
            rc = check_secret_key( sk, 0 );
@@ -1083,14 +1144,18 @@ change_passphrase( KBNODE keyblock )
        break;
     }
 
-    /* unprotect all subkeys (use the supplied passphrase or ask)*/
+    /* Unprotect all subkeys (use the supplied passphrase or ask)*/
     for(node=keyblock; !rc && node; node = node->next ) {
        if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
            PKT_secret_key *subsk = node->pkt->pkt.secret_key;
-           set_next_passphrase( passphrase );
-           rc = check_secret_key( subsk, 0 );
-           if( !rc && !passphrase )
-               passphrase = get_last_passphrase();
+            if ( !(subsk->is_protected
+                   && (subsk->protect.s2k.mode == 1001 
+                       || subsk->protect.s2k.mode == 1002))) {
+                set_next_passphrase( passphrase );
+                rc = check_secret_key( subsk, 0 );
+                if( !rc && !passphrase )
+                    passphrase = get_last_passphrase();
+            }
        }
     }
 
@@ -1118,7 +1183,7 @@ change_passphrase( KBNODE keyblock )
                tty_printf(_( "You don't want a passphrase -"
                            " this is probably a *bad* idea!\n\n"));
                if( cpr_get_answer_is_yes("change_passwd.empty.okay",
-                              _("Do you really want to do this? ")))
+                              _("Do you really want to do this? (y/N) ")))
                  {
                    changed++;
                    break;
@@ -1134,13 +1199,18 @@ change_passphrase( KBNODE keyblock )
                for(node=keyblock; !rc && node; node = node->next ) {
                    if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
                        PKT_secret_key *subsk = node->pkt->pkt.secret_key;
-                       subsk->protect.algo = dek->algo;
-                       subsk->protect.s2k = *s2k;
-                       rc = protect_secret_key( subsk, dek );
+                        if ( !(subsk->is_protected
+                               && (subsk->protect.s2k.mode == 1001 
+                                   || subsk->protect.s2k.mode == 1002))) {
+                            subsk->protect.algo = dek->algo;
+                            subsk->protect.s2k = *s2k;
+                            rc = protect_secret_key( subsk, dek );
+                        }
                    }
                }
                if( rc )
-                   log_error("protect_secret_key failed: %s\n", g10_errstr(rc) );
+                   log_error("protect_secret_key failed: %s\n",
+                              g10_errstr(rc) );
                else
                    changed++;
                break;
@@ -1200,6 +1270,36 @@ fix_keyblock( KBNODE keyblock )
     return fixed;
 }
 
+static int
+parse_sign_type(const char *str,int *localsig,int *nonrevokesig,int *trustsig)
+{
+  const char *p=str;
+
+  while(*p)
+    {
+      if(ascii_strncasecmp(p,"l",1)==0)
+       {
+         *localsig=1;
+         p++;
+       }
+      else if(ascii_strncasecmp(p,"nr",2)==0)
+       {
+         *nonrevokesig=1;
+         p+=2;
+       }
+      else if(ascii_strncasecmp(p,"t",1)==0)
+       {
+         *trustsig=1;
+         p++;
+       }
+      else
+       return 0;
+    }
+
+  return 1;
+}
+
+\f
 /****************
  * Menu driven key editor.  If seckey_check is true, then a secret key
  * that matches username will be looked for.  If it is false, not all
@@ -1208,77 +1308,177 @@ fix_keyblock( KBNODE keyblock )
  * Note: to keep track of some selection we use node->mark MARKBIT_xxxx.
  */
 
+/* Need an SK for this command */
+#define KEYEDIT_NEED_SK 1
+/* Cannot be viewing the SK for this command */
+#define KEYEDIT_NOT_SK  2
+/* Must be viewing the SK for this command */
+#define KEYEDIT_ONLY_SK 4
+/* Match the tail of the string */
+#define KEYEDIT_TAIL_MATCH 8
+
+enum cmdids
+  {
+    cmdNONE = 0,
+    cmdQUIT, cmdHELP, cmdFPR, cmdLIST, cmdSELUID, cmdCHECK, cmdSIGN,
+    cmdREVSIG, cmdREVKEY, cmdREVUID, cmdDELSIG, cmdPRIMARY, cmdDEBUG,
+    cmdSAVE, cmdADDUID, cmdADDPHOTO, cmdDELUID, cmdADDKEY, cmdDELKEY,
+    cmdADDREVOKER, cmdTOGGLE, cmdSELKEY, cmdPASSWD, cmdTRUST, cmdPREF,
+    cmdEXPIRE, cmdENABLEKEY, cmdDISABLEKEY, cmdSHOWPREF, cmdSETPREF,
+    cmdPREFKS, cmdINVCMD, cmdSHOWPHOTO, cmdUPDTRUST, cmdCHKTRUST,
+    cmdADDCARDKEY, cmdKEYTOCARD, cmdBKUPTOCARD, cmdNOP
+  };
+
+static struct
+{
+  const char *name;
+  enum cmdids id;
+  int flags;
+  const char *desc;
+} cmds[] =
+  { 
+    { "quit"    , cmdQUIT      , 0, N_("quit this menu") },
+    { "q"       , cmdQUIT      , 0, NULL   },
+    { "save"    , cmdSAVE      , 0, N_("save and quit") },
+    { "help"    , cmdHELP      , 0, N_("show this help") },
+    { "?"       , cmdHELP      , 0, NULL   },
+    { "fpr"     , cmdFPR       , 0, N_("show key fingerprint") },
+    { "list"    , cmdLIST      , 0, N_("list key and user IDs") },
+    { "l"       , cmdLIST      , 0, NULL   },
+    { "uid"     , cmdSELUID    , 0, N_("select user ID N") },
+    { "key"     , cmdSELKEY    , 0, N_("select subkey N") },
+    { "check"   , cmdCHECK     , 0, N_("check signatures") },
+    { "c"       , cmdCHECK     , 0, NULL },
+    { "sign"    , cmdSIGN      , KEYEDIT_NOT_SK|KEYEDIT_TAIL_MATCH,
+      N_("sign selected user IDs [* see below for related commands]") },
+    { "s"       , cmdSIGN      , KEYEDIT_NOT_SK, NULL },
+    /* "lsign" and friends will never match since "sign" comes first
+       and it is a tail match.  They are just here so they show up in
+       the help menu. */
+    { "lsign"   , cmdNOP       , 0, N_("sign selected user IDs locally") },
+    { "tsign"   , cmdNOP       , 0,
+      N_("sign selected user IDs with a trust signature") },
+    { "nrsign"  , cmdNOP       , 0,
+      N_("sign selected user IDs with a non-revocable signature") },
+
+    { "debug"   , cmdDEBUG     , 0, NULL },
+    { "adduid"  , cmdADDUID    , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
+      N_("add a user ID") },
+    { "addphoto", cmdADDPHOTO  , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
+      N_("add a photo ID") },
+    { "deluid"  , cmdDELUID    , KEYEDIT_NOT_SK,
+      N_("delete selected user IDs") },
+    /* delphoto is really deluid in disguise */
+    { "delphoto", cmdDELUID    , KEYEDIT_NOT_SK, NULL },
+
+    { "addkey"  , cmdADDKEY    , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
+      N_("add a subkey") },
+
+#ifdef ENABLE_CARD_SUPPORT
+    { "addcardkey", cmdADDCARDKEY , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
+      N_("add a key to a smartcard") },
+    { "keytocard", cmdKEYTOCARD , KEYEDIT_NEED_SK|KEYEDIT_ONLY_SK, 
+      N_("move a key to a smartcard")},
+    { "bkuptocard", cmdBKUPTOCARD , KEYEDIT_NEED_SK|KEYEDIT_ONLY_SK, 
+      N_("move a backup key to a smartcard")},
+#endif /*ENABLE_CARD_SUPPORT*/
+
+    { "delkey"  , cmdDELKEY    , KEYEDIT_NOT_SK,
+      N_("delete selected subkeys") },
+    { "addrevoker",cmdADDREVOKER,KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
+      N_("add a revocation key") },
+    { "delsig"  , cmdDELSIG    , KEYEDIT_NOT_SK,
+      N_("delete signatures from the selected user IDs") },
+    { "expire"  , cmdEXPIRE    , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
+      N_("change the expiration date for the key or selected subkeys") },
+    { "primary" , cmdPRIMARY   , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
+      N_("flag the selected user ID as primary")},
+    { "toggle"  , cmdTOGGLE    , KEYEDIT_NEED_SK,
+      N_("toggle between the secret and public key listings") },
+    { "t"       , cmdTOGGLE    , KEYEDIT_NEED_SK, NULL },
+    { "pref"    , cmdPREF      , KEYEDIT_NOT_SK,
+      N_("list preferences (expert)")},
+    { "showpref", cmdSHOWPREF  , KEYEDIT_NOT_SK,
+      N_("list preferences (verbose)") },
+    { "setpref" , cmdSETPREF   , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
+      N_("set preference list for the selected user IDs") },
+    /* Alias */
+    { "updpref" , cmdSETPREF   , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK, NULL },
+
+    { "keyserver",cmdPREFKS    , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
+      N_("set preferred keyserver URL for the selected user IDs")},
+    { "passwd"  , cmdPASSWD    , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
+      N_("change the passphrase") },
+    /* Alias */
+    { "password", cmdPASSWD    , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK, NULL },
+
+    { "trust"   , cmdTRUST     , KEYEDIT_NOT_SK, N_("change the ownertrust") },
+    { "revsig"  , cmdREVSIG    , KEYEDIT_NOT_SK,
+      N_("revoke signatures on the selected user IDs") },
+    { "revuid"  , cmdREVUID    , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
+      N_("revoke selected user IDs") },
+    /* Alias */
+    { "revphoto", cmdREVUID    , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK, NULL },
+
+    { "revkey"  , cmdREVKEY    , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
+      N_("revoke key or selected subkeys") },
+    { "enable"  , cmdENABLEKEY , KEYEDIT_NOT_SK, N_("enable key") },
+    { "disable" , cmdDISABLEKEY, KEYEDIT_NOT_SK, N_("disable key") },
+    { "showphoto",cmdSHOWPHOTO , 0, N_("show selected photo IDs") },
+    { NULL, cmdNONE, 0, NULL }
+  };
+
+
+#ifdef HAVE_LIBREADLINE
+
+/* These two functions are used by readline for command completion. */
+
+static char *
+command_generator(const char *text,int state)
+{
+  static int list_index,len;
+  const char *name;
+
+  /* If this is a new word to complete, initialize now.  This includes
+     saving the length of TEXT for efficiency, and initializing the
+     index variable to 0. */
+  if(!state)
+    {
+      list_index=0;
+      len=strlen(text);
+    }
+
+  /* Return the next partial match */
+  while((name=cmds[list_index].name))
+    {
+      /* Only complete commands that have help text */
+      if(cmds[list_index++].desc && strncmp(name,text,len)==0)
+       return strdup(name);
+    }
+
+  return NULL;
+}
+
+static char **
+keyedit_completion(const char *text, int start, int end)
+{
+  /* If we are at the start of a line, we try and command-complete.
+     If not, just do nothing for now. */
+
+  if(start==0)
+    return rl_completion_matches(text,command_generator);
+
+  rl_attempted_completion_over=1;
+
+  return NULL;
+}
+#endif /* HAVE_LIBREADLINE */
+
+
 void
 keyedit_menu( const char *username, STRLIST locusr,
              STRLIST commands, int quiet, int seckey_check )
 {
-    enum cmdids { cmdNONE = 0,
-          cmdQUIT, cmdHELP, cmdFPR, cmdLIST, cmdSELUID, cmdCHECK, cmdSIGN,
-           cmdTSIGN, cmdLSIGN, cmdNRSIGN, cmdNRLSIGN, cmdREVSIG, cmdREVKEY,
-          cmdREVUID, cmdDELSIG, cmdPRIMARY, cmdDEBUG, cmdSAVE, cmdADDUID,
-          cmdADDPHOTO, cmdDELUID, cmdADDKEY, cmdDELKEY, cmdADDREVOKER,
-          cmdTOGGLE, cmdSELKEY, cmdPASSWD, cmdTRUST, cmdPREF, cmdEXPIRE,
-          cmdENABLEKEY, cmdDISABLEKEY, cmdSHOWPREF, cmdSETPREF, cmdUPDPREF,
-          cmdPREFKS, cmdINVCMD, cmdSHOWPHOTO, cmdUPDTRUST, cmdCHKTRUST,
-           cmdADDCARDKEY, cmdKEYTOCARD,
-   cmdNOP };
-    static struct { const char *name;
-                   enum cmdids id;
-                   int need_sk;
-                    int not_with_sk;  /* but 2 == must use SK */
-                   const char *desc;
-                 } cmds[] = { 
-       { N_("quit")    , cmdQUIT      , 0,0, N_("quit this menu") },
-       { N_("q")       , cmdQUIT      , 0,0, NULL   },
-       { N_("save")    , cmdSAVE      , 0,0, N_("save and quit") },
-       { N_("help")    , cmdHELP      , 0,0, N_("show this help") },
-       {    "?"        , cmdHELP      , 0,0, NULL   },
-       { N_("fpr")     , cmdFPR       , 0,0, N_("show fingerprint") },
-       { N_("list")    , cmdLIST      , 0,0, N_("list key and user IDs") },
-       { N_("l")       , cmdLIST      , 0,0, NULL   },
-       { N_("uid")     , cmdSELUID    , 0,0, N_("select user ID N") },
-       { N_("key")     , cmdSELKEY    , 0,0, N_("select secondary key N") },
-       { N_("check")   , cmdCHECK     , 0,0, N_("list signatures") },
-       { N_("c")       , cmdCHECK     , 0,0, NULL },
-       { N_("sign")    , cmdSIGN      , 0,1, N_("sign the key") },
-       { N_("s")       , cmdSIGN      , 0,1, NULL },
-       { N_("tsign")   , cmdTSIGN     , 0,1, N_("make a trust signature")},
-       { N_("lsign")   , cmdLSIGN     , 0,1, N_("sign the key locally") },
-       { N_("nrsign")  , cmdNRSIGN    , 0,1, N_("sign the key non-revocably") },
-       { N_("nrlsign") , cmdNRLSIGN   , 0,1, N_("sign the key locally and non-revocably") },
-       { N_("debug")   , cmdDEBUG     , 0,0, NULL },
-       { N_("adduid")  , cmdADDUID    , 1,1, N_("add a user ID") },
-       { N_("addphoto"), cmdADDPHOTO  , 1,1, N_("add a photo ID") },
-       { N_("deluid")  , cmdDELUID    , 0,1, N_("delete user ID") },
-       /* delphoto is really deluid in disguise */
-       { N_("delphoto"), cmdDELUID    , 0,1, NULL },
-       { N_("addkey")  , cmdADDKEY    , 1,1, N_("add a secondary key") },
-#ifdef ENABLE_CARD_SUPPORT
-       { N_("addcardkey"), cmdADDCARDKEY , 1,1, N_("add a key to a smartcard") },
-       { N_("keytocard"), cmdKEYTOCARD , 1,2, N_("move a key to a smartcard")},
-#endif /*ENABLE_CARD_SUPPORT*/
-       { N_("delkey")  , cmdDELKEY    , 0,1, N_("delete a secondary key") },
-       { N_("addrevoker"),cmdADDREVOKER,1,1, N_("add a revocation key") },
-       { N_("delsig")  , cmdDELSIG    , 0,1, N_("delete signatures") },
-       { N_("expire")  , cmdEXPIRE    , 1,1, N_("change the expire date") },
-        { N_("primary") , cmdPRIMARY   , 1,1, N_("flag user ID as primary")},
-       { N_("toggle")  , cmdTOGGLE    , 1,0, N_("toggle between secret "
-                                                "and public key listing") },
-       { N_("t"     )  , cmdTOGGLE    , 1,0, NULL },
-       { N_("pref")    , cmdPREF      , 0,1, N_("list preferences (expert)")},
-       { N_("showpref"), cmdSHOWPREF  , 0,1, N_("list preferences (verbose)") },
-       { N_("setpref") , cmdSETPREF   , 1,1, N_("set preference list") },
-       { N_("updpref") , cmdUPDPREF   , 1,1, N_("updated preferences") },
-       { N_("keyserver"),cmdPREFKS    , 1,1, N_("set preferred keyserver URL")},
-       { N_("passwd")  , cmdPASSWD    , 1,1, N_("change the passphrase") },
-       { N_("trust")   , cmdTRUST     , 0,1, N_("change the ownertrust") },
-       { N_("revsig")  , cmdREVSIG    , 0,1, N_("revoke signatures") },
-       { N_("revuid")  , cmdREVUID    , 1,1, N_("revoke a user ID") },
-       { N_("revkey")  , cmdREVKEY    , 1,1, N_("revoke a secondary key") },
-       { N_("disable") , cmdDISABLEKEY, 0,1, N_("disable a key") },
-       { N_("enable")  , cmdENABLEKEY , 0,1, N_("enable a key") },
-       { N_("showphoto"),cmdSHOWPHOTO , 0,0, N_("show photo ID") },
-       { NULL, cmdNONE, 0, 0, NULL } };
     enum cmdids cmd = 0;
     int rc = 0;
     KBNODE keyblock = NULL;
@@ -1295,12 +1495,26 @@ keyedit_menu( const char *username, STRLIST locusr,
 
     if ( opt.command_fd != -1 )
         ;
-    else if( opt.batch && !have_commands  ) {
-       log_error(_("can't do that in batchmode\n"));
+    else if( opt.batch && !have_commands )
+      {
+       log_error(_("can't do this in batch mode\n"));
        goto leave;
-    }
+      }
 
-    /* get the public key */
+#ifdef HAVE_W32_SYSTEM
+    /* Due to Windows peculiarities we need to make sure that the
+       trustdb stale check is done before we open another file
+       (i.e. by searching for a key).  In theory we could make sure
+       that the files are closed after use but the open/close caches
+       inhibits that and flushing the cache right before the stale
+       check is not easy to implement.  Thus we take the easy way out
+       and run the stale check as early as possible.  Note, that for
+       non- W32 platforms it is run indirectly trough a call to
+       get_validity ().  */
+    check_trustdb_stale ();
+#endif
+
+    /* Get the public key */
     rc = get_pubkey_byname (NULL, username, &keyblock, &kdbhd, 1);
     if( rc )
        goto leave;
@@ -1324,18 +1538,21 @@ keyedit_menu( const char *username, STRLIST locusr,
                 afp[an++] = 0;
             rc = keydb_search_fpr (sec_kdbhd, afp);
         }
-       if (!rc) {
+       if (!rc)
+         {
            rc = keydb_get_keyblock (sec_kdbhd, &sec_keyblock);
-           if (rc) {
-               log_error (_("error reading secret keyblock `%s': %s\n"),
-                                               username, g10_errstr(rc));
-           }
-            else {
+           if (rc)
+             {
+               log_error (_("error reading secret keyblock \"%s\": %s\n"),
+                          username, g10_errstr(rc));
+             }
+            else
+             {
                 merge_keys_and_selfsig( sec_keyblock );
                 if( fix_keyblock( sec_keyblock ) )
-                    sec_modified++;
-            }
-       }
+                 sec_modified++;
+             }
+         }
 
         if (rc) {
             sec_keyblock = NULL;
@@ -1356,6 +1573,7 @@ keyedit_menu( const char *username, STRLIST locusr,
        PKT_public_key *pk=keyblock->pkt->pkt.public_key;
 
        tty_printf("\n");
+
        if( redisplay && !quiet )
          {
            show_key_with_all_names( cur_keyblock, 0, 1, 0, 1, 0 );
@@ -1375,10 +1593,13 @@ keyedit_menu( const char *username, STRLIST locusr,
                else
                    have_commands = 0;
            }
-           if( !have_commands ) {
+           if( !have_commands )
+             {
+               tty_enable_completion(keyedit_completion);
                answer = cpr_get_no_help("keyedit.prompt", _("Command> "));
                cpr_kill_prompt();
-           }
+               tty_disable_completion();
+             }
            trim_spaces(answer);
        } while( *answer == '#' );
 
@@ -1401,30 +1622,58 @@ keyedit_menu( const char *username, STRLIST locusr,
                 arg_string = p;
            }
 
-           for(i=0; cmds[i].name; i++ ) {
-               if( !ascii_strcasecmp( answer, cmds[i].name ) )
-                   break;
-           }
-           if( cmds[i].need_sk && !sec_keyblock ) {
+           for(i=0; cmds[i].name; i++ )
+             {
+               if(cmds[i].flags & KEYEDIT_TAIL_MATCH)
+                 {
+                   size_t l=strlen(cmds[i].name);
+                   size_t a=strlen(answer);
+                   if(a>=l)
+                     {
+                       if(ascii_strcasecmp(&answer[a-l],cmds[i].name)==0)
+                         {
+                           answer[a-l]='\0';
+                           break;
+                         }
+                     }
+                 }
+               else if( !ascii_strcasecmp( answer, cmds[i].name ) )
+                 break;
+             }
+           if((cmds[i].flags & KEYEDIT_NEED_SK) && !sec_keyblock )
+             {
                tty_printf(_("Need the secret key to do this.\n"));
                cmd = cmdNOP;
-           }
-           else if(  (cmds[i].not_with_sk == 1 && sec_keyblock && toggle)
-                    ||(cmds[i].not_with_sk == 2 && sec_keyblock && !toggle)) {
+             }
+           else if(((cmds[i].flags & KEYEDIT_NOT_SK) && sec_keyblock
+                    && toggle)
+                    ||((cmds[i].flags & KEYEDIT_ONLY_SK) && sec_keyblock
+                      && !toggle))
+             {
                tty_printf(_("Please use the command \"toggle\" first.\n"));
                cmd = cmdNOP;
-           }
+             }
            else
-               cmd = cmds[i].id;
+             cmd = cmds[i].id;
        }
-       switch( cmd )  {
+       switch( cmd )
+         {
          case cmdHELP:
-           for(i=0; cmds[i].name; i++ ) {
-             if( cmds[i].need_sk && !sec_keyblock )
-               ; /* skip if we do not have the secret key */
-             else if( cmds[i].desc )
-               tty_printf("%-10s %s\n", cmds[i].name, _(cmds[i].desc) );
-           }
+           for(i=0; cmds[i].name; i++ )
+             {
+               if((cmds[i].flags & KEYEDIT_NEED_SK) && !sec_keyblock )
+                 ; /* skip if we do not have the secret key */
+               else if( cmds[i].desc )
+                 tty_printf("%-11s %s\n", cmds[i].name, _(cmds[i].desc) );
+             }
+
+           tty_printf("\n");
+           tty_printf(_(
+"* The `sign' command may be prefixed with an `l' for local "
+"signatures (lsign),\n"
+"  a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
+"  (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"));
+
            break;
 
          case cmdLIST:
@@ -1453,41 +1702,44 @@ keyedit_menu( const char *username, STRLIST locusr,
            break;
 
          case cmdSIGN: /* sign (only the public key) */
-         case cmdLSIGN: /* sign (only the public key) */
-         case cmdNRSIGN: /* sign (only the public key) */
-         case cmdNRLSIGN: /* sign (only the public key) */
-         case cmdTSIGN:
-           if( pk->is_revoked )
-             {
-               tty_printf(_("Key is revoked."));
+           {
+             int localsig=0,nonrevokesig=0,trustsig=0,interactive=0;
 
-               if(opt.expert)
-                 {
-                   tty_printf("  ");
-                   if(!cpr_get_answer_is_yes("keyedit.sign_revoked.okay",
-                                             _("Are you sure you still want "
-                                               "to sign it? (y/N) ")))
+             if( pk->is_revoked )
+               {
+                 tty_printf(_("Key is revoked."));
+
+                 if(opt.expert)
+                   {
+                     tty_printf("  ");
+                     if(!cpr_get_answer_is_yes("keyedit.sign_revoked.okay",
+                                               _("Are you sure you still want"
+                                                 " to sign it? (y/N) ")))
+                       break;
+                   }
+                 else
+                   {
+                     tty_printf(_("  Unable to sign.\n"));
                      break;
-                 }
-               else
-                 {
-                   tty_printf(_("  Unable to sign.\n"));
-                   break;
-                 }
-             }
+                   }
+               }
 
-           if( count_uids(keyblock) > 1 && !count_selected_uids(keyblock) ) {
-               if( !cpr_get_answer_is_yes("keyedit.sign_all.okay",
-                                          _("Really sign all user IDs? ")) ) {
-                   tty_printf(_("Hint: Select the user IDs to sign\n"));
-                   break;
+             if(count_uids(keyblock) > 1 && !count_selected_uids(keyblock)
+                && !cpr_get_answer_is_yes("keyedit.sign_all.okay",
+                                          _("Really sign all user IDs?"
+                                            " (y/N) ")))
+               interactive=1;
+
+             /* What sort of signing are we doing? */
+             if(!parse_sign_type(answer,&localsig,&nonrevokesig,&trustsig))
+               {
+                 tty_printf(_("Unknown signature type `%s'\n"),answer);
+                 break;
                }
-           }
 
-           sign_uids( keyblock, locusr, &modified,
-                      (cmd == cmdLSIGN) || (cmd == cmdNRLSIGN),
-                      (cmd == cmdNRSIGN) || (cmd==cmdNRLSIGN),
-                      (cmd == cmdTSIGN));
+             sign_uids(keyblock, locusr, &modified,
+                       localsig, nonrevokesig, trustsig, interactive);
+           }
            break;
 
          case cmdDEBUG:
@@ -1529,10 +1781,9 @@ keyedit_menu( const char *username, STRLIST locusr,
                    tty_printf(_("You must select at least one user ID.\n"));
                else if( real_uids_left(keyblock) < 1 )
                    tty_printf(_("You can't delete the last user ID!\n"));
-               else if( cpr_get_answer_is_yes(
-                           "keyedit.remove.uid.okay",
-                       n1 > 1? _("Really remove all selected user IDs? ")
-                             : _("Really remove this user ID? ")
+               else if( cpr_get_answer_is_yes("keyedit.remove.uid.okay",
+               n1 > 1? _("Really remove all selected user IDs? (y/N) ")
+                           : _("Really remove this user ID? (y/N) ")
                       ) ) {
                    menu_deluid( keyblock, sec_keyblock );
                    redisplay = 1;
@@ -1582,7 +1833,7 @@ keyedit_menu( const char *username, STRLIST locusr,
              {
              case 0:
                if (cpr_get_answer_is_yes("keyedit.keytocard.use_primary",
-                                         _("Really move the primary key? ")))
+                                    _("Really move the primary key? (y/N) ")))
                  node = sec_keyblock;
                break;
              case 1:
@@ -1608,6 +1859,69 @@ keyedit_menu( const char *username, STRLIST locusr,
              }
          }
           break;
+
+        case cmdBKUPTOCARD:
+         {
+            /* Ask for a filename, check whether this is really a
+               backup key as generated by the card generation, parse
+               that key and store it on card. */
+           KBNODE node;
+            const char *fname;
+            PACKET *pkt;
+            IOBUF a;
+
+            fname = arg_string;
+            if (!*fname)
+              {
+                tty_printf (_("Command expects a filename argument\n"));
+                break;
+              }
+
+            /* Open that file.  */
+            a = iobuf_open (fname);
+            if (a && is_secured_file (iobuf_get_fd (a)))
+              {
+                iobuf_close (a);
+                a = NULL;
+                errno = EPERM;
+              }
+            if (!a)
+              {
+               tty_printf (_("Can't open `%s': %s\n"),
+                            fname, strerror(errno));
+                break;
+              }
+            
+            /* Parse and check that file.  */
+            pkt = xmalloc (sizeof *pkt);
+            init_packet (pkt);
+            rc = parse_packet (a, pkt);
+            iobuf_close (a);
+            iobuf_ioctl (NULL, 2, 0, (char*)fname); /* (invalidate cache).  */
+            if (!rc 
+                && pkt->pkttype != PKT_SECRET_KEY 
+                && pkt->pkttype != PKT_SECRET_SUBKEY)
+              rc = G10ERR_NO_SECKEY;
+            if (rc)
+              {
+                tty_printf(_("Error reading backup key from `%s': %s\n"),
+                           fname, g10_errstr (rc));
+                free_packet (pkt);
+                xfree (pkt);
+                break;
+              }
+            node = new_kbnode (pkt);
+
+            /* Store it.  */
+            if (card_store_subkey (node, 0))
+              {
+                redisplay = 1;
+                sec_modified = 1;
+              }
+            release_kbnode (node);
+         }
+          break;
+
 #endif /* ENABLE_CARD_SUPPORT */
 
          case cmdDELKEY: {
@@ -1617,8 +1931,8 @@ keyedit_menu( const char *username, STRLIST locusr,
                    tty_printf(_("You must select at least one key.\n"));
                else if( !cpr_get_answer_is_yes( "keyedit.remove.subkey.okay",
                       n1 > 1?
-                       _("Do you really want to delete the selected keys? "):
-                       _("Do you really want to delete this key? ")
+                  _("Do you really want to delete the selected keys? (y/N) "):
+                       _("Do you really want to delete this key? (y/N) ")
                       ))
                    ;
                else {
@@ -1653,8 +1967,8 @@ keyedit_menu( const char *username, STRLIST locusr,
                    tty_printf(_("You must select at least one user ID.\n"));
                else if( cpr_get_answer_is_yes(
                            "keyedit.revoke.uid.okay",
-                       n1 > 1? _("Really revoke all selected user IDs? ")
-                             : _("Really revoke this user ID? ")
+                      n1 > 1? _("Really revoke all selected user IDs? (y/N) ")
+                            : _("Really revoke this user ID? (y/N) ")
                       ) ) {
                  if(menu_revuid(keyblock,sec_keyblock))
                    {
@@ -1665,36 +1979,49 @@ keyedit_menu( const char *username, STRLIST locusr,
            }
            break;
 
-         case cmdREVKEY: {
-               int n1;
+         case cmdREVKEY:
+           {
+             int n1;
 
-               if( !(n1=count_selected_keys( keyblock )) )
-                   tty_printf(_("You must select at least one key.\n"));
-               else if( sec_keyblock && !cpr_get_answer_is_yes(
-                           "keyedit.revoke.subkey.okay",
-                      n1 > 1?
-                       _("Do you really want to revoke the selected keys? "):
-                       _("Do you really want to revoke this key? ")
-                      ))
-                   ;
-               else {
-                   if( menu_revkey( keyblock, sec_keyblock ) ) {
-                       modified = 1;
-                       /*sec_modified = 1;*/
+             if( !(n1=count_selected_keys( keyblock )) )
+               {
+                 if(cpr_get_answer_is_yes("keyedit.revoke.subkey.okay",
+                                          _("Do you really want to revoke"
+                                            " the entire key? (y/N) ")))
+                   {
+                     if(menu_revkey(keyblock,sec_keyblock))
+                       modified=1;
+
+                     redisplay=1;
                    }
-                   redisplay = 1;
                }
+             else if(cpr_get_answer_is_yes("keyedit.revoke.subkey.okay",
+                                           n1 > 1?
+                                           _("Do you really want to revoke"
+                                             " the selected subkeys? (y/N) "):
+                                           _("Do you really want to revoke"
+                                             " this subkey? (y/N) ")))
+               {
+                 if( menu_revsubkey( keyblock, sec_keyblock ) )
+                   modified = 1;
+
+                 redisplay = 1;
+               }
+
+             if(modified)
+               merge_keys_and_selfsig( keyblock );
            }
            break;
 
          case cmdEXPIRE:
-           if( menu_expire( keyblock, sec_keyblock ) ) {
+           if( menu_expire( keyblock, sec_keyblock ) )
+             {
                merge_keys_and_selfsig( sec_keyblock );
                merge_keys_and_selfsig( keyblock );
                sec_modified = 1;
                modified = 1;
                redisplay = 1;
-           }
+             }
            break;
 
          case cmdPRIMARY:
@@ -1739,28 +2066,30 @@ keyedit_menu( const char *username, STRLIST locusr,
            break;
 
           case cmdSETPREF:
-            keygen_set_std_prefs ( !*arg_string? "default" : arg_string, 0);
-            break;
+           {
+             PKT_user_id *tempuid;
 
-         case cmdUPDPREF: 
-            {
-             PKT_user_id *temp=keygen_get_std_prefs();
+             keygen_set_std_prefs(!*arg_string?"default" : arg_string, 0);
+
+             tempuid=keygen_get_std_prefs();
              tty_printf(_("Set preference list to:\n"));
-             show_prefs(temp,NULL,1);
-             m_free(temp);
-            }
-            if (cpr_get_answer_is_yes ("keyedit.updpref.okay",
-                                        count_selected_uids (keyblock)?
-                                        _("Really update the preferences"
-                                          " for the selected user IDs? "):
-                                       _("Really update the preferences? "))){
-
-                if ( menu_set_preferences (keyblock, sec_keyblock) ) {
-                    merge_keys_and_selfsig (keyblock);
-                    modified = 1;
-                    redisplay = 1;
-                }
-            }
+             show_prefs(tempuid,NULL,1);
+             free_user_id(tempuid);
+
+             if(cpr_get_answer_is_yes("keyedit.setpref.okay",
+                                      count_selected_uids (keyblock)?
+                                      _("Really update the preferences"
+                                        " for the selected user IDs? (y/N) "):
+                                      _("Really update the preferences? (y/N) ")))
+               {
+                 if ( menu_set_preferences (keyblock, sec_keyblock) )
+                   {
+                     merge_keys_and_selfsig (keyblock);
+                     modified = 1;
+                     redisplay = 1;
+                   }
+               }
+           }
            break;
 
          case cmdPREFKS:
@@ -1801,10 +2130,10 @@ keyedit_menu( const char *username, STRLIST locusr,
            if( !modified && !sec_modified )
                goto leave;
            if( !cpr_get_answer_is_yes("keyedit.save.okay",
-                                       _("Save changes? ")) ) {
+                                       _("Save changes? (y/N) ")) ) {
                if( cpr_enabled()
                    || cpr_get_answer_is_yes("keyedit.cancel.okay",
-                                            _("Quit without saving? ")) )
+                                            _("Quit without saving? (y/N) ")))
                    goto leave;
                break;
            }
@@ -1853,6 +2182,7 @@ keyedit_menu( const char *username, STRLIST locusr,
 }
 
 
+\f
 /****************
  * show preferences of a public keyblock.
  */
@@ -1875,8 +2205,6 @@ show_prefs (PKT_user_id *uid, PKT_signature *selfsig, int verbose)
 
     if (verbose) {
         int any, des_seen=0, sha1_seen=0, uncomp_seen=0;
-       const byte *pref_ks;
-       size_t pref_ks_len;
 
         tty_printf ("     ");
        tty_printf (_("Cipher: "));
@@ -1970,14 +2298,20 @@ show_prefs (PKT_user_id *uid, PKT_signature *selfsig, int verbose)
          }
        tty_printf("\n");
 
-       pref_ks=parse_sig_subpkt(selfsig->hashed,
-                                SIGSUBPKT_PREF_KS,&pref_ks_len);
-       if(pref_ks && pref_ks_len)
+       if(selfsig)
          {
-           tty_printf ("     ");
-           tty_printf(_("Preferred keyserver: "));
-           tty_print_utf8_string(pref_ks,pref_ks_len);
-           tty_printf("\n");
+           const byte *pref_ks;
+           size_t pref_ks_len;
+
+           pref_ks=parse_sig_subpkt(selfsig->hashed,
+                                    SIGSUBPKT_PREF_KS,&pref_ks_len);
+           if(pref_ks && pref_ks_len)
+             {
+               tty_printf ("     ");
+               tty_printf(_("Preferred keyserver: "));
+               tty_print_utf8_string(pref_ks,pref_ks_len);
+               tty_printf("\n");
+             }
          }
     }
     else {
@@ -2164,8 +2498,8 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
                         int with_fpr, int with_subkeys, int with_prefs )
 {
     KBNODE node;
-    int i, rc;
-    int do_warn = 0, indent=0;
+    int i;
+    int do_warn = 0;
     byte pk_version=0;
     PKT_public_key *primary=NULL;
 
@@ -2201,29 +2535,44 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
                primary=pk;
            }
 
-           if(with_revoker) {
+           if(pk->is_revoked)
+             {
+               char *user=get_user_id_string_native(pk->revoked.keyid);
+               const char *algo=pubkey_algo_to_string(pk->revoked.algo);
+               tty_printf(_("This key was revoked on %s by %s key %s\n"),
+                          revokestr_from_pk(pk),algo?algo:"?",user);
+               m_free(user);
+             }
+
+           if(with_revoker)
+             {
                if( !pk->revkey && pk->numrevkeys )
-                   BUG();
+                 BUG();
                else
-                    for(i=0;i<pk->numrevkeys;i++) {
-                        u32 r_keyid[2];
-                        char *user;
-                       const char *algo=
-                         pubkey_algo_to_string(pk->revkey[i].algid);
-
-                        keyid_from_fingerprint(pk->revkey[i].fpr,
-                                               MAX_FINGERPRINT_LEN,r_keyid);
-                        
-                        user=get_user_id_string (r_keyid);
-                        tty_printf (_("This key may be revoked by %s key "),
-                                   algo?algo:"?");
-                        tty_print_utf8_string (user, strlen (user));
-                        if ((pk->revkey[i].class&0x40))
-                          tty_printf (_(" (sensitive)"));
-                        tty_printf ("\n");
-                        m_free(user);
-                      }
-            }
+                 for(i=0;i<pk->numrevkeys;i++)
+                   {
+                     u32 r_keyid[2];
+                     char *user;
+                     const char *algo=
+                       pubkey_algo_to_string(pk->revkey[i].algid);
+
+                     keyid_from_fingerprint(pk->revkey[i].fpr,
+                                            MAX_FINGERPRINT_LEN,r_keyid);
+
+                     user=get_user_id_string_native(r_keyid);
+                     tty_printf(_("This key may be revoked by %s key %s"),
+                                algo?algo:"?",user);
+
+                     if(pk->revkey[i].class&0x40)
+                       {
+                         tty_printf(" ");
+                         tty_printf(_("(sensitive)"));
+                       }
+
+                     tty_printf ("\n");
+                     m_free(user);
+                   }
+             }
 
            keyid_from_pk(pk,NULL);
            tty_printf("%s%c %4u%c/%s  ",
@@ -2249,7 +2598,7 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
              {
                if(opt.trust_model!=TM_ALWAYS)
                  {
-                   tty_printf("%*s",keystrlen()+13,"");
+                   tty_printf("%*s", (int)keystrlen()+13,"");
                    /* Ownertrust is only meaningful for the PGP or
                       classic trust models */
                    if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)
@@ -2315,58 +2664,30 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
                 tty_printf ("\n");
               }
          }
-       else if( with_subkeys && node->pkt->pkttype == PKT_SIGNATURE
-                && node->pkt->pkt.signature->sig_class == 0x28       ) {
-           PKT_signature *sig = node->pkt->pkt.signature;
-
-           rc = check_key_signature( keyblock, node, NULL );
-           if( !rc )
-               tty_printf( _("rev! subkey has been revoked: %s\n"),
-                           datestr_from_sig( sig ) );
-           else if( rc == G10ERR_BAD_SIGN )
-               tty_printf( _("rev- faked revocation found\n") );
-           else if( rc )
-               tty_printf( _("rev? problem checking revocation: %s\n"),
-                                                        g10_errstr(rc) );
-       }
     }
     
     /* the user ids */
 
+    i = 0;
     for( node = keyblock; node; node = node->next )
       {
-       if(node->pkt->pkttype == PKT_USER_ID
-          && (node->pkt->pkt.user_id->is_revoked
-              || node->pkt->pkt.user_id->is_expired))
+       if( node->pkt->pkttype == PKT_USER_ID )
          {
-           indent=1;
-           break;
-         }
-      }
-
-    i = 0;
-    for( node = keyblock; node; node = node->next ) {
-       if( node->pkt->pkttype == PKT_USER_ID ) {
            PKT_user_id *uid = node->pkt->pkt.user_id;
            ++i;
-           if( !only_marked || (only_marked && (node->flag & NODFLG_MARK_A))){
-               if(uid->is_revoked)
-                 tty_printf("[%8.8s] ",_("revoked"));
-               else if(uid->is_expired)
-                 tty_printf("[%8.8s] ",_("expired"));
-               else if(opt.list_options&LIST_SHOW_UID_VALIDITY && primary)
-                 tty_printf("[%8.8s] ",
-                            trust_value_to_string(get_validity(primary,uid)));
-               else if(indent)
-                 tty_printf("           ");
+           if( !only_marked || (only_marked && (node->flag & NODFLG_MARK_A)))
+             {
+               if(!only_marked && primary)
+                 tty_printf("%s ",uid_trust_string_fixed(primary,uid));
+
                if( only_marked )
-                  tty_printf("     ");
+                 tty_printf("     ");
                else if( node->flag & NODFLG_SELUID )
-                  tty_printf("(%d)* ", i);
+                 tty_printf("(%d)* ", i);
                else if( uid->is_primary )
-                  tty_printf("(%d). ", i);
+                 tty_printf("(%d). ", i);
                else
-                  tty_printf("(%d)  ", i);
+                 tty_printf("(%d)  ", i);
                tty_print_utf8_string( uid->name, uid->len );
                tty_printf("\n");
                if( with_prefs )
@@ -2391,16 +2712,16 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
                        show_prefs (uid, selfsig, with_prefs == 2);
                      }
                    else
-                     tty_printf(_("There are no preferences on a "
-                                  "PGP 2.x-style user ID.\n"));
+                     tty_printf(_("There are no preferences on a"
+                                  " PGP 2.x-style user ID.\n"));
                  }
-           }
-       }
-    }
+             }
+         }
+      }
 
     if (do_warn)
-        tty_printf (_("Please note that the shown key validity "
-                      "is not necessarily correct\n"
+        tty_printf (_("Please note that the shown key validity"
+                      " is not necessarily correct\n"
                       "unless you restart the program.\n")); 
 }
 
@@ -2463,9 +2784,9 @@ show_basic_key_info ( KBNODE keyblock )
      
           tty_printf ("     ");
           if (uid->is_revoked)
-            tty_printf (_("[revoked] "));
+            tty_printf("[%s] ",_("revoked"));
           else if ( uid->is_expired )
-            tty_printf (_("[expired] "));
+            tty_printf("[%s] ",_("expired"));
           tty_print_utf8_string (uid->name, uid->len);
           tty_printf ("\n");
         }
@@ -2912,7 +3233,7 @@ menu_addrevoker( KBNODE pub_keyblock, KBNODE sec_keyblock, int sensitive )
       rc=get_pubkey_byname(revoker_pk,answer,NULL,NULL,1);
       if(rc)
        {
-         log_error (_("key `%s' not found: %s\n"),answer,g10_errstr(rc));
+         log_error (_("key \"%s\" not found: %s\n"),answer,g10_errstr(rc));
          m_free(answer);
          continue;
        }
@@ -2985,7 +3306,7 @@ menu_addrevoker( KBNODE pub_keyblock, KBNODE sec_keyblock, int sensitive )
 
       if(!cpr_get_answer_is_yes("keyedit.add_revoker.okay",
                                _("Are you sure you want to appoint this "
-                                 "key as a designated revoker? (y/N): ")))
+                                 "key as a designated revoker? (y/N) ")))
        continue;
 
       free_public_key(revoker_pk);
@@ -3051,11 +3372,11 @@ menu_expire( KBNODE pub_keyblock, KBNODE sec_keyblock )
 
     n1 = count_selected_keys( pub_keyblock );
     if( n1 > 1 ) {
-       tty_printf(_("Please select at most one secondary key.\n"));
+       tty_printf(_("Please select at most one subkey.\n"));
        return 0;
     }
     else if( n1 )
-       tty_printf(_("Changing expiration time for a secondary key.\n"));
+       tty_printf(_("Changing expiration time for a subkey.\n"));
     else
       {
        tty_printf(_("Changing expiration time for the primary key.\n"));
@@ -3464,7 +3785,8 @@ menu_set_keyserver_url (const char *url,
        {
          PKT_signature *sig = node->pkt->pkt.signature;
          if ( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1]
-              && (uid && (sig->sig_class&~3) == 0x10) )
+              && (uid && (sig->sig_class&~3) == 0x10)
+              && sig->flags.chosen_selfsig)
            {
              char *user=utf8_to_native(uid->name,strlen(uid->name),0);
              if( sig->version < 4 )
@@ -3598,7 +3920,7 @@ menu_select_key( KBNODE keyblock, int idx )
            }
        }
        if( !node ) {
-           tty_printf(_("No secondary key with index %d\n"), idx );
+           tty_printf(_("No subkey with index %d\n"), idx );
            return 0;
        }
     }
@@ -3704,6 +4026,7 @@ static void
 ask_revoke_sig( KBNODE keyblock, KBNODE node )
 {
     int doit=0;
+    char *p;
     PKT_signature *sig = node->pkt->pkt.signature;
     KBNODE unode = find_prev_kbnode( keyblock, node, PKT_USER_ID );
 
@@ -3712,16 +4035,14 @@ ask_revoke_sig( KBNODE keyblock, KBNODE node )
        return;
     }
 
-    tty_printf(_("user ID: \""));
-    tty_print_utf8_string( unode->pkt->pkt.user_id->name,
-                          unode->pkt->pkt.user_id->len );
+    p=utf8_to_native(unode->pkt->pkt.user_id->name,
+                    unode->pkt->pkt.user_id->len,0);
+    tty_printf(_("user ID: \"%s\"\n"),p);
+    m_free(p);
 
-    if(sig->flags.exportable)
-      tty_printf(_("\"\nsigned with your key %s at %s\n"),
-                keystr(sig->keyid), datestr_from_sig(sig) );
-    else
-      tty_printf(_("\"\nlocally signed with your key %s at %s\n"),
-                keystr(sig->keyid), datestr_from_sig(sig) );
+    tty_printf(_("signed by your key %s on %s%s%s\n"),
+              keystr(sig->keyid),datestr_from_sig(sig),
+              sig->flags.exportable?"":_(" (non-exportable)"),"");
 
     if(sig->flags.expired)
       {
@@ -3757,8 +4078,11 @@ menu_revsig( KBNODE keyblock )
     int rc, any, skip=1, all=!count_selected_uids(keyblock);
     struct revocation_reason_info *reason = NULL;
 
+    assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
+
     /* FIXME: detect duplicates here  */
-    tty_printf(_("You have signed these user IDs:\n"));
+    tty_printf(_("You have signed these user IDs on key %s:\n"),
+              keystr_from_pk(keyblock->pkt->pkt.public_key));
     for( node = keyblock; node; node = node->next ) {
        node->flag &= ~(NODFLG_SELSIG | NODFLG_MARK_A);
        if( node->pkt->pkttype == PKT_USER_ID ) {
@@ -3779,21 +4103,25 @@ menu_revsig( KBNODE keyblock )
          {
            if( (sig->sig_class&~3) == 0x10 )
              {
-               tty_printf(_("   signed by %s on %s%s%s\n"),
+               tty_printf("   ");
+               tty_printf(_("signed by your key %s on %s%s%s\n"),
                           keystr(sig->keyid), datestr_from_sig(sig),
-                          sig->flags.exportable?"":" (non-exportable)",
-                          sig->flags.revocable?"":" (non-revocable)");
+                          sig->flags.exportable?"":_(" (non-exportable)"),
+                          sig->flags.revocable?"":_(" (non-revocable)"));
                if(sig->flags.revocable)
                  node->flag |= NODFLG_SELSIG;
              }
            else if( sig->sig_class == 0x30 )
              {
-               tty_printf(_("   revoked by %s on %s\n"),
-                          keystr(sig->keyid), datestr_from_sig(sig) );
+               tty_printf("   ");
+               tty_printf(_("revoked by your key %s on %s\n"),
+                          keystr(sig->keyid),datestr_from_sig(sig));
              }
          }
     }
 
+    tty_printf("\n");
+
     /* ask */
     for( node = keyblock; node; node = node->next ) {
        if( !(node->flag & NODFLG_SELSIG) )
@@ -3818,8 +4146,9 @@ menu_revsig( KBNODE keyblock )
        }
        else if( node->pkt->pkttype == PKT_SIGNATURE ) {
            sig = node->pkt->pkt.signature;
-           tty_printf(_("   signed by %s on %s%s\n"),
-                      keystr(sig->keyid), datestr_from_sig(sig),
+           tty_printf("   ");
+           tty_printf(_("signed by your key %s on %s%s%s\n"),
+                      keystr(sig->keyid), datestr_from_sig(sig),"",
                       sig->flags.exportable?"":_(" (non-exportable)") );
        }
     }
@@ -3994,13 +4323,58 @@ menu_revuid( KBNODE pub_keyblock, KBNODE sec_keyblock )
 }
 
 /****************
- * Revoke some of the secondary keys.
- * Hmmm: Should we add a revocation to the secret keyring too?
- *      Does its all make sense to duplicate most of the information?
+ * Revoke the whole key.
  */
 static int
 menu_revkey( KBNODE pub_keyblock, KBNODE sec_keyblock )
 {
+  PKT_public_key *pk=pub_keyblock->pkt->pkt.public_key;
+  PKT_secret_key *sk;
+  int rc,changed = 0;
+  struct revocation_reason_info *reason;
+  PACKET *pkt;
+  PKT_signature *sig;
+
+  if(pk->is_revoked)
+    {
+      tty_printf(_("Key %s is already revoked.\n"),keystr_from_pk(pk));
+      return 0;
+    }
+
+  reason = ask_revocation_reason( 1, 0, 0 );
+  /* user decided to cancel */
+  if( !reason )
+    return 0;
+
+  sk = copy_secret_key( NULL, sec_keyblock->pkt->pkt.secret_key );
+  rc = make_keysig_packet( &sig, pk, NULL, NULL, sk,
+                          0x20, 0, opt.force_v4_certs?4:0, 0, 0,
+                          revocation_reason_build_cb, reason );
+  free_secret_key(sk);
+  if( rc )
+    {
+      log_error(_("signing failed: %s\n"), g10_errstr(rc));
+      goto scram;
+    }
+
+  changed = 1; /* we changed the keyblock */
+
+  pkt = m_alloc_clear( sizeof *pkt );
+  pkt->pkttype = PKT_SIGNATURE;
+  pkt->pkt.signature = sig;
+  insert_kbnode( pub_keyblock, new_kbnode(pkt), 0 );
+  commit_kbnode( &pub_keyblock );
+
+  update_trust=1;
+
+ scram:
+  release_revocation_reason_info( reason );
+  return changed;
+}
+
+static int
+menu_revsubkey( KBNODE pub_keyblock, KBNODE sec_keyblock )
+{
     PKT_public_key *mainpk;
     KBNODE node;
     int changed = 0;
@@ -4023,6 +4397,13 @@ menu_revkey( KBNODE pub_keyblock, KBNODE sec_keyblock )
            PKT_public_key *subpk = node->pkt->pkt.public_key;
            struct sign_attrib attrib;
 
+           if(subpk->is_revoked)
+             {
+               tty_printf(_("Subkey %s is already revoked.\n"),
+                          keystr_from_pk(subpk));
+               continue;
+             }
+
            memset( &attrib, 0, sizeof attrib );
            attrib.reason = reason;