Fix for bug 537
[gnupg.git] / g10 / keylist.c
index 90a8d9d..95d452e 100644 (file)
@@ -1,5 +1,6 @@
-/* keylist.c
- * Copyright (C) 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc.
+/* keylist.c - print keys
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
+ *               2004, 2005 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -15,7 +16,8 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
  */
 
 #include <config.h>
 #include <errno.h>
 #include <assert.h>
 
+#include "gpg.h"
 #include "options.h"
 #include "packet.h"
 #include "errors.h"
 #include "keydb.h"
-#include "memory.h"
 #include "photoid.h"
 #include "util.h"
 #include "ttyio.h"
@@ -39,7 +41,8 @@
 #include "status.h"
 
 static void list_all(int);
-static void list_one( STRLIST names, int secret);
+static void list_one( strlist_t names, int secret);
+static void print_card_serialno (PKT_secret_key *sk);
 
 struct sig_stats
 {
@@ -55,17 +58,62 @@ static FILE *attrib_fp=NULL;
  * If list is NULL, all available keys are listed
  */
 void
-public_key_list( STRLIST list )
+public_key_list( strlist_t list )
 {
-    if( !list )
-       list_all(0);
-    else
-       list_one( list, 0 );
+  if(opt.with_colons)
+    {
+      byte trust_model,marginals,completes,cert_depth;
+      ulong created,nextcheck;
+
+      read_trust_options(&trust_model,&created,&nextcheck,
+                        &marginals,&completes,&cert_depth);
+
+      printf("tru:");
+
+      if(nextcheck && nextcheck <= make_timestamp())
+       printf("o");
+      if(trust_model!=opt.trust_model)
+       printf("t");
+      if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)
+       {
+         if(marginals!=opt.marginals_needed)
+           printf("m");
+         if(completes!=opt.completes_needed)
+           printf("c");
+         if(cert_depth!=opt.max_cert_depth)
+           printf("d");
+       }
+
+      printf(":%d:%lu:%lu",trust_model,created,nextcheck);
+
+      /* Only show marginals, completes, and cert_depth in the classic
+        or PGP trust models since they are not meaningful
+        otherwise. */
+
+      if(trust_model==TM_PGP || trust_model==TM_CLASSIC)
+       printf(":%d:%d:%d",marginals,completes,cert_depth);
+
+      printf("\n");
+    }
+
+  /* We need to do the stale check right here because it might need to
+     update the keyring while we already have the keyring open.  This
+     is very bad for W32 because of a sharing violation. For real OSes
+     it might lead to false results if we are later listing a keyring
+     which is associated with the inode of a deleted file.  */
+  check_trustdb_stale ();
+
+  if( !list )
+    list_all(0);
+  else
+    list_one( list, 0 );
 }
 
 void
-secret_key_list( STRLIST list )
+secret_key_list( strlist_t list )
 {
+    check_trustdb_stale ();
+
     if( !list )
        list_all(1);
     else  /* List by user id */
@@ -73,72 +121,266 @@ secret_key_list( STRLIST list )
 }
 
 void
-show_policy_url(PKT_signature *sig,int indent)
+print_seckey_info (PKT_secret_key *sk)
+{
+  u32 keyid[2];
+  char *p;
+
+  keyid_from_sk (sk, keyid);
+  p=get_user_id_native(keyid);
+
+  tty_printf ("\nsec  %4u%c/%s %s %s\n",
+             nbits_from_sk (sk),
+             pubkey_letter (sk->pubkey_algo),
+             keystr(keyid), datestr_from_sk (sk), p);
+    
+  xfree (p);
+}
+
+/* Print information about the public key.  With FP passed as NULL,
+   the tty output interface is used, otherwise output is directted to
+   the given stream. */
+void
+print_pubkey_info (FILE *fp, PKT_public_key *pk)
+{
+  u32 keyid[2];
+  char *p;
+
+  keyid_from_pk (pk, keyid);
+
+  /* If the pk was chosen by a particular user ID, that is the one to
+     print. */
+  if(pk->user_id)
+    p=utf8_to_native(pk->user_id->name,pk->user_id->len,0);
+  else
+    p=get_user_id_native(keyid);
+
+  if (fp)
+    fprintf (fp, "pub  %4u%c/%s %s %s\n",
+             nbits_from_pk (pk),
+             pubkey_letter (pk->pubkey_algo),
+             keystr(keyid), datestr_from_pk (pk), p);
+  else
+    tty_printf ("\npub  %4u%c/%s %s %s\n",
+                nbits_from_pk (pk), pubkey_letter (pk->pubkey_algo),
+                keystr(keyid), datestr_from_pk (pk), p);
+
+  xfree (p);
+}
+
+
+/* Print basic information of a secret key including the card serial
+   number information. */
+void
+print_card_key_info (FILE *fp, KBNODE keyblock)
+{
+  KBNODE node;
+  int i;
+
+  for (node = keyblock; node; node = node->next ) 
+    {
+      if (node->pkt->pkttype == PKT_SECRET_KEY
+          || (node->pkt->pkttype == PKT_SECRET_SUBKEY) )
+        {
+          PKT_secret_key *sk = node->pkt->pkt.secret_key;
+          
+          tty_fprintf (fp, "%s%c  %4u%c/%s  ",
+                      node->pkt->pkttype == PKT_SECRET_KEY? "sec":"ssb",
+                       (sk->protect.s2k.mode==1001)?'#':
+                       (sk->protect.s2k.mode==1002)?'>':' ',
+                      nbits_from_sk (sk),
+                      pubkey_letter (sk->pubkey_algo),
+                      keystr_from_sk(sk));
+          tty_fprintf (fp, _("created: %s"), datestr_from_sk (sk));
+          tty_fprintf (fp, "  ");
+          tty_fprintf (fp, _("expires: %s"), expirestr_from_sk (sk));
+          if (sk->is_protected && sk->protect.s2k.mode == 1002)
+            {
+              tty_fprintf (fp, "\n                      ");
+              tty_fprintf (fp, _("card-no: ")); 
+              if (sk->protect.ivlen == 16
+                  && !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01", 6))
+                { 
+                  /* This is an OpenPGP card. */
+                  for (i=8; i < 14; i++)
+                    {
+                      if (i == 10)
+                        tty_fprintf (fp, " ");
+                      tty_fprintf (fp, "%02X", sk->protect.iv[i]);
+                    }
+                }
+              else
+                { /* Something is wrong: Print all. */
+                  for (i=0; i < sk->protect.ivlen; i++)
+                    tty_fprintf (fp, "%02X", sk->protect.iv[i]);
+                }
+            }
+          tty_fprintf (fp, "\n");
+        }
+    }
+}
+
+
+
+/* Flags = 0x01 hashed 0x02 critical */
+static void
+status_one_subpacket(sigsubpkttype_t type,size_t len,int flags,const byte *buf)
+{
+  char status[40];
+
+  /* Don't print these. */
+  if(len>256)
+    return;
+
+  sprintf(status,"%d %u %u ",type,flags,(unsigned int)len);
+
+  write_status_text_and_buffer(STATUS_SIG_SUBPACKET,status,buf,len,0);
+}
+
+/*
+  mode=0 for stdout.
+  mode=1 for log_info + status messages
+  mode=2 for status messages only
+*/
+
+void
+show_policy_url(PKT_signature *sig,int indent,int mode)
 {
   const byte *p;
   size_t len;
   int seq=0,crit;
+  FILE *fp=mode?log_get_stream():stdout;
 
   while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_POLICY,&len,&seq,&crit)))
     {
-      int i;
+      if(mode!=2)
+       {
+         int i;
+         const char *str;
 
-      for(i=0;i<indent;i++)
-       putchar(' ');
+         for(i=0;i<indent;i++)
+           putchar(' ');
 
-      /* This isn't UTF8 as it is a URL(?) */
-      if(crit)
-       printf(_("Critical signature policy: "));
-      else
-       printf(_("Signature policy: "));
-      print_string(stdout,p,len,0);
-      printf("\n");
+         if(crit)
+           str=_("Critical signature policy: ");
+         else
+           str=_("Signature policy: ");
+         if(mode)
+           log_info("%s",str);
+         else
+           printf("%s",str);
+         print_utf8_string(fp,p,len);
+         fprintf(fp,"\n");
+       }
+
+      if(mode)
+       write_status_buffer ( STATUS_POLICY_URL, p, len, 0 );
     }
 }
 
+/*
+  mode=0 for stdout.
+  mode=1 for log_info + status messages
+  mode=2 for status messages only
+*/
+/* TODO: use this */
 void
-show_notation(PKT_signature *sig,int indent)
+show_keyserver_url(PKT_signature *sig,int indent,int mode)
 {
   const byte *p;
   size_t len;
   int seq=0,crit;
+  FILE *fp=mode?log_get_stream():stdout;
 
-  /* There may be multiple notations in the same sig. */
+  while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_PREF_KS,&len,&seq,&crit)))
+    {
+      if(mode!=2)
+       {
+         int i;
+         const char *str;
 
-  while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_NOTATION,&len,&seq,&crit)))
-    if(len>=8)
-      {
-       int n1,n2,i;
+         for(i=0;i<indent;i++)
+           putchar(' ');
+
+         if(crit)
+           str=_("Critical preferred keyserver: ");
+         else
+           str=_("Preferred keyserver: ");
+         if(mode)
+           log_info("%s",str);
+         else
+           printf("%s",str);
+         print_utf8_string(fp,p,len);
+         fprintf(fp,"\n");
+       }
 
-       n1=(p[4]<<8)|p[5];
-       n2=(p[6]<<8)|p[7];
+      if(mode)
+       status_one_subpacket(SIGSUBPKT_PREF_KS,len,(crit?0x02:0)|0x01,p);
+    }
+}
 
-       if(8+n1+n2!=len)
-         {
-           log_info(_("WARNING: invalid notation data found\n"));
-           return;
-         }
+/*
+  mode=0 for stdout.
+  mode=1 for log_info + status messages
+  mode=2 for status messages only
 
-       for(i=0;i<indent;i++)
-         putchar(' ');
+  which bits:
+  1 == standard notations
+  2 == user notations
+*/
 
-       /* This is UTF8 */
-       if(crit)
-         printf(_("Critical signature notation: "));
-       else
-         printf(_("Signature notation: "));
-       print_utf8_string(stdout,p+8,n1);
-       printf("=");
+void
+show_notation(PKT_signature *sig,int indent,int mode,int which)
+{
+  FILE *fp=mode?log_get_stream():stdout;
+  struct notation *nd,*notations;
 
-       if(*p&0x80)
-         print_utf8_string(stdout,p+8+n1,n2);
-       else
-         printf("[ %s ]",_("not human readable"));
+  if(which==0)
+    which=3;
 
-       printf("\n");
-      }
-  else
-    log_info(_("WARNING: invalid notation data found\n"));
+  notations=sig_to_notation(sig);
+
+  /* There may be multiple notations in the same sig. */
+  for(nd=notations;nd;nd=nd->next)
+    {
+      if(mode!=2)
+       {
+         int has_at=!!strchr(nd->name,'@');
+
+         if((which&1 && !has_at) || (which&2 && has_at))
+           {
+             int i;
+             const char *str;
+
+             for(i=0;i<indent;i++)
+               putchar(' ');
+
+             if(nd->flags.critical)
+               str=_("Critical signature notation: ");
+             else
+               str=_("Signature notation: ");
+             if(mode)
+               log_info("%s",str);
+             else
+               printf("%s",str);
+             /* This is all UTF8 */
+             print_utf8_string(fp,nd->name,strlen(nd->name));
+             fprintf(fp,"=");
+             print_utf8_string(fp,nd->value,strlen(nd->value));
+             fprintf(fp,"\n");
+           }
+       }
+
+      if(mode)
+       {
+         write_status_buffer(STATUS_NOTATION_NAME,
+                             nd->name,strlen(nd->name),0);
+         write_status_buffer(STATUS_NOTATION_DATA,
+                             nd->value,strlen(nd->value),50);
+       }
+    }
+
+  free_notation(notations);
 }
 
 static void
@@ -187,16 +429,20 @@ list_all( int secret )
             log_error ("keydb_get_keyblock failed: %s\n", g10_errstr(rc));
             goto leave;
         }
-        resname = keydb_get_resource_name (hd);
-       if (lastresname != resname ) {
-           int i;
-
-           printf("%s\n", resname );
-           for(i=strlen(resname); i; i-- )
-               putchar('-');
-           putchar('\n');
-            lastresname = resname;
-       }
+       if(!opt.with_colons)
+         {
+           resname = keydb_get_resource_name (hd);
+           if (lastresname != resname )
+             {
+               int i;
+
+               printf("%s\n", resname );
+               for(i=strlen(resname); i; i-- )
+                 putchar('-');
+               putchar('\n');
+               lastresname = resname;
+             }
+         }
         merge_keys_and_selfsig( keyblock );
        list_keyblock( keyblock, secret, opt.fingerprint,
                       opt.check_sigs?&stats:NULL);
@@ -216,13 +462,13 @@ list_all( int secret )
 
 
 static void
-list_one( STRLIST names, int secret )
+list_one( strlist_t names, int secret )
 {
     int rc = 0;
     KBNODE keyblock = NULL;
     GETKEY_CTX ctx;
     const char *resname;
-    char *keyring_str = N_("Keyring");
+    const char *keyring_str = _("Keyring");
     int i;
     struct sig_stats stats;
 
@@ -245,7 +491,7 @@ list_one( STRLIST names, int secret )
            return;
        }
        do {
-           if (opt.show_keyring) {
+           if ((opt.list_options&LIST_SHOW_KEYRING) && !opt.with_colons) {
                resname = keydb_get_resource_name (get_ctx_handle(ctx));
                printf("%s: %s\n", keyring_str, resname);
                for(i = strlen(resname) + strlen(keyring_str) + 2; i; i-- )
@@ -265,7 +511,7 @@ list_one( STRLIST names, int secret )
            return;
        }
        do {
-           if (opt.show_keyring) {
+         if ((opt.list_options&LIST_SHOW_KEYRING) && !opt.with_colons) {
                resname = keydb_get_resource_name (get_ctx_handle(ctx));
                printf("%s: %s\n", keyring_str, resname);
                for(i = strlen(resname) + strlen(keyring_str) + 2; i; i-- )
@@ -284,7 +530,7 @@ list_one( STRLIST names, int secret )
 }
 
 static void
-print_key_data( PKT_public_key *pk, u32 *keyid )
+print_key_data( PKT_public_key *pk )
 {
     int n = pk ? pubkey_get_npkey( pk->pubkey_algo ) : 0;
     int i;
@@ -300,24 +546,36 @@ print_key_data( PKT_public_key *pk, u32 *keyid )
 static void
 print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock)
 {
-    unsigned int use = pk? pk->pubkey_usage : sk->pubkey_usage;
+  if(pk || (sk && sk->protect.s2k.mode!=1001))
+    {
+      unsigned int use = pk? pk->pubkey_usage : sk->pubkey_usage;
     
-    if ( use & PUBKEY_USAGE_ENC ) {
+      if ( use & PUBKEY_USAGE_ENC )
         putchar ('e');
+
+      if ( use & PUBKEY_USAGE_SIG )
+       {
+         putchar ('s');
+         if( pk? pk->is_primary : sk->is_primary )
+           putchar ('c');
+       }
+
+      if ( (use & PUBKEY_USAGE_AUTH) )
+        putchar ('a');
     }
-    if ( (use & PUBKEY_USAGE_SIG) && !(sk?(sk->protect.s2k.mode==1001):0) ) {
-        putchar ('s');
-       if( pk? pk->is_primary : sk->is_primary )
-         putchar ('c');
-    }
-    if ( keyblock ) { /* figure our the usable capabilities */
+
+    if ( keyblock ) { /* figure out the usable capabilities */
         KBNODE k;
-        int enc=0, sign=0, cert=0;
+        int enc=0, sign=0, cert=0, auth=0, disabled=0;
 
         for (k=keyblock; k; k = k->next ) {
             if ( k->pkt->pkttype == PKT_PUBLIC_KEY 
                  || k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
                 pk = k->pkt->pkt.public_key;
+
+               if(pk->is_primary)
+                 disabled=pk_is_disabled(pk);
+
                 if ( pk->is_valid && !pk->is_revoked && !pk->has_expired ) {
                     if ( pk->pubkey_usage & PUBKEY_USAGE_ENC )
                         enc = 1;
@@ -327,6 +585,8 @@ print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock)
                        if(pk->is_primary)
                          cert = 1;
                      }
+                    if ( (pk->pubkey_usage & PUBKEY_USAGE_AUTH) )
+                      auth = 1;
                 }
             }
             else if ( k->pkt->pkttype == PKT_SECRET_KEY 
@@ -342,6 +602,8 @@ print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock)
                        if(sk->is_primary)
                          cert = 1;
                      }
+                    if ( (sk->pubkey_usage & PUBKEY_USAGE_AUTH) )
+                        auth = 1;
                 }
             }
         }
@@ -351,17 +613,67 @@ print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock)
             putchar ('S');
         if (cert)
             putchar ('C');
+        if (auth)
+            putchar ('A');
+        if (disabled)
+            putchar ('D');
     }
+
     putchar(':');
 }
 
-static void dump_attribs(const PKT_user_id *uid,
-                        PKT_public_key *pk,PKT_secret_key *sk)
+/* Flags = 0x01 hashed 0x02 critical */
+static void
+print_one_subpacket(sigsubpkttype_t type,size_t len,int flags,const byte *buf)
+{
+  size_t i;
+
+  printf("spk:%d:%u:%u:",type,flags,(unsigned int)len);
+
+  for(i=0;i<len;i++)
+    {
+      /* printable ascii other than : and % */
+      if(buf[i]>=32 && buf[i]<=126 && buf[i]!=':' && buf[i]!='%')
+       printf("%c",buf[i]);
+      else
+       printf("%%%02X",buf[i]);
+    }
+
+  printf("\n");
+}
+
+void
+print_subpackets_colon(PKT_signature *sig)
+{
+  byte *i;
+
+  assert(opt.show_subpackets);
+
+  for(i=opt.show_subpackets;*i;i++)
+    {
+      const byte *p;
+      size_t len;
+      int seq,crit;
+
+      seq=0;
+
+      while((p=enum_sig_subpkt(sig->hashed,*i,&len,&seq,&crit)))
+       print_one_subpacket(*i,len,0x01|(crit?0x02:0),p);
+
+      seq=0;
+
+      while((p=enum_sig_subpkt(sig->unhashed,*i,&len,&seq,&crit)))
+       print_one_subpacket(*i,len,0x00|(crit?0x02:0),p);
+    }
+}
+
+void
+dump_attribs(const PKT_user_id *uid,PKT_public_key *pk,PKT_secret_key *sk)
 {
   int i;
 
   if(!attrib_fp)
-    BUG();
+    return;
 
   for(i=0;i<uid->numattribs;i++)
     {
@@ -403,9 +715,8 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
     KBNODE node;
     PKT_public_key *pk;
     PKT_secret_key *sk;
-    u32 keyid[2];
-    int any=0;
     struct sig_stats *stats=opaque;
+    int skip_sigs=0;
 
     /* get the keyid from the keyblock */
     node = find_kbnode( keyblock, secret? PKT_SECRET_KEY : PKT_PUBLIC_KEY );
@@ -415,105 +726,188 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
        return;
     }
 
-    if( secret ) {
+    if( secret )
+      {
        pk = NULL;
        sk = node->pkt->pkt.secret_key;
-       keyid_from_sk( sk, keyid );
-        printf("sec%c %4u%c/%08lX %s ", (sk->protect.s2k.mode==1001)?'#':' ',
-                                       nbits_from_sk( sk ),
-                                       pubkey_letter( sk->pubkey_algo ),
-                                       (ulong)keyid[1],
-                                       datestr_from_sk( sk ) );
-    }
-    else {
+
+        printf("sec%c  %4u%c/%s %s",(sk->protect.s2k.mode==1001)?'#':
+              (sk->protect.s2k.mode==1002)?'>':' ',
+              nbits_from_sk( sk ),pubkey_letter( sk->pubkey_algo ),
+              keystr_from_sk(sk),datestr_from_sk( sk ));
+
+       if(sk->has_expired)
+         {
+           printf(" [");
+           printf(_("expired: %s"),expirestr_from_sk(sk));
+           printf("]");
+         }
+       else if(sk->expiredate )
+         {
+           printf(" [");
+           printf(_("expires: %s"),expirestr_from_sk(sk));
+           printf("]");
+         }
+
+       printf("\n");
+      }
+    else
+      {
        pk = node->pkt->pkt.public_key;
        sk = NULL;
-       keyid_from_pk( pk, keyid );
-        printf("pub  %4u%c/%08lX %s ", nbits_from_pk( pk ),
-                                      pubkey_letter( pk->pubkey_algo ),
-                                      (ulong)keyid[1],
-                                      datestr_from_pk( pk ) );
-    }
+
+       check_trustdb_stale();
+
+       printf("pub   %4u%c/%s %s",
+              nbits_from_pk(pk),pubkey_letter(pk->pubkey_algo),
+              keystr_from_pk(pk),datestr_from_pk( pk ));
+
+       /* We didn't include this before in the key listing, but there
+          is room in the new format, so why not? */
+
+       if(pk->is_revoked)
+         {
+           printf(" [");
+           printf(_("revoked: %s"),revokestr_from_pk(pk));
+           printf("]");
+         }
+       else if(pk->has_expired)
+         {
+           printf(" [");
+           printf(_("expired: %s"),expirestr_from_pk(pk));
+           printf("]");
+         }
+       else if(pk->expiredate)
+         {
+           printf(" [");
+           printf(_("expires: %s"),expirestr_from_pk(pk));
+           printf("]");
+         }
+
+#if 0
+       /* I need to think about this some more.  It's easy enough to
+          include, but it looks sort of confusing in the
+          listing... */
+       if(opt.list_options&LIST_SHOW_VALIDITY)
+         {
+           int validity=get_validity(pk,NULL);
+           printf(" [%s]",trust_value_to_string(validity));
+         }
+#endif
+
+       printf("\n");
+      }
+
+    if( fpr )
+      print_fingerprint( pk, sk, 0 );
+    print_card_serialno (sk);
+    if( opt.with_key_data )
+      print_key_data( pk );
 
     for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) {
        if( node->pkt->pkttype == PKT_USER_ID && !opt.fast_list_mode ) {
-           if(attrib_fp && node->pkt->pkt.user_id->attrib_data!=NULL)
-             dump_attribs(node->pkt->pkt.user_id,pk,sk);
-            /* don't list revoked or expired UIDS unless we are in
-             * verbose mode and signature listing has not been
-             * requested */
-            if ( !opt.verbose && !opt.list_sigs &&
-                 (node->pkt->pkt.user_id->is_revoked ||
-                 node->pkt->pkt.user_id->is_expired ))
-                continue; 
-
-           if( any ) 
-                printf("uid%*s", 28, "");
-
-            if ( node->pkt->pkt.user_id->is_revoked )
-                fputs ("[revoked] ", stdout);
-            if ( node->pkt->pkt.user_id->is_expired )
-                fputs ("[expired] ", stdout);
-            print_utf8_string( stdout,  node->pkt->pkt.user_id->name,
-                               node->pkt->pkt.user_id->len );
+           PKT_user_id *uid=node->pkt->pkt.user_id;
+
+           if(pk && (uid->is_expired || uid->is_revoked)
+              && !(opt.list_options&LIST_SHOW_UNUSABLE_UIDS))
+             {
+               skip_sigs=1;
+               continue;
+             }
+           else
+             skip_sigs=0;
+
+           if(attrib_fp && uid->attrib_data!=NULL)
+             dump_attribs(uid,pk,sk);
+
+           if((uid->is_revoked || uid->is_expired)
+              || ((opt.list_options&LIST_SHOW_UID_VALIDITY) && pk))
+             {
+               const char *validity;
+               int indent;
+
+               validity=uid_trust_string_fixed(pk,uid);
+               indent=(keystrlen()+9)-atoi(uid_trust_string_fixed(NULL,NULL));
+
+               if(indent<0 || indent>40)
+                 indent=0;
+
+               printf("uid%*s%s ",indent,"",validity);
+             }
+           else
+             printf("uid%*s", (int)keystrlen()+10,"");
+
+            print_utf8_string( stdout, uid->name, uid->len );
            putchar('\n');
-           if( !any ) {
-               if( fpr )
-                   print_fingerprint( pk, sk, 0 );
-               if( opt.with_key_data )
-                   print_key_data( pk, keyid );
-               any = 1;
-           }
 
-           if(opt.show_photos && node->pkt->pkt.user_id->attribs!=NULL)
-             show_photos(node->pkt->pkt.user_id->attribs,
-                         node->pkt->pkt.user_id->numattribs,pk,sk);
+           if((opt.list_options&LIST_SHOW_PHOTOS) && uid->attribs!=NULL)
+             show_photos(uid->attribs,uid->numattribs,pk,sk);
        }
-       else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
-           u32 keyid2[2];
+       else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
+         {
            PKT_public_key *pk2 = node->pkt->pkt.public_key;
 
-           if( !any ) {
-               putchar('\n');
-               if( fpr )
-                   print_fingerprint( pk, sk, 0 ); /* of the main key */
-               any = 1;
-           }
-
-           keyid_from_pk( pk2, keyid2 );
-            printf("sub  %4u%c/%08lX %s", nbits_from_pk( pk2 ),
-                   pubkey_letter( pk2->pubkey_algo ),
-                   (ulong)keyid2[1],
-                   datestr_from_pk( pk2 ) );
-            if( pk2->expiredate ) {
-                printf(_(" [expires: %s]"), expirestr_from_pk( pk2 ) );
-            }
+           if((pk2->is_revoked || pk2->has_expired)
+              && !(opt.list_options&LIST_SHOW_UNUSABLE_SUBKEYS))
+             {
+               skip_sigs=1;
+               continue;
+             }
+           else
+             skip_sigs=0;
+
+            printf("sub   %4u%c/%s %s",
+                  nbits_from_pk( pk2 ),pubkey_letter( pk2->pubkey_algo ),
+                  keystr_from_pk(pk2),datestr_from_pk(pk2));
+           if( pk2->is_revoked )
+             {
+               printf(" [");
+               printf(_("revoked: %s"),revokestr_from_pk(pk2));
+               printf("]");
+             }
+           else if( pk2->has_expired )
+             {
+               printf(" [");
+               printf(_("expired: %s"),expirestr_from_pk(pk2));
+               printf("]");
+             }
+           else if( pk2->expiredate )
+             {
+               printf(" [");
+               printf(_("expires: %s"),expirestr_from_pk(pk2));
+               printf("]");
+             }
             putchar('\n');
            if( fpr > 1 )
-               print_fingerprint( pk2, NULL, 0 );
+             print_fingerprint( pk2, NULL, 0 );
            if( opt.with_key_data )
-               print_key_data( pk2, keyid2 );
-       }
-       else if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
-           u32 keyid2[2];
+             print_key_data( pk2 );
+         }
+       else if( node->pkt->pkttype == PKT_SECRET_SUBKEY )
+         {
            PKT_secret_key *sk2 = node->pkt->pkt.secret_key;
 
-           if( !any ) {
-               putchar('\n');
-               if( fpr )
-                   print_fingerprint( pk, sk, 0 ); /* of the main key */
-               any = 1;
-           }
-
-           keyid_from_sk( sk2, keyid2 );
-            printf("ssb  %4u%c/%08lX %s\n", nbits_from_sk( sk2 ),
-                                          pubkey_letter( sk2->pubkey_algo ),
-                                          (ulong)keyid2[1],
-                                          datestr_from_sk( sk2 ) );
+            printf("ssb%c  %4u%c/%s %s",
+                   (sk2->protect.s2k.mode==1001)?'#':
+                   (sk2->protect.s2k.mode==1002)?'>':' ',
+                  nbits_from_sk( sk2 ),pubkey_letter( sk2->pubkey_algo ),
+                  keystr_from_sk(sk2),datestr_from_sk( sk2 ) );
+            if( sk2->expiredate )
+             {
+               printf(" [");
+               printf(_("expires: %s"),expirestr_from_sk(sk2));
+               printf("]");
+             }
+           putchar('\n');
            if( fpr > 1 )
-               print_fingerprint( NULL, sk2, 0 );
-       }
-       else if( opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE ) {
+              {
+                print_fingerprint( NULL, sk2, 0 );
+                print_card_serialno (sk2);
+              }
+         }
+       else if( opt.list_sigs
+                && node->pkt->pkttype == PKT_SIGNATURE
+                && !skip_sigs ) {
            PKT_signature *sig = node->pkt->pkt.signature;
            int sigrc;
             char *sigstr;
@@ -521,42 +915,24 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
            if( stats ) {
                 /*fflush(stdout);*/
                rc = check_key_signature( keyblock, node, NULL );
-               switch( rc ) {
-                case 0:                 sigrc = '!'; break;
-                case G10ERR_BAD_SIGN:   stats->inv_sigs++; sigrc = '-'; break;
-                case G10ERR_NO_PUBKEY: 
-                case G10ERR_UNU_PUBKEY: stats->no_key++; continue;
-                default:                stats->oth_err++; sigrc = '%'; break;
+               switch( gpg_err_code (rc) ) {
+                case 0:                sigrc = '!'; break;
+                case GPG_ERR_BAD_SIGNATURE:
+                   stats->inv_sigs++; sigrc = '-'; break;
+                case GPG_ERR_NO_PUBKEY: 
+                case GPG_ERR_UNUSABLE_PUBKEY: stats->no_key++; continue;
+                default:               stats->oth_err++; sigrc = '%'; break;
                }
 
                /* TODO: Make sure a cached sig record here still has
                    the pk that issued it.  See also
                    keyedit.c:print_and_check_one_sig */
-
            }
            else {
                rc = 0;
                sigrc = ' ';
            }
 
-           if( !any ) { /* no user id, (maybe a revocation follows)*/
-             /* Check if the pk is really revoked - there could be a
-                 0x20 sig packet there even if we are not revoked
-                 (say, if a revocation key issued the packet, but the
-                 revocation key isn't present to verify it.) */
-               if( sig->sig_class == 0x20 && pk->is_revoked )
-                   puts("[revoked]");
-               else if( sig->sig_class == 0x18 )
-                   puts("[key binding]");
-               else if( sig->sig_class == 0x28 )
-                   puts("[subkey revoked]");
-               else
-                   putchar('\n');
-               if( fpr )
-                   print_fingerprint( pk, sk, 0 );
-               any=1;
-           }
-
            if( sig->sig_class == 0x20 || sig->sig_class == 0x28
                                       || sig->sig_class == 0x30 )
               sigstr = "rev";
@@ -573,7 +949,7 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
            }
 
             fputs( sigstr, stdout );
-           printf("%c%c %c%c%c%c%c %08lX %s   ",
+           printf("%c%c %c%c%c%c%c%c %s %s",
                    sigrc,(sig->sig_class-0x10>0 &&
                           sig->sig_class-0x10<4)?'0'+sig->sig_class-0x10:' ',
                    sig->flags.exportable?' ':'L',
@@ -581,7 +957,12 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
                    sig->flags.policy_url?'P':' ',
                    sig->flags.notation?'N':' ',
                    sig->flags.expired?'X':' ',
-                   (ulong)sig->keyid[1], datestr_from_sig(sig));
+                  (sig->trust_depth>9)?'T':
+                  (sig->trust_depth>0)?'0'+sig->trust_depth:' ',
+                  keystr(sig->keyid),datestr_from_sig(sig));
+           if(opt.list_options&LIST_SHOW_SIG_EXPIRE)
+             printf(" %s", expirestr_from_sig(sig));
+           printf("  ");
            if( sigrc == '%' )
                printf("[%s] ", g10_errstr(rc) );
            else if( sigrc == '?' )
@@ -590,15 +971,22 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
                size_t n;
                char *p = get_user_id( sig->keyid, &n );
                 print_utf8_string( stdout, p, n );
-               m_free(p);
+               xfree(p);
            }
            putchar('\n');
 
-           if(sig->flags.policy_url && opt.show_policy_url)
-             show_policy_url(sig,3);
+           if(sig->flags.policy_url
+              && (opt.list_options&LIST_SHOW_POLICY_URLS))
+             show_policy_url(sig,3,0);
+
+           if(sig->flags.notation && (opt.list_options&LIST_SHOW_NOTATIONS))
+             show_notation(sig,3,0,
+                           ((opt.list_options&LIST_SHOW_STD_NOTATIONS)?1:0)+
+                           ((opt.list_options&LIST_SHOW_USER_NOTATIONS)?2:0));
 
-           if(sig->flags.notation && opt.show_notation)
-             show_notation(sig,3);
+           if(sig->flags.pref_ks
+              && (opt.list_options&LIST_SHOW_KEYSERVER_URLS))
+             show_keyserver_url(sig,3,0);
 
            /* fixme: check or list other sigs here */
        }
@@ -606,6 +994,29 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
     putchar('\n');
 }
 
+void
+print_revokers(PKT_public_key *pk)
+{
+  /* print the revoker record */
+  if( !pk->revkey && pk->numrevkeys )
+    BUG();
+  else
+    {
+      int i,j;
+
+      for (i=0; i < pk->numrevkeys; i++)
+       {
+         byte *p;
+
+         printf ("rvk:::%d::::::", pk->revkey[i].algid);
+         p = pk->revkey[i].fpr;
+         for (j=0; j < 20; j++, p++ )
+           printf ("%02X", *p);
+         printf (":%02x%s:\n", pk->revkey[i].class,
+                 (pk->revkey[i].class&0x40)?"s":"");
+       }
+    }
+}
 
 static void
 list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
@@ -619,6 +1030,7 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
     int any=0;
     int trustletter = 0;
     int ulti_hack = 0;
+    int i;
 
     /* get the keyid from the keyblock */
     node = find_kbnode( keyblock, secret? PKT_SECRET_KEY : PKT_PUBLIC_KEY );
@@ -632,7 +1044,7 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
        pk = NULL;
        sk = node->pkt->pkt.secret_key;
        keyid_from_sk( sk, keyid );
-        printf("sec:u:%u:%d:%08lX%08lX:%s:%s:::",
+        printf("sec::%u:%d:%08lX%08lX:%s:%s:::",
                    nbits_from_sk( sk ),
                    sk->pubkey_algo,
                    (ulong)keyid[0],(ulong)keyid[1],
@@ -645,7 +1057,6 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
        sk = NULL;
        keyid_from_pk( pk, keyid );
         fputs( "pub:", stdout );
-        trustletter = 0;
         if ( !pk->is_valid )
             putchar ('i');
         else if ( pk->is_revoked )
@@ -660,76 +1071,91 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
                 ulti_hack = 1;
             putchar(trustletter);
         }
-        printf(":%u:%d:%08lX%08lX:%s:%s:",
+        printf(":%u:%d:%08lX%08lX:%s:%s::",
                    nbits_from_pk( pk ),
                    pk->pubkey_algo,
                    (ulong)keyid[0],(ulong)keyid[1],
                    colon_datestr_from_pk( pk ),
                    colon_strtime (pk->expiredate) );
-        if( pk->local_id )
-            printf("%lu", pk->local_id );
-        putchar(':');
         if( !opt.fast_list_mode && !opt.no_expensive_trust_checks  )
             putchar( get_ownertrust_info(pk) );
            putchar(':');
     }
-    
+
     if (opt.fixed_list_mode) {
         /* do not merge the first uid with the primary key */
         putchar(':');
         putchar(':');
         print_capabilities (pk, sk, keyblock);
+        if (secret) {
+          putchar(':'); /* End of field 13. */
+          putchar(':'); /* End of field 14. */
+          if (sk->protect.s2k.mode == 1001)
+            putchar('#'); /* Key is just a stub. */
+          else if (sk->protect.s2k.mode == 1002) {
+            /* Key is stored on an external token (card) or handled by
+               the gpg-agent.  Print the serial number of that token
+               here. */
+            for (i=0; i < sk->protect.ivlen; i++)
+              printf ("%02X", sk->protect.iv[i]);
+          }
+          putchar(':'); /* End of field 15. */
+        }
         putchar('\n');
+       if(pk)
+         print_revokers(pk);
         if( fpr )
             print_fingerprint( pk, sk, 0 );
         if( opt.with_key_data )
-            print_key_data( pk, keyid );
+            print_key_data( pk );
         any = 1;
     }
 
-
     for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) {
        if( node->pkt->pkttype == PKT_USER_ID && !opt.fast_list_mode ) {
+           PKT_user_id *uid=node->pkt->pkt.user_id;
            if(attrib_fp && node->pkt->pkt.user_id->attrib_data!=NULL)
              dump_attribs(node->pkt->pkt.user_id,pk,sk);
             /*
              * Fixme: We need a is_valid flag here too 
              */
            if( any ) {
-               char *str=node->pkt->pkt.user_id->attrib_data?"uat":"uid";
-                if ( node->pkt->pkt.user_id->is_revoked )
-                   printf("%s:r::::::::",str);
-                else if ( node->pkt->pkt.user_id->is_expired )
-                   printf("%s:e::::::::",str);
-               else if ( opt.no_expensive_trust_checks ) {
-                   printf("%s:::::::::",str);
-               }
+               char *str=uid->attrib_data?"uat":"uid";
+               /* If we're listing a secret key, leave out the
+                  validity values for now.  This is handled better in
+                  1.9. */
+               if ( sk )
+                   printf("%s:::::",str);
+                else if ( uid->is_revoked )
+                   printf("%s:r::::",str);
+                else if ( uid->is_expired )
+                   printf("%s:e::::",str);
+               else if ( opt.no_expensive_trust_checks )
+                   printf("%s:::::",str);
                 else {
-                   byte namehash[20];
-
-                   if( pk && !ulti_hack ) {
-                       if( node->pkt->pkt.user_id->attrib_data )
-                           rmd160_hash_buffer( namehash,
-                                          node->pkt->pkt.user_id->attrib_data,
-                                          node->pkt->pkt.user_id->attrib_len);
-                       else
-                           rmd160_hash_buffer( namehash,
-                                           node->pkt->pkt.user_id->name,
-                                           node->pkt->pkt.user_id->len  );
-                       trustletter = get_validity_info( pk, namehash );
-                   }
+                   int uid_validity;
+
+                   if( pk && !ulti_hack )
+                     uid_validity=get_validity_info (pk, uid);
                    else
-                       trustletter = 'u';
-                   printf("%s:%c::::::::",str,trustletter);
+                       uid_validity = 'u';
+                   printf("%s:%c::::",str,uid_validity);
                 }
+
+               printf("%s:",colon_strtime(uid->created));
+               printf("%s:",colon_strtime(uid->expiredate));
+
+               namehash_from_uid(uid);
+
+               for(i=0; i < 20; i++ )
+                 printf("%02X",uid->namehash[i]);
+
+               printf("::");
            }
-           if(node->pkt->pkt.user_id->attrib_data)
-             printf("%u %lu",
-                    node->pkt->pkt.user_id->numattribs,
-                    node->pkt->pkt.user_id->attrib_len);
+           if(uid->attrib_data)
+             printf("%u %lu",uid->numattribs,uid->attrib_len);
             else
-             print_string( stdout,  node->pkt->pkt.user_id->name,
-                           node->pkt->pkt.user_id->len, ':' );
+             print_string(stdout,uid->name,uid->len, ':' );
             putchar(':');
            if (any)
                 putchar('\n');
@@ -740,7 +1166,7 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
                if( fpr )
                    print_fingerprint( pk, sk, 0 );
                if( opt.with_key_data )
-                   print_key_data( pk, keyid );
+                   print_key_data( pk );
                any = 1;
            }
        }
@@ -769,9 +1195,11 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
             else if ( opt.fast_list_mode || opt.no_expensive_trust_checks )
                 ;
             else {
-                printf("%c", trustletter );
+               /* trustletter should always be defined here */
+               if(trustletter)
+                 printf("%c", trustletter );
             }
-            printf(":%u:%d:%08lX%08lX:%s:%s:",
+            printf(":%u:%d:%08lX%08lX:%s:%s:::::",
                        nbits_from_pk( pk2 ),
                        pk2->pubkey_algo,
                        (ulong)keyid2[0],(ulong)keyid2[1],
@@ -779,18 +1207,12 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
                        colon_strtime (pk2->expiredate)
                        /* fixme: add LID and ownertrust here */
                                                );
-            if( pk->local_id ) /* use the local_id of the main key??? */
-                printf("%lu", pk->local_id );
-            putchar(':');
-            putchar(':');
-            putchar(':');
-            putchar(':');
             print_capabilities (pk2, NULL, NULL);
             putchar('\n');
            if( fpr > 1 )
                print_fingerprint( pk2, NULL, 0 );
            if( opt.with_key_data )
-               print_key_data( pk2, keyid2 );
+               print_key_data( pk2 );
        }
        else if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
            u32 keyid2[2];
@@ -815,14 +1237,34 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
                        colon_strtime (sk2->expiredate)
                    /* fixme: add LID */ );
             print_capabilities (NULL, sk2, NULL);
+            if (opt.fixed_list_mode) {
+              /* We print the serial number only in fixed list mode
+                 for the primary key so, so avoid questions we print
+                 it for subkeys also only in this mode.  There is no
+                 technical reason, though. */
+              putchar(':'); /* End of field 13. */
+              putchar(':'); /* End of field 14. */
+              if (sk2->protect.s2k.mode == 1001)
+                putchar('#'); /* Key is just a stub. */
+              else if (sk2->protect.s2k.mode == 1002) {
+                /* Key is stored on an external token (card) or handled by
+                   the gpg-agent.  Print the serial number of that token
+                   here. */
+                for (i=0; i < sk2->protect.ivlen; i++)
+                  printf ("%02X", sk2->protect.iv[i]);
+              }
+              putchar(':'); /* End of field 15. */
+            }
             putchar ('\n');
            if( fpr > 1 )
-               print_fingerprint( NULL, sk2, 0 );
+              print_fingerprint( NULL, sk2, 0 );
        }
        else if( opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE ) {
            PKT_signature *sig = node->pkt->pkt.signature;
-           int sigrc;
+           int sigrc,fprokay=0;
             char *sigstr;
+           size_t fplen;
+           byte fparray[MAX_FINGERPRINT_LEN];
 
            if( !any ) { /* no user id, (maybe a revocation follows)*/
                if( sig->sig_class == 0x20 )
@@ -856,15 +1298,31 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
                continue;
            }
            if( opt.check_sigs ) {
+               PKT_public_key *signer_pk=NULL;
+
                fflush(stdout);
-               rc = check_key_signature( keyblock, node, NULL );
-               switch( rc ) {
-                 case 0:                  sigrc = '!'; break;
-                 case G10ERR_BAD_SIGN:    sigrc = '-'; break;
-                 case G10ERR_NO_PUBKEY: 
-                 case G10ERR_UNU_PUBKEY:  sigrc = '?'; break;
-                 default:                 sigrc = '%'; break;
+               if(opt.no_sig_cache)
+                 signer_pk=xmalloc_clear(sizeof(PKT_public_key));
+
+               rc = check_key_signature2( keyblock, node, NULL, signer_pk,
+                                          NULL, NULL, NULL );
+               switch ( gpg_err_code (rc) ) {
+                 case 0:                       sigrc = '!'; break;
+                 case GPG_ERR_BAD_SIGNATURE:   sigrc = '-'; break;
+                 case GPG_ERR_NO_PUBKEY: 
+                 case GPG_ERR_UNUSABLE_PUBKEY: sigrc = '?'; break;
+                 default:                      sigrc = '%'; break;
                }
+
+               if(opt.no_sig_cache)
+                 {
+                   if(rc==0)
+                     {
+                       fingerprint_from_pk (signer_pk, fparray, &fplen);
+                       fprokay=1;
+                     }
+                   free_public_key(signer_pk);
+                 }
            }
            else {
                rc = 0;
@@ -874,10 +1332,20 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
             putchar(':');
             if( sigrc != ' ' )
                 putchar(sigrc);
-            printf("::%d:%08lX%08lX:%s:%s:::", sig->pubkey_algo,
-                                                (ulong)sig->keyid[0],
-                          (ulong)sig->keyid[1], colon_datestr_from_sig(sig),
-                          colon_expirestr_from_sig(sig));
+            printf("::%d:%08lX%08lX:%s:%s:", sig->pubkey_algo,
+                  (ulong)sig->keyid[0], (ulong)sig->keyid[1],
+                  colon_datestr_from_sig(sig),
+                  colon_expirestr_from_sig(sig));
+
+           if(sig->trust_depth || sig->trust_value)
+             printf("%d %d",sig->trust_depth,sig->trust_value);
+           printf(":");
+
+           if(sig->trust_regexp)
+             print_string(stdout,sig->trust_regexp,
+                          strlen(sig->trust_regexp),':');
+           printf(":");
+
            if( sigrc == '%' )
                printf("[%s] ", g10_errstr(rc) );
            else if( sigrc == '?' )
@@ -886,9 +1354,25 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
                size_t n;
                char *p = get_user_id( sig->keyid, &n );
                 print_string( stdout, p, n, ':' );
-               m_free(p);
+               xfree(p);
            }
-            printf(":%02x%c:\n", sig->sig_class,sig->flags.exportable?'x':'l');
+            printf(":%02x%c:", sig->sig_class,sig->flags.exportable?'x':'l');
+
+           if(opt.no_sig_cache && opt.check_sigs && fprokay)
+             {
+               printf(":");
+
+               for (i=0; i < fplen ; i++ )
+                 printf ("%02X", fparray[i] );
+
+               printf(":");
+             }
+
+           printf("\n");
+
+           if(opt.show_subpackets)
+             print_subpackets_colon(sig);
+
            /* fixme: check or list other sigs here */
        }
     }
@@ -905,14 +1389,15 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
  * packet) comes first.  Fixme: Replace this by a generic sort
  * function.  */
 static void
-reorder_keyblock (KBNODE keyblock)
+do_reorder_keyblock (KBNODE keyblock,int attr)
 {
     KBNODE primary = NULL, primary0 = NULL, primary2 = NULL;
     KBNODE last, node;
 
     for (node=keyblock; node; primary0=node, node = node->next) {
        if( node->pkt->pkttype == PKT_USER_ID &&
-           !node->pkt->pkt.user_id->attrib_data &&
+           ((attr && node->pkt->pkt.user_id->attrib_data) ||
+            (!attr && !node->pkt->pkt.user_id->attrib_data)) &&
             node->pkt->pkt.user_id->is_primary ) {
             primary = primary2 = node;
             for (node=node->next; node; primary2=node, node = node->next ) {
@@ -944,6 +1429,13 @@ reorder_keyblock (KBNODE keyblock)
 }
 
 void
+reorder_keyblock (KBNODE keyblock)
+{
+  do_reorder_keyblock(keyblock,1);
+  do_reorder_keyblock(keyblock,0);
+}
+
+void
 list_keyblock( KBNODE keyblock, int secret, int fpr, void *opaque )
 {
     reorder_keyblock (keyblock);
@@ -994,14 +1486,14 @@ print_fingerprint (PKT_public_key *pk, PKT_secret_key *sk, int mode )
       {
        if(sk)
          {
-           PKT_secret_key *primary_sk=m_alloc_clear(sizeof(*primary_sk));
+           PKT_secret_key *primary_sk=xmalloc_clear(sizeof(*primary_sk));
            get_seckey(primary_sk,sk->main_keyid);
            print_fingerprint(NULL,primary_sk,mode|0x80);
            free_secret_key(primary_sk);
          }
        else
          {
-           PKT_public_key *primary_pk=m_alloc_clear(sizeof(*primary_pk));
+           PKT_public_key *primary_pk=xmalloc_clear(sizeof(*primary_pk));
            get_pubkey(primary_pk,pk->main_keyid);
            print_fingerprint(primary_pk,NULL,mode|0x80);
            free_public_key(primary_pk);
@@ -1009,7 +1501,7 @@ print_fingerprint (PKT_public_key *pk, PKT_secret_key *sk, int mode )
       }
 
     if (mode == 1) {
-        fp = log_stream ();
+        fp = log_get_stream ();
        if(primary)
          text = _("Primary key fingerprint:");
        else
@@ -1017,20 +1509,20 @@ print_fingerprint (PKT_public_key *pk, PKT_secret_key *sk, int mode )
     }
     else if (mode == 2) {
         fp = NULL; /* use tty */
-        /* Translators: this should fit into 24 bytes to that the fingerprint
-         * data is properly aligned with the user ID */
        if(primary)
+          /* TRANSLATORS: this should fit into 24 bytes to that the
+           * fingerprint data is properly aligned with the user ID */
          text = _(" Primary key fingerprint:");
        else
          text = _("      Subkey fingerprint:");
     }
     else if (mode == 3) {
         fp = NULL; /* use tty */
-       text = _("     Key fingerprint =");
+       text = _("      Key fingerprint =");
     }
     else {
         fp = stdout;
-       text = _("     Key fingerprint =");
+       text = _("      Key fingerprint =");
     }
   
     if (sk)
@@ -1084,6 +1576,41 @@ print_fingerprint (PKT_public_key *pk, PKT_secret_key *sk, int mode )
         tty_printf ("\n");
 }
 
+/* Print the serial number of an OpenPGP card if available. */
+static void
+print_card_serialno (PKT_secret_key *sk)
+{
+  int i;
+
+  if (!sk)
+    return;
+  if (!sk->is_protected || sk->protect.s2k.mode != 1002) 
+    return; /* Not a card. */
+  if (opt.with_colons)
+    return; /* Handled elsewhere. */
+
+  fputs (_("      Card serial no. ="), stdout);
+  putchar (' ');
+  if (sk->protect.ivlen == 16
+      && !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01", 6) )
+    { /* This is an OpenPGP card. Just print the relevant part. */
+      for (i=8; i < 14; i++)
+        {
+          if (i == 10)
+            putchar (' ');
+          printf ("%02X", sk->protect.iv[i]);
+        }
+    }
+  else
+    { /* Something is wrong: Print all. */
+      for (i=0; i < sk->protect.ivlen; i++)
+        printf ("%02X", sk->protect.iv[i]);
+    }
+  putchar ('\n');
+}
+
+
+
 void set_attrib_fd(int fd)
 {
   static int last_fd=-1;
@@ -1102,10 +1629,11 @@ void set_attrib_fd(int fd)
   else if( fd == 2 )
     attrib_fp = stderr;
   else
-    attrib_fp = fdopen( fd, "w" );
+    attrib_fp = fdopen( fd, "wb" );
   if( !attrib_fp ) {
     log_fatal("can't open fd %d for attribute output: %s\n",
              fd, strerror(errno));
   }
+
   last_fd = fd;
 }