Converted all m_free to xfree etc.
[gnupg.git] / g10 / keylist.c
index de5b575..b5ba537 100644 (file)
@@ -1,6 +1,6 @@
 /* keylist.c
- * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003
- *                                             Free Software Foundation, Inc.
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
+ *               2004, 2005 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -16,7 +16,8 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
  */
 
 #include <config.h>
@@ -41,6 +42,7 @@
 
 static void list_all(int);
 static void list_one( STRLIST names, int secret);
+static void print_card_serialno (PKT_secret_key *sk);
 
 struct sig_stats
 {
@@ -94,6 +96,13 @@ public_key_list( STRLIST list )
       printf("\n");
     }
 
+  /* We need to do the stale check right here because it might need to
+     update the keyring while we already have the keyring open.  This
+     is very bad for W32 because of a sharing violation. For real OSes
+     it might lead to false results if we are later listing a keyring
+     which is associated with the inode of a deleted file.  */
+  check_trustdb_stale ();
+
   if( !list )
     list_all(0);
   else
@@ -103,6 +112,8 @@ public_key_list( STRLIST list )
 void
 secret_key_list( STRLIST list )
 {
+    check_trustdb_stale ();
+
     if( !list )
        list_all(1);
     else  /* List by user id */
@@ -112,42 +123,118 @@ secret_key_list( STRLIST list )
 void
 print_seckey_info (PKT_secret_key *sk)
 {
-    u32 sk_keyid[2];
-    size_t n;
-    char *p;
-
-    keyid_from_sk (sk, sk_keyid);
-    tty_printf ("\nsec  %4u%c/%08lX %s   ",
-                nbits_from_sk (sk),
-                pubkey_letter (sk->pubkey_algo),
-                (ulong)sk_keyid[1], datestr_from_sk (sk));
-    
-    p = get_user_id (sk_keyid, &n);
-    tty_print_utf8_string (p, n);
-    m_free (p);
+  u32 keyid[2];
+  char *p;
+
+  keyid_from_sk (sk, keyid);
+  p=get_user_id_native(keyid);
 
-    tty_printf ("\n");   
+  tty_printf ("\nsec  %4u%c/%s %s %s\n",
+             nbits_from_sk (sk),
+             pubkey_letter (sk->pubkey_algo),
+             keystr(keyid), datestr_from_sk (sk), p);
+    
+  xfree (p);
 }
 
+/* Print information about the public key.  With FP passed as NULL,
+   the tty output interface is used, otherwise output is directted to
+   the given stream. */
 void
-print_pubkey_info (PKT_public_key *pk)
+print_pubkey_info (FILE *fp, PKT_public_key *pk)
 {
-  u32 pk_keyid[2];
-  size_t n;
+  u32 keyid[2];
   char *p;
 
-  keyid_from_pk (pk, pk_keyid);
-  tty_printf ("\npub  %4u%c/%08lX %s   ",
-              nbits_from_pk (pk),
-              pubkey_letter (pk->pubkey_algo),
-              (ulong)pk_keyid[1], datestr_from_pk (pk));
+  keyid_from_pk (pk, keyid);
 
+  /* If the pk was chosen by a particular user ID, that is the one to
+     print. */
+  if(pk->user_id)
+    p=utf8_to_native(pk->user_id->name,pk->user_id->len,0);
+  else
+    p=get_user_id_native(keyid);
 
-  p = get_user_id (pk_keyid, &n);
-  tty_print_utf8_string (p, n);
-  m_free (p);
-  
-  tty_printf ("\n\n"); 
+  if (fp)
+    fprintf (fp, "pub  %4u%c/%s %s %s\n",
+             nbits_from_pk (pk),
+             pubkey_letter (pk->pubkey_algo),
+             keystr(keyid), datestr_from_pk (pk), p);
+  else
+    tty_printf ("\npub  %4u%c/%s %s %s\n",
+                nbits_from_pk (pk), pubkey_letter (pk->pubkey_algo),
+                keystr(keyid), datestr_from_pk (pk), p);
+
+  xfree (p);
+}
+
+
+/* Print basic information of a secret key including the card serial
+   number information. */
+void
+print_card_key_info (FILE *fp, KBNODE keyblock)
+{
+  KBNODE node;
+  int i;
+
+  for (node = keyblock; node; node = node->next ) 
+    {
+      if (node->pkt->pkttype == PKT_SECRET_KEY
+          || (node->pkt->pkttype == PKT_SECRET_SUBKEY) )
+        {
+          PKT_secret_key *sk = node->pkt->pkt.secret_key;
+          
+          tty_fprintf (fp, "%s%c  %4u%c/%s  ",
+                      node->pkt->pkttype == PKT_SECRET_KEY? "sec":"ssb",
+                       (sk->protect.s2k.mode==1001)?'#':
+                       (sk->protect.s2k.mode==1002)?'>':' ',
+                      nbits_from_sk (sk),
+                      pubkey_letter (sk->pubkey_algo),
+                      keystr_from_sk(sk));
+          tty_fprintf (fp, _("created: %s"), datestr_from_sk (sk));
+          tty_fprintf (fp, "  ");
+          tty_fprintf (fp, _("expires: %s"), expirestr_from_sk (sk));
+          if (sk->is_protected && sk->protect.s2k.mode == 1002)
+            {
+              tty_fprintf (fp, "\n                      ");
+              tty_fprintf (fp, _("card-no: ")); 
+              if (sk->protect.ivlen == 16
+                  && !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01", 6))
+                { 
+                  /* This is an OpenPGP card. */
+                  for (i=8; i < 14; i++)
+                    {
+                      if (i == 10)
+                        tty_fprintf (fp, " ");
+                      tty_fprintf (fp, "%02X", sk->protect.iv[i]);
+                    }
+                }
+              else
+                { /* Something is wrong: Print all. */
+                  for (i=0; i < sk->protect.ivlen; i++)
+                    tty_fprintf (fp, "%02X", sk->protect.iv[i]);
+                }
+            }
+          tty_fprintf (fp, "\n");
+        }
+    }
+}
+
+
+
+/* Flags = 0x01 hashed 0x02 critical */
+static void
+status_one_subpacket(sigsubpkttype_t type,size_t len,int flags,const byte *buf)
+{
+  char status[40];
+
+  /* Don't print these. */
+  if(len>256)
+    return;
+
+  sprintf(status,"%d %u %u ",type,flags,(unsigned int)len);
+
+  write_status_text_and_buffer(STATUS_SIG_SUBPACKET,status,buf,len,0);
 }
 
 /*
@@ -169,7 +256,7 @@ show_policy_url(PKT_signature *sig,int indent,int mode)
       if(mode!=2)
        {
          int i;
-         char *str;
+         const char *str;
 
          for(i=0;i<indent;i++)
            putchar(' ');
@@ -210,7 +297,7 @@ show_keyserver_url(PKT_signature *sig,int indent,int mode)
       if(mode!=2)
        {
          int i;
-         char *str;
+         const char *str;
 
          for(i=0;i<indent;i++)
            putchar(' ');
@@ -227,7 +314,8 @@ show_keyserver_url(PKT_signature *sig,int indent,int mode)
          fprintf(fp,"\n");
        }
 
-      /* TODO: put in a status-fd tag for preferred keyservers */
+      if(mode)
+       status_one_subpacket(SIGSUBPKT_PREF_KS,len,(crit?0x02:0)|0x01,p);
     }
 }
 
@@ -235,16 +323,23 @@ show_keyserver_url(PKT_signature *sig,int indent,int mode)
   mode=0 for stdout.
   mode=1 for log_info + status messages
   mode=2 for status messages only
+
+  which bits:
+  1 == standard notations
+  2 == user notations
 */
 
 void
-show_notation(PKT_signature *sig,int indent,int mode)
+show_notation(PKT_signature *sig,int indent,int mode,int which)
 {
   const byte *p;
   size_t len;
   int seq=0,crit;
   FILE *fp=mode?log_stream():stdout;
 
+  if(which==0)
+    which=3;
+
   /* There may be multiple notations in the same sig. */
 
   while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_NOTATION,&len,&seq,&crit)))
@@ -258,35 +353,40 @@ show_notation(PKT_signature *sig,int indent,int mode)
        if(8+n1+n2!=len)
          {
            log_info(_("WARNING: invalid notation data found\n"));
-           return;
+           continue;
          }
 
        if(mode!=2)
          {
-           int i;
-           char *str;
+           int has_at=!!memchr(p+8,'@',n1);
 
-           for(i=0;i<indent;i++)
-             putchar(' ');
+           if((which&1 && !has_at) || (which&2 && has_at))
+             {
+               int i;
+               const char *str;
 
-           /* This is UTF8 */
-           if(crit)
-             str=_("Critical signature notation: ");
-           else
-             str=_("Signature notation: ");
-           if(mode)
-             log_info("%s",str);
-           else
-             printf("%s",str);
-           print_utf8_string(fp,p+8,n1);
-           fprintf(fp,"=");
+               for(i=0;i<indent;i++)
+                 putchar(' ');
 
-           if(*p&0x80)
-             print_utf8_string(fp,p+8+n1,n2);
-           else
-             fprintf(fp,"[ %s ]",_("not human readable"));
+               /* This is UTF8 */
+               if(crit)
+                 str=_("Critical signature notation: ");
+               else
+                 str=_("Signature notation: ");
+               if(mode)
+                 log_info("%s",str);
+               else
+                 printf("%s",str);
+               print_utf8_string(fp,p+8,n1);
+               fprintf(fp,"=");
 
-           fprintf(fp,"\n");
+               if(*p&0x80)
+                 print_utf8_string(fp,p+8+n1,n2);
+               else
+                 fprintf(fp,"[ %s ]",_("not human readable"));
+
+               fprintf(fp,"\n");
+             }
          }
 
        if(mode)
@@ -384,7 +484,7 @@ list_one( STRLIST names, int secret )
     KBNODE keyblock = NULL;
     GETKEY_CTX ctx;
     const char *resname;
-    char *keyring_str = _("Keyring");
+    const char *keyring_str = _("Keyring");
     int i;
     struct sig_stats stats;
 
@@ -446,7 +546,7 @@ list_one( STRLIST names, int secret )
 }
 
 static void
-print_key_data( PKT_public_key *pk, u32 *keyid )
+print_key_data( PKT_public_key *pk )
 {
     int n = pk ? pubkey_get_npkey( pk->pubkey_algo ) : 0;
     int i;
@@ -538,6 +638,51 @@ print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock)
     putchar(':');
 }
 
+/* Flags = 0x01 hashed 0x02 critical */
+static void
+print_one_subpacket(sigsubpkttype_t type,size_t len,int flags,const byte *buf)
+{
+  size_t i;
+
+  printf("spk:%d:%u:%u:",type,flags,(unsigned int)len);
+
+  for(i=0;i<len;i++)
+    {
+      /* printable ascii other than : and % */
+      if(buf[i]>=32 && buf[i]<=126 && buf[i]!=':' && buf[i]!='%')
+       printf("%c",buf[i]);
+      else
+       printf("%%%02X",buf[i]);
+    }
+
+  printf("\n");
+}
+
+void
+print_subpackets_colon(PKT_signature *sig)
+{
+  byte *i;
+
+  assert(opt.show_subpackets);
+
+  for(i=opt.show_subpackets;*i;i++)
+    {
+      const byte *p;
+      size_t len;
+      int seq,crit;
+
+      seq=0;
+
+      while((p=enum_sig_subpkt(sig->hashed,*i,&len,&seq,&crit)))
+       print_one_subpacket(*i,len,0x01|(crit?0x02:0),p);
+
+      seq=0;
+
+      while((p=enum_sig_subpkt(sig->unhashed,*i,&len,&seq,&crit)))
+       print_one_subpacket(*i,len,0x00|(crit?0x02:0),p);
+    }
+}
+
 void
 dump_attribs(const PKT_user_id *uid,PKT_public_key *pk,PKT_secret_key *sk)
 {
@@ -586,12 +731,8 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
     KBNODE node;
     PKT_public_key *pk;
     PKT_secret_key *sk;
-    u32 keyid[2];
-    int any=0;
     struct sig_stats *stats=opaque;
     int skip_sigs=0;
-    int newformat=((opt.list_options&LIST_SHOW_VALIDITY) && !secret)
-      || (opt.list_options & (LIST_SHOW_LONG_KEYID | LIST_SHOW_UNUSABLE_UIDS));
 
     /* get the keyid from the keyblock */
     node = find_kbnode( keyblock, secret? PKT_SECRET_KEY : PKT_PUBLIC_KEY );
@@ -605,55 +746,85 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
       {
        pk = NULL;
        sk = node->pkt->pkt.secret_key;
-       keyid_from_sk( sk, keyid );
-
-        printf("sec%c  %4u%c/",(sk->protect.s2k.mode==1001)?'#':' ',
-              nbits_from_sk( sk ),pubkey_letter( sk->pubkey_algo ));
 
-       if(opt.list_options&LIST_SHOW_LONG_KEYID)
-         printf("%08lX%08lX",(ulong)keyid[0],(ulong)keyid[1]);
-       else
-         printf("%08lX",(ulong)keyid[1]);
+        printf("sec%c  %4u%c/%s %s",(sk->protect.s2k.mode==1001)?'#':
+              (sk->protect.s2k.mode==1002)?'>':' ',
+              nbits_from_sk( sk ),pubkey_letter( sk->pubkey_algo ),
+              keystr_from_sk(sk),datestr_from_sk( sk ));
 
-       printf(" %s%s",datestr_from_sk( sk ),newformat?"":" " );
+       if(sk->has_expired)
+         {
+           printf(" [");
+           printf(_("expired: %s"),expirestr_from_sk(sk));
+           printf("]");
+         }
+       else if(sk->expiredate )
+         {
+           printf(" [");
+           printf(_("expires: %s"),expirestr_from_sk(sk));
+           printf("]");
+         }
 
-       if(newformat && sk->expiredate )
-         printf(_(" [expires: %s]"), expirestr_from_sk( sk ) );
+       printf("\n");
       }
     else
       {
-       int validity;
        pk = node->pkt->pkt.public_key;
        sk = NULL;
-       keyid_from_pk( pk, keyid );
 
-       validity=get_validity(pk,NULL);
+       check_trustdb_stale();
 
-       printf("pub   %4u%c/",
-              nbits_from_pk(pk),pubkey_letter(pk->pubkey_algo));
-
-       if(opt.list_options&LIST_SHOW_LONG_KEYID)
-         printf("%08lX%08lX",(ulong)keyid[0],(ulong)keyid[1]);
-       else
-         printf("%08lX",(ulong)keyid[1]);
-
-       printf(" %s%s",datestr_from_pk( pk ),newformat?"":" " );
+       printf("pub   %4u%c/%s %s",
+              nbits_from_pk(pk),pubkey_letter(pk->pubkey_algo),
+              keystr_from_pk(pk),datestr_from_pk( pk ));
 
        /* We didn't include this before in the key listing, but there
           is room in the new format, so why not? */
-       if(newformat && pk->expiredate)
-         printf(_(" [expires: %s]"), expirestr_from_pk( pk ) );
 
+       if(pk->is_revoked)
+         {
+           printf(" [");
+           printf(_("revoked: %s"),revokestr_from_pk(pk));
+           printf("]");
+         }
+       else if(pk->has_expired)
+         {
+           printf(" [");
+           printf(_("expired: %s"),expirestr_from_pk(pk));
+           printf("]");
+         }
+       else if(pk->expiredate)
+         {
+           printf(" [");
+           printf(_("expires: %s"),expirestr_from_pk(pk));
+           printf("]");
+         }
+
+#if 0
+       /* I need to think about this some more.  It's easy enough to
+          include, but it looks sort of confusing in the
+          listing... */
        if(opt.list_options&LIST_SHOW_VALIDITY)
-         printf(" [%s]",trust_value_to_string(validity));
+         {
+           int validity=get_validity(pk,NULL);
+           printf(" [%s]",trust_value_to_string(validity));
+         }
+#endif
+
+       printf("\n");
       }
 
+    if( fpr )
+      print_fingerprint( pk, sk, 0 );
+    print_card_serialno (sk);
+    if( opt.with_key_data )
+      print_key_data( pk );
+
     for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) {
        if( node->pkt->pkttype == PKT_USER_ID && !opt.fast_list_mode ) {
-           int indent;
            PKT_user_id *uid=node->pkt->pkt.user_id;
 
-           if((uid->is_expired || uid->is_revoked)
+           if(pk && (uid->is_expired || uid->is_revoked)
               && !(opt.list_options&LIST_SHOW_UNUSABLE_UIDS))
              {
                skip_sigs=1;
@@ -665,98 +836,91 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
            if(attrib_fp && uid->attrib_data!=NULL)
              dump_attribs(uid,pk,sk);
 
-           if(!any && newformat)
-             printf("\n");
-
-           if(uid->is_revoked || uid->is_expired)
-             printf("uid%*s[%s] ",
-                    (opt.list_options&LIST_SHOW_LONG_KEYID)?16:8,"",
-                    uid->is_revoked?"revoked":"expired");
-           else if((opt.list_options&LIST_SHOW_VALIDITY) && pk)
+           if((uid->is_revoked || uid->is_expired)
+              || ((opt.list_options&LIST_SHOW_UID_VALIDITY) && pk))
              {
-               const char *validity=
-                 trust_value_to_string(get_validity(pk,uid));
+               const char *validity;
+               int indent;
 
-               /* Includes the 3 spaces for [, ], and " ". */
-               indent=((opt.list_options&LIST_SHOW_LONG_KEYID)?23:15)
-                 -strlen(validity);
+               validity=uid_trust_string_fixed(pk,uid);
+               indent=(keystrlen()+9)-atoi(uid_trust_string_fixed(NULL,NULL));
 
-               if(indent<0)
+               if(indent<0 || indent>40)
                  indent=0;
 
-               printf("uid%*s[%s] ",indent,"",validity);
+               printf("uid%*s%s ",indent,"",validity);
              }
-           else if(newformat)
-             printf("uid%*s",
-                    (opt.list_options&LIST_SHOW_LONG_KEYID)?26:18,"");
-           else if(any)
-             printf("uid%*s",29,"");
+           else
+             printf("uid%*s", (int)keystrlen()+10,"");
 
             print_utf8_string( stdout, uid->name, uid->len );
            putchar('\n');
-           if( !any ) {
-               if( fpr )
-                   print_fingerprint( pk, sk, 0 );
-               if( opt.with_key_data )
-                   print_key_data( pk, keyid );
-               any = 1;
-           }
 
            if((opt.list_options&LIST_SHOW_PHOTOS) && uid->attribs!=NULL)
              show_photos(uid->attribs,uid->numattribs,pk,sk);
        }
-       else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
-           u32 keyid2[2];
+       else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
+         {
            PKT_public_key *pk2 = node->pkt->pkt.public_key;
 
-           if( !any ) {
-               putchar('\n');
-               if( fpr )
-                   print_fingerprint( pk, sk, 0 ); /* of the main key */
-               any = 1;
-           }
-
-           keyid_from_pk( pk2, keyid2 );
-            printf("sub   %4u%c/",
-                  nbits_from_pk( pk2 ),pubkey_letter( pk2->pubkey_algo ));
-           if(opt.list_options&LIST_SHOW_LONG_KEYID)
-             printf("%08lX%08lX",(ulong)keyid2[0],(ulong)keyid2[1]);
+           if((pk2->is_revoked || pk2->has_expired)
+              && !(opt.list_options&LIST_SHOW_UNUSABLE_SUBKEYS))
+             {
+               skip_sigs=1;
+               continue;
+             }
            else
-             printf("%08lX",(ulong)keyid2[1]);
-           printf(" %s",datestr_from_pk(pk2));
-            if( pk2->expiredate )
-             printf(_(" [expires: %s]"), expirestr_from_pk( pk2 ) );
+             skip_sigs=0;
+
+            printf("sub   %4u%c/%s %s",
+                  nbits_from_pk( pk2 ),pubkey_letter( pk2->pubkey_algo ),
+                  keystr_from_pk(pk2),datestr_from_pk(pk2));
+           if( pk2->is_revoked )
+             {
+               printf(" [");
+               printf(_("revoked: %s"),revokestr_from_pk(pk2));
+               printf("]");
+             }
+           else if( pk2->has_expired )
+             {
+               printf(" [");
+               printf(_("expired: %s"),expirestr_from_pk(pk2));
+               printf("]");
+             }
+           else if( pk2->expiredate )
+             {
+               printf(" [");
+               printf(_("expires: %s"),expirestr_from_pk(pk2));
+               printf("]");
+             }
             putchar('\n');
            if( fpr > 1 )
-               print_fingerprint( pk2, NULL, 0 );
+             print_fingerprint( pk2, NULL, 0 );
            if( opt.with_key_data )
-               print_key_data( pk2, keyid2 );
-       }
-       else if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
-           u32 keyid2[2];
+             print_key_data( pk2 );
+         }
+       else if( node->pkt->pkttype == PKT_SECRET_SUBKEY )
+         {
            PKT_secret_key *sk2 = node->pkt->pkt.secret_key;
 
-           if( !any ) {
-               putchar('\n');
-               if( fpr )
-                   print_fingerprint( pk, sk, 0 ); /* of the main key */
-               any = 1;
-           }
-
-           keyid_from_sk( sk2, keyid2 );
-            printf("ssb   %4u%c/",
-                  nbits_from_sk( sk2 ),pubkey_letter( sk2->pubkey_algo ));
-           if(opt.list_options&LIST_SHOW_LONG_KEYID)
-             printf("%08lX%08lX",(ulong)keyid2[0],(ulong)keyid2[1]);
-           else
-             printf("%08lX",(ulong)keyid2[1]);
-           printf(" %s",datestr_from_sk( sk2 ) );
+            printf("ssb%c  %4u%c/%s %s",
+                   (sk2->protect.s2k.mode==1001)?'#':
+                   (sk2->protect.s2k.mode==1002)?'>':' ',
+                  nbits_from_sk( sk2 ),pubkey_letter( sk2->pubkey_algo ),
+                  keystr_from_sk(sk2),datestr_from_sk( sk2 ) );
             if( sk2->expiredate )
-             printf(_(" [expires: %s]"), expirestr_from_sk( sk2 ) );
+             {
+               printf(" [");
+               printf(_("expires: %s"),expirestr_from_sk(sk2));
+               printf("]");
+             }
            putchar('\n');
            if( fpr > 1 )
-               print_fingerprint( NULL, sk2, 0 );
-       }
+              {
+                print_fingerprint( NULL, sk2, 0 );
+                print_card_serialno (sk2);
+              }
+         }
        else if( opt.list_sigs
                 && node->pkt->pkttype == PKT_SIGNATURE
                 && !skip_sigs ) {
@@ -778,31 +942,12 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
                /* TODO: Make sure a cached sig record here still has
                    the pk that issued it.  See also
                    keyedit.c:print_and_check_one_sig */
-
            }
            else {
                rc = 0;
                sigrc = ' ';
            }
 
-           if( !any ) { /* no user id, (maybe a revocation follows)*/
-             /* Check if the pk is really revoked - there could be a
-                 0x20 sig packet there even if we are not revoked
-                 (say, if a revocation key issued the packet, but the
-                 revocation key isn't present to verify it.) */
-               if( sig->sig_class == 0x20 && pk->is_revoked )
-                   puts("[revoked]");
-               else if( sig->sig_class == 0x18 )
-                   puts("[key binding]");
-               else if( sig->sig_class == 0x28 )
-                   puts("[subkey revoked]");
-               else
-                   putchar('\n');
-               if( fpr )
-                   print_fingerprint( pk, sk, 0 );
-               any=1;
-           }
-
            if( sig->sig_class == 0x20 || sig->sig_class == 0x28
                                       || sig->sig_class == 0x30 )
               sigstr = "rev";
@@ -819,7 +964,7 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
            }
 
             fputs( sigstr, stdout );
-           printf("%c%c %c%c%c%c%c%c ",
+           printf("%c%c %c%c%c%c%c%c %s %s",
                    sigrc,(sig->sig_class-0x10>0 &&
                           sig->sig_class-0x10<4)?'0'+sig->sig_class-0x10:' ',
                    sig->flags.exportable?' ':'L',
@@ -828,12 +973,8 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
                    sig->flags.notation?'N':' ',
                    sig->flags.expired?'X':' ',
                   (sig->trust_depth>9)?'T':
-                  (sig->trust_depth>0)?'0'+sig->trust_depth:' ');
-           if(opt.list_options&LIST_SHOW_LONG_KEYID)
-             printf("%08lX%08lX",(ulong)sig->keyid[0],(ulong)sig->keyid[1]);
-           else
-             printf("%08lX",(ulong)sig->keyid[1]);
-           printf(" %s", datestr_from_sig(sig));
+                  (sig->trust_depth>0)?'0'+sig->trust_depth:' ',
+                  keystr(sig->keyid),datestr_from_sig(sig));
            if(opt.list_options&LIST_SHOW_SIG_EXPIRE)
              printf(" %s", expirestr_from_sig(sig));
            printf("  ");
@@ -845,17 +986,21 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
                size_t n;
                char *p = get_user_id( sig->keyid, &n );
                 print_utf8_string( stdout, p, n );
-               m_free(p);
+               xfree(p);
            }
            putchar('\n');
 
-           if(sig->flags.policy_url && (opt.list_options&LIST_SHOW_POLICY))
+           if(sig->flags.policy_url
+              && (opt.list_options&LIST_SHOW_POLICY_URLS))
              show_policy_url(sig,3,0);
 
-           if(sig->flags.notation && (opt.list_options&LIST_SHOW_NOTATION))
-             show_notation(sig,3,0);
+           if(sig->flags.notation && (opt.list_options&LIST_SHOW_NOTATIONS))
+             show_notation(sig,3,0,
+                           ((opt.list_options&LIST_SHOW_STD_NOTATIONS)?1:0)+
+                           ((opt.list_options&LIST_SHOW_USER_NOTATIONS)?2:0));
 
-           if(sig->flags.pref_ks && (opt.list_options&LIST_SHOW_KEYSERVER))
+           if(sig->flags.pref_ks
+              && (opt.list_options&LIST_SHOW_KEYSERVER_URLS))
              show_keyserver_url(sig,3,0);
 
            /* fixme: check or list other sigs here */
@@ -877,6 +1022,7 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
     int any=0;
     int trustletter = 0;
     int ulti_hack = 0;
+    int i;
 
     /* get the keyid from the keyblock */
     node = find_kbnode( keyblock, secret? PKT_SECRET_KEY : PKT_PUBLIC_KEY );
@@ -917,15 +1063,12 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
                 ulti_hack = 1;
             putchar(trustletter);
         }
-        printf(":%u:%d:%08lX%08lX:%s:%s:",
+        printf(":%u:%d:%08lX%08lX:%s:%s::",
                    nbits_from_pk( pk ),
                    pk->pubkey_algo,
                    (ulong)keyid[0],(ulong)keyid[1],
                    colon_datestr_from_pk( pk ),
                    colon_strtime (pk->expiredate) );
-        if( pk->local_id )
-            printf("%lu", pk->local_id );
-        putchar(':');
         if( !opt.fast_list_mode && !opt.no_expensive_trust_checks  )
             putchar( get_ownertrust_info(pk) );
            putchar(':');
@@ -936,11 +1079,25 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
         putchar(':');
         putchar(':');
         print_capabilities (pk, sk, keyblock);
+        if (secret) {
+          putchar(':'); /* End of field 13. */
+          putchar(':'); /* End of field 14. */
+          if (sk->protect.s2k.mode == 1001)
+            putchar('#'); /* Key is just a stub. */
+          else if (sk->protect.s2k.mode == 1002) {
+            /* Key is stored on an external token (card) or handled by
+               the gpg-agent.  Print the serial number of that token
+               here. */
+            for (i=0; i < sk->protect.ivlen; i++)
+              printf ("%02X", sk->protect.iv[i]);
+          }
+          putchar(':'); /* End of field 15. */
+        }
         putchar('\n');
         if( fpr )
             print_fingerprint( pk, sk, 0 );
         if( opt.with_key_data )
-            print_key_data( pk, keyid );
+            print_key_data( pk );
         any = 1;
     }
 
@@ -954,7 +1111,6 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
              * Fixme: We need a is_valid flag here too 
              */
            if( any ) {
-               int i;
                char *str=uid->attrib_data?"uat":"uid";
                /* If we're listing a secret key, leave out the
                   validity values for now.  This is handled better in
@@ -1001,7 +1157,7 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
                if( fpr )
                    print_fingerprint( pk, sk, 0 );
                if( opt.with_key_data )
-                   print_key_data( pk, keyid );
+                   print_key_data( pk );
                any = 1;
            }
        }
@@ -1034,7 +1190,7 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
                if(trustletter)
                  printf("%c", trustletter );
             }
-            printf(":%u:%d:%08lX%08lX:%s:%s:",
+            printf(":%u:%d:%08lX%08lX:%s:%s:::::",
                        nbits_from_pk( pk2 ),
                        pk2->pubkey_algo,
                        (ulong)keyid2[0],(ulong)keyid2[1],
@@ -1042,18 +1198,12 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
                        colon_strtime (pk2->expiredate)
                        /* fixme: add LID and ownertrust here */
                                                );
-            if( pk->local_id ) /* use the local_id of the main key??? */
-                printf("%lu", pk->local_id );
-            putchar(':');
-            putchar(':');
-            putchar(':');
-            putchar(':');
             print_capabilities (pk2, NULL, NULL);
             putchar('\n');
            if( fpr > 1 )
                print_fingerprint( pk2, NULL, 0 );
            if( opt.with_key_data )
-               print_key_data( pk2, keyid2 );
+               print_key_data( pk2 );
        }
        else if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
            u32 keyid2[2];
@@ -1078,9 +1228,27 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
                        colon_strtime (sk2->expiredate)
                    /* fixme: add LID */ );
             print_capabilities (NULL, sk2, NULL);
+            if (opt.fixed_list_mode) {
+              /* We print the serial number only in fixed list mode
+                 for the primary key so, so avoid questions we print
+                 it for subkeys also only in this mode.  There is no
+                 technical reason, though. */
+              putchar(':'); /* End of field 13. */
+              putchar(':'); /* End of field 14. */
+              if (sk2->protect.s2k.mode == 1001)
+                putchar('#'); /* Key is just a stub. */
+              else if (sk2->protect.s2k.mode == 1002) {
+                /* Key is stored on an external token (card) or handled by
+                   the gpg-agent.  Print the serial number of that token
+                   here. */
+                for (i=0; i < sk2->protect.ivlen; i++)
+                  printf ("%02X", sk2->protect.iv[i]);
+              }
+              putchar(':'); /* End of field 15. */
+            }
             putchar ('\n');
            if( fpr > 1 )
-               print_fingerprint( NULL, sk2, 0 );
+              print_fingerprint( NULL, sk2, 0 );
        }
        else if( opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE ) {
            PKT_signature *sig = node->pkt->pkt.signature;
@@ -1125,7 +1293,7 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
 
                fflush(stdout);
                if(opt.no_sig_cache)
-                 signer_pk=m_alloc_clear(sizeof(PKT_public_key));
+                 signer_pk=xmalloc_clear(sizeof(PKT_public_key));
 
                rc = check_key_signature2( keyblock, node, NULL, signer_pk,
                                           NULL, NULL, NULL );
@@ -1177,14 +1345,12 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
                size_t n;
                char *p = get_user_id( sig->keyid, &n );
                 print_string( stdout, p, n, ':' );
-               m_free(p);
+               xfree(p);
            }
             printf(":%02x%c:", sig->sig_class,sig->flags.exportable?'x':'l');
 
            if(opt.no_sig_cache && opt.check_sigs && fprokay)
              {
-               size_t i;
-
                printf(":");
 
                for (i=0; i < fplen ; i++ )
@@ -1195,6 +1361,9 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
 
            printf("\n");
 
+           if(opt.show_subpackets)
+             print_subpackets_colon(sig);
+
            /* fixme: check or list other sigs here */
        }
     }
@@ -1300,14 +1469,14 @@ print_fingerprint (PKT_public_key *pk, PKT_secret_key *sk, int mode )
       {
        if(sk)
          {
-           PKT_secret_key *primary_sk=m_alloc_clear(sizeof(*primary_sk));
+           PKT_secret_key *primary_sk=xmalloc_clear(sizeof(*primary_sk));
            get_seckey(primary_sk,sk->main_keyid);
            print_fingerprint(NULL,primary_sk,mode|0x80);
            free_secret_key(primary_sk);
          }
        else
          {
-           PKT_public_key *primary_pk=m_alloc_clear(sizeof(*primary_pk));
+           PKT_public_key *primary_pk=xmalloc_clear(sizeof(*primary_pk));
            get_pubkey(primary_pk,pk->main_keyid);
            print_fingerprint(primary_pk,NULL,mode|0x80);
            free_public_key(primary_pk);
@@ -1323,9 +1492,9 @@ print_fingerprint (PKT_public_key *pk, PKT_secret_key *sk, int mode )
     }
     else if (mode == 2) {
         fp = NULL; /* use tty */
-        /* Translators: this should fit into 24 bytes to that the fingerprint
-         * data is properly aligned with the user ID */
        if(primary)
+          /* TRANSLATORS: this should fit into 24 bytes to that the
+           * fingerprint data is properly aligned with the user ID */
          text = _(" Primary key fingerprint:");
        else
          text = _("      Subkey fingerprint:");
@@ -1390,6 +1559,41 @@ print_fingerprint (PKT_public_key *pk, PKT_secret_key *sk, int mode )
         tty_printf ("\n");
 }
 
+/* Print the serial number of an OpenPGP card if available. */
+static void
+print_card_serialno (PKT_secret_key *sk)
+{
+  int i;
+
+  if (!sk)
+    return;
+  if (!sk->is_protected || sk->protect.s2k.mode != 1002) 
+    return; /* Not a card. */
+  if (opt.with_colons)
+    return; /* Handled elsewhere. */
+
+  fputs (_("      Card serial no. ="), stdout);
+  putchar (' ');
+  if (sk->protect.ivlen == 16
+      && !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01", 6) )
+    { /* This is an OpenPGP card. Just print the relevant part. */
+      for (i=8; i < 14; i++)
+        {
+          if (i == 10)
+            putchar (' ');
+          printf ("%02X", sk->protect.iv[i]);
+        }
+    }
+  else
+    { /* Something is wrong: Print all. */
+      for (i=0; i < sk->protect.ivlen; i++)
+        printf ("%02X", sk->protect.iv[i]);
+    }
+  putchar ('\n');
+}
+
+
+
 void set_attrib_fd(int fd)
 {
   static int last_fd=-1;
@@ -1408,10 +1612,11 @@ void set_attrib_fd(int fd)
   else if( fd == 2 )
     attrib_fp = stderr;
   else
-    attrib_fp = fdopen( fd, "w" );
+    attrib_fp = fdopen( fd, "wb" );
   if( !attrib_fp ) {
     log_fatal("can't open fd %d for attribute output: %s\n",
              fd, strerror(errno));
   }
+
   last_fd = fd;
 }