Allow for default algorithms in a parameter file
[gnupg.git] / g10 / keylist.c
index 6c32027..4a76ee0 100644 (file)
@@ -1,12 +1,12 @@
-/* keylist.c
- * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003
- *               2004 Free Software Foundation, Inc.
+/* keylist.c - print keys
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
+ *               2008 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
  * GnuPG is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
+ * the Free Software Foundation; either version 3 of the License, or
  * (at your option) any later version.
  *
  * GnuPG is distributed in the hope that it will be useful,
@@ -15,8 +15,7 @@
  * GNU General Public License for more details.
  *
  * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
  */
 
 #include <config.h>
 #include <string.h>
 #include <errno.h>
 #include <assert.h>
+#ifdef HAVE_DOSISH_SYSTEM
+#include <fcntl.h> /* for setmode() */
+#endif
 
+#include "gpg.h"
 #include "options.h"
 #include "packet.h"
-#include "errors.h"
+#include "status.h"
 #include "keydb.h"
-#include "memory.h"
 #include "photoid.h"
 #include "util.h"
 #include "ttyio.h"
@@ -40,7 +42,9 @@
 #include "status.h"
 
 static void list_all(int);
-static void list_one( STRLIST names, int secret);
+static void list_one( strlist_t names, int secret);
+static void locate_one (strlist_t names);
+static void print_card_serialno (PKT_secret_key *sk);
 
 struct sig_stats
 {
@@ -49,16 +53,17 @@ struct sig_stats
   int oth_err;
 };
 
-static FILE *attrib_fp=NULL;
+/* The stream used to write attribute packets to.  */
+static FILE *attrib_fp = NULL;
 
 /****************
  * List the keys
  * If list is NULL, all available keys are listed
  */
 void
-public_key_list( STRLIST list )
+public_key_list( strlist_t list, int locate_mode )
 {
-  if(opt.with_colons)
+  if (opt.with_colons)
     {
       byte trust_model,marginals,completes,cert_depth;
       ulong created,nextcheck;
@@ -94,15 +99,27 @@ public_key_list( STRLIST list )
       printf("\n");
     }
 
-  if( !list )
-    list_all(0);
+  /* We need to do the stale check right here because it might need to
+     update the keyring while we already have the keyring open.  This
+     is very bad for W32 because of a sharing violation. For real OSes
+     it might lead to false results if we are later listing a keyring
+     which is associated with the inode of a deleted file.  */
+  check_trustdb_stale ();
+
+  if (locate_mode)
+    locate_one (list);
+  else if (!list)
+    list_all (0);
   else
-    list_one( list, 0 );
+    list_one (list, 0);
 }
 
+
 void
-secret_key_list( STRLIST list )
+secret_key_list( strlist_t list )
 {
+    check_trustdb_stale ();
+
     if( !list )
        list_all(1);
     else  /* List by user id */
@@ -112,21 +129,18 @@ secret_key_list( STRLIST list )
 void
 print_seckey_info (PKT_secret_key *sk)
 {
-    u32 sk_keyid[2];
-    size_t n;
-    char *p;
-
-    keyid_from_sk (sk, sk_keyid);
-    tty_printf ("\nsec  %4u%c/%08lX %s   ",
-                nbits_from_sk (sk),
-                pubkey_letter (sk->pubkey_algo),
-                (ulong)sk_keyid[1], datestr_from_sk (sk));
-    
-    p = get_user_id (sk_keyid, &n);
-    tty_print_utf8_string (p, n);
-    m_free (p);
+  u32 keyid[2];
+  char *p;
+
+  keyid_from_sk (sk, keyid);
+  p=get_user_id_native(keyid);
 
-    tty_printf ("\n");   
+  tty_printf ("\nsec  %4u%c/%s %s %s\n",
+             nbits_from_sk (sk),
+             pubkey_letter (sk->pubkey_algo),
+             keystr(keyid), datestr_from_sk (sk), p);
+    
+  xfree (p);
 }
 
 /* Print information about the public key.  With FP passed as NULL,
@@ -135,33 +149,98 @@ print_seckey_info (PKT_secret_key *sk)
 void
 print_pubkey_info (FILE *fp, PKT_public_key *pk)
 {
-  u32 pk_keyid[2];
-  size_t n;
+  u32 keyid[2];
   char *p;
 
-  keyid_from_pk (pk, pk_keyid);
+  keyid_from_pk (pk, keyid);
+
+  /* If the pk was chosen by a particular user ID, that is the one to
+     print. */
+  if(pk->user_id)
+    p=utf8_to_native(pk->user_id->name,pk->user_id->len,0);
+  else
+    p=get_user_id_native(keyid);
+
   if (fp)
-    fprintf (fp, "pub  %4u%c/%08lX %s   ",
+    fprintf (fp, "pub  %4u%c/%s %s %s\n",
              nbits_from_pk (pk),
              pubkey_letter (pk->pubkey_algo),
-             (ulong)pk_keyid[1], datestr_from_pk (pk));
+             keystr(keyid), datestr_from_pk (pk), p);
   else
-    tty_printf ("\npub  %4u%c/%08lX %s   ",
-                nbits_from_pk (pk),
-                pubkey_letter (pk->pubkey_algo),
-                (ulong)pk_keyid[1], datestr_from_pk (pk));
+    tty_printf ("\npub  %4u%c/%s %s %s\n",
+                nbits_from_pk (pk), pubkey_letter (pk->pubkey_algo),
+                keystr(keyid), datestr_from_pk (pk), p);
 
-  p = get_user_id (pk_keyid, &n);
-  if (fp)
-    print_utf8_string2 (fp, p, n, '\n');
-  else
-    tty_print_utf8_string (p, n);
-  m_free (p);
-  
-  if (fp)
-    putc ('\n', fp);
-  else
-    tty_printf ("\n\n"); 
+  xfree (p);
+}
+
+
+/* Print basic information of a secret key including the card serial
+   number information. */
+void
+print_card_key_info (FILE *fp, KBNODE keyblock)
+{
+  KBNODE node;
+  int i;
+
+  for (node = keyblock; node; node = node->next ) 
+    {
+      if (node->pkt->pkttype == PKT_SECRET_KEY
+          || (node->pkt->pkttype == PKT_SECRET_SUBKEY) )
+        {
+          PKT_secret_key *sk = node->pkt->pkt.secret_key;
+          
+          tty_fprintf (fp, "%s%c  %4u%c/%s  ",
+                      node->pkt->pkttype == PKT_SECRET_KEY? "sec":"ssb",
+                       (sk->protect.s2k.mode==1001)?'#':
+                       (sk->protect.s2k.mode==1002)?'>':' ',
+                      nbits_from_sk (sk),
+                      pubkey_letter (sk->pubkey_algo),
+                      keystr_from_sk(sk));
+          tty_fprintf (fp, _("created: %s"), datestr_from_sk (sk));
+          tty_fprintf (fp, "  ");
+          tty_fprintf (fp, _("expires: %s"), expirestr_from_sk (sk));
+          if (sk->is_protected && sk->protect.s2k.mode == 1002)
+            {
+              tty_fprintf (fp, "\n                      ");
+              tty_fprintf (fp, _("card-no: ")); 
+              if (sk->protect.ivlen == 16
+                  && !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01", 6))
+                { 
+                  /* This is an OpenPGP card. */
+                  for (i=8; i < 14; i++)
+                    {
+                      if (i == 10)
+                        tty_fprintf (fp, " ");
+                      tty_fprintf (fp, "%02X", sk->protect.iv[i]);
+                    }
+                }
+              else
+                { /* Something is wrong: Print all. */
+                  for (i=0; i < sk->protect.ivlen; i++)
+                    tty_fprintf (fp, "%02X", sk->protect.iv[i]);
+                }
+            }
+          tty_fprintf (fp, "\n");
+        }
+    }
+}
+
+
+
+/* Flags = 0x01 hashed 0x02 critical */
+static void
+status_one_subpacket(sigsubpkttype_t type,size_t len,int flags,const byte *buf)
+{
+  char status[40];
+
+  /* Don't print these. */
+  if(len>256)
+    return;
+
+  sprintf(status,"%d %u %u ",type,flags,(unsigned int)len);
+
+  write_status_text_and_buffer(STATUS_SIG_SUBPACKET,status,buf,len,0);
 }
 
 /*
@@ -176,14 +255,14 @@ show_policy_url(PKT_signature *sig,int indent,int mode)
   const byte *p;
   size_t len;
   int seq=0,crit;
-  FILE *fp=mode?log_stream():stdout;
+  FILE *fp=mode?log_get_stream():stdout;
 
   while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_POLICY,&len,&seq,&crit)))
     {
       if(mode!=2)
        {
          int i;
-         char *str;
+         const char *str;
 
          for(i=0;i<indent;i++)
            putchar(' ');
@@ -217,14 +296,14 @@ show_keyserver_url(PKT_signature *sig,int indent,int mode)
   const byte *p;
   size_t len;
   int seq=0,crit;
-  FILE *fp=mode?log_stream():stdout;
+  FILE *fp=mode?log_get_stream():stdout;
 
   while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_PREF_KS,&len,&seq,&crit)))
     {
       if(mode!=2)
        {
          int i;
-         char *str;
+         const char *str;
 
          for(i=0;i<indent;i++)
            putchar(' ');
@@ -241,7 +320,8 @@ show_keyserver_url(PKT_signature *sig,int indent,int mode)
          fprintf(fp,"\n");
        }
 
-      /* TODO: put in a status-fd tag for preferred keyservers */
+      if(mode)
+       status_one_subpacket(SIGSUBPKT_PREF_KS,len,(crit?0x02:0)|0x01,p);
     }
 }
 
@@ -249,68 +329,64 @@ show_keyserver_url(PKT_signature *sig,int indent,int mode)
   mode=0 for stdout.
   mode=1 for log_info + status messages
   mode=2 for status messages only
+
+  which bits:
+  1 == standard notations
+  2 == user notations
 */
 
 void
-show_notation(PKT_signature *sig,int indent,int mode)
+show_notation(PKT_signature *sig,int indent,int mode,int which)
 {
-  const byte *p;
-  size_t len;
-  int seq=0,crit;
-  FILE *fp=mode?log_stream():stdout;
+  FILE *fp=mode?log_get_stream():stdout;
+  struct notation *nd,*notations;
 
-  /* There may be multiple notations in the same sig. */
-
-  while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_NOTATION,&len,&seq,&crit)))
-    if(len>=8)
-      {
-       int n1,n2;
+  if(which==0)
+    which=3;
 
-       n1=(p[4]<<8)|p[5];
-       n2=(p[6]<<8)|p[7];
+  notations=sig_to_notation(sig);
 
-       if(8+n1+n2!=len)
-         {
-           log_info(_("WARNING: invalid notation data found\n"));
-           return;
-         }
-
-       if(mode!=2)
-         {
-           int i;
-           char *str;
-
-           for(i=0;i<indent;i++)
-             putchar(' ');
-
-           /* This is UTF8 */
-           if(crit)
-             str=_("Critical signature notation: ");
-           else
-             str=_("Signature notation: ");
-           if(mode)
-             log_info("%s",str);
-           else
-             printf("%s",str);
-           print_utf8_string(fp,p+8,n1);
-           fprintf(fp,"=");
-
-           if(*p&0x80)
-             print_utf8_string(fp,p+8+n1,n2);
-           else
-             fprintf(fp,"[ %s ]",_("not human readable"));
+  /* There may be multiple notations in the same sig. */
+  for(nd=notations;nd;nd=nd->next)
+    {
+      if(mode!=2)
+       {
+         int has_at=!!strchr(nd->name,'@');
+
+         if((which&1 && !has_at) || (which&2 && has_at))
+           {
+             int i;
+             const char *str;
+
+             for(i=0;i<indent;i++)
+               putchar(' ');
+
+             if(nd->flags.critical)
+               str=_("Critical signature notation: ");
+             else
+               str=_("Signature notation: ");
+             if(mode)
+               log_info("%s",str);
+             else
+               printf("%s",str);
+             /* This is all UTF8 */
+             print_utf8_string(fp,nd->name,strlen(nd->name));
+             fprintf(fp,"=");
+             print_utf8_string(fp,nd->value,strlen(nd->value));
+             fprintf(fp,"\n");
+           }
+       }
 
-           fprintf(fp,"\n");
-         }
+      if(mode)
+       {
+         write_status_buffer(STATUS_NOTATION_NAME,
+                             nd->name,strlen(nd->name),0);
+         write_status_buffer(STATUS_NOTATION_DATA,
+                             nd->value,strlen(nd->value),50);
+       }
+    }
 
-       if(mode)
-         {
-           write_status_buffer ( STATUS_NOTATION_NAME, p+8   , n1, 0 );
-           write_status_buffer ( STATUS_NOTATION_DATA, p+8+n1, n2, 50 );
-         }
-      }
-  else
-    log_info(_("WARNING: invalid notation data found\n"));
+  free_notation(notations);
 }
 
 static void
@@ -392,13 +468,13 @@ list_all( int secret )
 
 
 static void
-list_one( STRLIST names, int secret )
+list_one( strlist_t names, int secret )
 {
     int rc = 0;
     KBNODE keyblock = NULL;
     GETKEY_CTX ctx;
     const char *resname;
-    char *keyring_str = _("Keyring");
+    const char *keyring_str = _("Keyring");
     int i;
     struct sig_stats stats;
 
@@ -459,6 +535,45 @@ list_one( STRLIST names, int secret )
       print_signature_stats(&stats);
 }
 
+
+static void
+locate_one (strlist_t names)
+{
+  int rc = 0;
+  strlist_t sl;
+  GETKEY_CTX ctx = NULL;
+  KBNODE keyblock = NULL;
+  struct sig_stats stats;
+
+  memset (&stats,0,sizeof(stats));
+    
+  for (sl=names; sl; sl = sl->next)
+    {
+      rc = get_pubkey_byname (&ctx, NULL, sl->d, &keyblock, NULL, 1, 0);
+      if (rc)
+        {
+          if (gpg_err_code (rc) != GPG_ERR_NO_PUBKEY)
+            log_error ("error reading key: %s\n", g10_errstr(rc) );
+       }
+      else
+        {
+          do 
+            {
+              list_keyblock (keyblock, 0, opt.fingerprint,
+                             opt.check_sigs? &stats : NULL );
+              release_kbnode (keyblock);
+            } 
+          while ( ctx && !get_pubkey_next (ctx, NULL, &keyblock));
+          get_pubkey_end (ctx);
+          ctx = NULL;
+       } 
+    }
+  
+  if (opt.check_sigs && !opt.with_colons)
+    print_signature_stats (&stats);
+}
+
+
 static void
 print_key_data( PKT_public_key *pk )
 {
@@ -479,6 +594,7 @@ print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock)
   if(pk || (sk && sk->protect.s2k.mode!=1001))
     {
       unsigned int use = pk? pk->pubkey_usage : sk->pubkey_usage;
+      int c_printed = 0;
     
       if ( use & PUBKEY_USAGE_ENC )
         putchar ('e');
@@ -487,9 +603,19 @@ print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock)
        {
          putchar ('s');
          if( pk? pk->is_primary : sk->is_primary )
-           putchar ('c');
+            {
+              putchar ('c');
+              /* The PUBKEY_USAGE_CERT flag was introduced later and
+                 we used to always print 'c' for a primary key.  To
+                 avoid any regression here we better track whether we
+                 printed 'c' already.  */
+              c_printed = 1;
+            }
        }
 
+      if ( (use & PUBKEY_USAGE_CERT) && !c_printed )
+        putchar ('c');
+
       if ( (use & PUBKEY_USAGE_AUTH) )
         putchar ('a');
     }
@@ -515,6 +641,8 @@ print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock)
                        if(pk->is_primary)
                          cert = 1;
                      }
+                    if ( pk->pubkey_usage & PUBKEY_USAGE_CERT )
+                      cert = 1;
                     if ( (pk->pubkey_usage & PUBKEY_USAGE_AUTH) )
                       auth = 1;
                 }
@@ -532,6 +660,8 @@ print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock)
                        if(sk->is_primary)
                          cert = 1;
                      }
+                    if ( (sk->pubkey_usage & PUBKEY_USAGE_CERT) )
+                        cert = 1;
                     if ( (sk->pubkey_usage & PUBKEY_USAGE_AUTH) )
                         auth = 1;
                 }
@@ -552,6 +682,51 @@ print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock)
     putchar(':');
 }
 
+/* Flags = 0x01 hashed 0x02 critical */
+static void
+print_one_subpacket(sigsubpkttype_t type,size_t len,int flags,const byte *buf)
+{
+  size_t i;
+
+  printf("spk:%d:%u:%u:",type,flags,(unsigned int)len);
+
+  for(i=0;i<len;i++)
+    {
+      /* printable ascii other than : and % */
+      if(buf[i]>=32 && buf[i]<=126 && buf[i]!=':' && buf[i]!='%')
+       printf("%c",buf[i]);
+      else
+       printf("%%%02X",buf[i]);
+    }
+
+  printf("\n");
+}
+
+void
+print_subpackets_colon(PKT_signature *sig)
+{
+  byte *i;
+
+  assert(opt.show_subpackets);
+
+  for(i=opt.show_subpackets;*i;i++)
+    {
+      const byte *p;
+      size_t len;
+      int seq,crit;
+
+      seq=0;
+
+      while((p=enum_sig_subpkt(sig->hashed,*i,&len,&seq,&crit)))
+       print_one_subpacket(*i,len,0x01|(crit?0x02:0),p);
+
+      seq=0;
+
+      while((p=enum_sig_subpkt(sig->unhashed,*i,&len,&seq,&crit)))
+       print_one_subpacket(*i,len,0x00|(crit?0x02:0),p);
+    }
+}
+
 void
 dump_attribs(const PKT_user_id *uid,PKT_public_key *pk,PKT_secret_key *sk)
 {
@@ -589,6 +764,7 @@ dump_attribs(const PKT_user_id *uid,PKT_public_key *pk,PKT_secret_key *sk)
        }
 
       fwrite(uid->attribs[i].data,uid->attribs[i].len,1,attrib_fp);
+      fflush (attrib_fp);
     }
 }
 
@@ -600,13 +776,8 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
     KBNODE node;
     PKT_public_key *pk;
     PKT_secret_key *sk;
-    int any=0;
     struct sig_stats *stats=opaque;
     int skip_sigs=0;
-    int newformat=((opt.list_options&LIST_SHOW_VALIDITY) && !secret)
-      || (opt.list_options & (LIST_SHOW_UNUSABLE_UIDS
-                             | LIST_SHOW_UNUSABLE_SUBKEYS))
-      || (keystrlen()>8);
 
     /* get the keyid from the keyblock */
     node = find_kbnode( keyblock, secret? PKT_SECRET_KEY : PKT_PUBLIC_KEY );
@@ -621,42 +792,57 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
        pk = NULL;
        sk = node->pkt->pkt.secret_key;
 
-        printf("sec%c  %4u%c/%s %s%s",(sk->protect.s2k.mode==1001)?'#':
+        printf("sec%c  %4u%c/%s %s",(sk->protect.s2k.mode==1001)?'#':
               (sk->protect.s2k.mode==1002)?'>':' ',
               nbits_from_sk( sk ),pubkey_letter( sk->pubkey_algo ),
-              keystr_from_sk(sk),datestr_from_sk( sk ),newformat?"":" " );
+              keystr_from_sk(sk),datestr_from_sk( sk ));
 
-       if(newformat && sk->expiredate )
-         printf(_(" [expires: %s]"), expirestr_from_sk( sk ) );
+       if(sk->has_expired)
+         {
+           printf(" [");
+           printf(_("expired: %s"),expirestr_from_sk(sk));
+           printf("]");
+         }
+       else if(sk->expiredate )
+         {
+           printf(" [");
+           printf(_("expires: %s"),expirestr_from_sk(sk));
+           printf("]");
+         }
+
+       printf("\n");
       }
     else
       {
-#if 0
-       int validity;
-#endif
        pk = node->pkt->pkt.public_key;
        sk = NULL;
 
-#if 0
-       validity=get_validity(pk,NULL);
-#endif
-
        check_trustdb_stale();
 
-       printf("pub   %4u%c/%s %s%s",
+       printf("pub   %4u%c/%s %s",
               nbits_from_pk(pk),pubkey_letter(pk->pubkey_algo),
-              keystr_from_pk(pk),datestr_from_pk( pk ),newformat?"":" " );
+              keystr_from_pk(pk),datestr_from_pk( pk ));
 
        /* We didn't include this before in the key listing, but there
           is room in the new format, so why not? */
-       if(newformat)
+
+       if(pk->is_revoked)
+         {
+           printf(" [");
+           printf(_("revoked: %s"),revokestr_from_pk(pk));
+           printf("]");
+         }
+       else if(pk->has_expired)
+         {
+           printf(" [");
+           printf(_("expired: %s"),expirestr_from_pk(pk));
+           printf("]");
+         }
+       else if(pk->expiredate)
          {
-           if(pk->is_revoked)
-             printf(_(" [revoked: %s]"), revokestr_from_pk( pk ) );
-           else if(pk->has_expired)
-             printf(_(" [expired: %s]"), expirestr_from_pk( pk ) );
-           else if(pk->expiredate)
-             printf(_(" [expires: %s]"), expirestr_from_pk( pk ) );
+           printf(" [");
+           printf(_("expires: %s"),expirestr_from_pk(pk));
+           printf("]");
          }
 
 #if 0
@@ -664,15 +850,26 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
           include, but it looks sort of confusing in the
           listing... */
        if(opt.list_options&LIST_SHOW_VALIDITY)
-         printf(" [%s]",trust_value_to_string(validity));
+         {
+           int validity=get_validity(pk,NULL);
+           printf(" [%s]",trust_value_to_string(validity));
+         }
 #endif
+
+       printf("\n");
       }
 
+    if( fpr )
+      print_fingerprint( pk, sk, 0 );
+    print_card_serialno (sk);
+    if( opt.with_key_data )
+      print_key_data( pk );
+
     for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) {
        if( node->pkt->pkttype == PKT_USER_ID && !opt.fast_list_mode ) {
            PKT_user_id *uid=node->pkt->pkt.user_id;
 
-           if((uid->is_expired || uid->is_revoked)
+           if(pk && (uid->is_expired || uid->is_revoked)
               && !(opt.list_options&LIST_SHOW_UNUSABLE_UIDS))
              {
                skip_sigs=1;
@@ -684,46 +881,28 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
            if(attrib_fp && uid->attrib_data!=NULL)
              dump_attribs(uid,pk,sk);
 
-           if(!any && newformat)
-             printf("\n");
-
            if((uid->is_revoked || uid->is_expired)
-              || ((opt.list_options&LIST_SHOW_VALIDITY) && pk))
+              || ((opt.list_options&LIST_SHOW_UID_VALIDITY) && pk))
              {
                const char *validity;
                int indent;
 
-               if(uid->is_revoked)
-                 validity=_("revoked");
-               else if(uid->is_expired)
-                 validity=_("expired");
-               else
-                 validity=trust_value_to_string(get_validity(pk,uid));
+               validity=uid_trust_string_fixed(pk,uid);
+               indent=(keystrlen()+9)-atoi(uid_trust_string_fixed(NULL,NULL));
 
-               indent=(keystrlen()+7)-strlen(validity);
-
-               if(indent<0)
+               if(indent<0 || indent>40)
                  indent=0;
 
-               printf("uid%*s[%s] ",indent,"",validity);
+               printf("uid%*s%s ",indent,"",validity);
              }
-           else if(newformat)
-             printf("uid%*s",keystrlen()+10,"");
-           else if(any)
-             printf("uid%*s",29,"");
+           else
+             printf("uid%*s", (int)keystrlen()+10,"");
 
             print_utf8_string( stdout, uid->name, uid->len );
            putchar('\n');
-           if( !any ) {
-               if( fpr )
-                   print_fingerprint( pk, sk, 0 );
-               if( opt.with_key_data )
-                   print_key_data( pk );
-               any = 1;
-           }
 
            if((opt.list_options&LIST_SHOW_PHOTOS) && uid->attribs!=NULL)
-             show_photos(uid->attribs,uid->numattribs,pk,sk);
+             show_photos(uid->attribs,uid->numattribs,pk,sk,uid);
        }
        else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
          {
@@ -738,23 +917,27 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
            else
              skip_sigs=0;
 
-           if( !any )
-             {
-               putchar('\n');
-               if( fpr )
-                 print_fingerprint( pk, sk, 0 ); /* of the main key */
-               any = 1;
-             }
-
             printf("sub   %4u%c/%s %s",
                   nbits_from_pk( pk2 ),pubkey_letter( pk2->pubkey_algo ),
                   keystr_from_pk(pk2),datestr_from_pk(pk2));
            if( pk2->is_revoked )
-             printf(_(" [revoked: %s]"), revokestr_from_pk(pk2));
+             {
+               printf(" [");
+               printf(_("revoked: %s"),revokestr_from_pk(pk2));
+               printf("]");
+             }
            else if( pk2->has_expired )
-             printf(_(" [expired: %s]"), expirestr_from_pk( pk2 ) );
+             {
+               printf(" [");
+               printf(_("expired: %s"),expirestr_from_pk(pk2));
+               printf("]");
+             }
            else if( pk2->expiredate )
-             printf(_(" [expires: %s]"), expirestr_from_pk( pk2 ) );
+             {
+               printf(" [");
+               printf(_("expires: %s"),expirestr_from_pk(pk2));
+               printf("]");
+             }
             putchar('\n');
            if( fpr > 1 )
              print_fingerprint( pk2, NULL, 0 );
@@ -765,24 +948,23 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
          {
            PKT_secret_key *sk2 = node->pkt->pkt.secret_key;
 
-           if( !any )
-             {
-               putchar('\n');
-               if( fpr )
-                 print_fingerprint( pk, sk, 0 ); /* of the main key */
-               any = 1;
-             }
-
             printf("ssb%c  %4u%c/%s %s",
-                   (sk->protect.s2k.mode==1001)?'#':
-                   (sk->protect.s2k.mode==1002)?'>':' ',
+                   (sk2->protect.s2k.mode==1001)?'#':
+                   (sk2->protect.s2k.mode==1002)?'>':' ',
                   nbits_from_sk( sk2 ),pubkey_letter( sk2->pubkey_algo ),
                   keystr_from_sk(sk2),datestr_from_sk( sk2 ) );
             if( sk2->expiredate )
-             printf(_(" [expires: %s]"), expirestr_from_sk( sk2 ) );
+             {
+               printf(" [");
+               printf(_("expires: %s"),expirestr_from_sk(sk2));
+               printf("]");
+             }
            putchar('\n');
            if( fpr > 1 )
-             print_fingerprint( NULL, sk2, 0 );
+              {
+                print_fingerprint( NULL, sk2, 0 );
+                print_card_serialno (sk2);
+              }
          }
        else if( opt.list_sigs
                 && node->pkt->pkttype == PKT_SIGNATURE
@@ -794,12 +976,13 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
            if( stats ) {
                 /*fflush(stdout);*/
                rc = check_key_signature( keyblock, node, NULL );
-               switch( rc ) {
-                case 0:                 sigrc = '!'; break;
-                case G10ERR_BAD_SIGN:   stats->inv_sigs++; sigrc = '-'; break;
-                case G10ERR_NO_PUBKEY: 
-                case G10ERR_UNU_PUBKEY: stats->no_key++; continue;
-                default:                stats->oth_err++; sigrc = '%'; break;
+               switch( gpg_err_code (rc) ) {
+                case 0:                sigrc = '!'; break;
+                case GPG_ERR_BAD_SIGNATURE:
+                   stats->inv_sigs++; sigrc = '-'; break;
+                case GPG_ERR_NO_PUBKEY: 
+                case GPG_ERR_UNUSABLE_PUBKEY: stats->no_key++; continue;
+                default:               stats->oth_err++; sigrc = '%'; break;
                }
 
                /* TODO: Make sure a cached sig record here still has
@@ -811,24 +994,6 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
                sigrc = ' ';
            }
 
-           if( !any ) { /* no user id, (maybe a revocation follows)*/
-             /* Check if the pk is really revoked - there could be a
-                 0x20 sig packet there even if we are not revoked
-                 (say, if a revocation key issued the packet, but the
-                 revocation key isn't present to verify it.) */
-               if( sig->sig_class == 0x20 && pk->is_revoked )
-                   puts("[revoked]");
-               else if( sig->sig_class == 0x18 )
-                   puts("[key binding]");
-               else if( sig->sig_class == 0x28 )
-                   puts("[subkey revoked]");
-               else
-                   putchar('\n');
-               if( fpr )
-                   print_fingerprint( pk, sk, 0 );
-               any=1;
-           }
-
            if( sig->sig_class == 0x20 || sig->sig_class == 0x28
                                       || sig->sig_class == 0x30 )
               sigstr = "rev";
@@ -867,7 +1032,7 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
                size_t n;
                char *p = get_user_id( sig->keyid, &n );
                 print_utf8_string( stdout, p, n );
-               m_free(p);
+               xfree(p);
            }
            putchar('\n');
 
@@ -875,9 +1040,10 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
               && (opt.list_options&LIST_SHOW_POLICY_URLS))
              show_policy_url(sig,3,0);
 
-           if(sig->flags.notation
-              && (opt.list_options&LIST_SHOW_NOTATIONS))
-             show_notation(sig,3,0);
+           if(sig->flags.notation && (opt.list_options&LIST_SHOW_NOTATIONS))
+             show_notation(sig,3,0,
+                           ((opt.list_options&LIST_SHOW_STD_NOTATIONS)?1:0)+
+                           ((opt.list_options&LIST_SHOW_USER_NOTATIONS)?2:0));
 
            if(sig->flags.pref_ks
               && (opt.list_options&LIST_SHOW_KEYSERVER_URLS))
@@ -889,366 +1055,350 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
     putchar('\n');
 }
 
+void
+print_revokers(PKT_public_key *pk)
+{
+  /* print the revoker record */
+  if( !pk->revkey && pk->numrevkeys )
+    BUG();
+  else
+    {
+      int i,j;
+
+      for (i=0; i < pk->numrevkeys; i++)
+       {
+         byte *p;
+
+         printf ("rvk:::%d::::::", pk->revkey[i].algid);
+         p = pk->revkey[i].fpr;
+         for (j=0; j < 20; j++, p++ )
+           printf ("%02X", *p);
+         printf (":%02x%s:\n", pk->revkey[i].class,
+                 (pk->revkey[i].class&0x40)?"s":"");
+       }
+    }
+}
 
 static void
 list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
 {
-    int rc = 0;
-    KBNODE kbctx;
-    KBNODE node;
-    PKT_public_key *pk;
-    PKT_secret_key *sk;
-    u32 keyid[2];
-    int any=0;
-    int trustletter = 0;
-    int ulti_hack = 0;
-    int i;
+  int rc = 0;
+  KBNODE kbctx;
+  KBNODE node;
+  PKT_public_key *pk;
+  PKT_secret_key *sk;
+  u32 keyid[2];
+  int trustletter = 0;
+  int ulti_hack = 0;
+  int i;
 
-    /* get the keyid from the keyblock */
-    node = find_kbnode( keyblock, secret? PKT_SECRET_KEY : PKT_PUBLIC_KEY );
-    if( !node ) {
-       log_error("Oops; key lost!\n");
-       dump_kbnode( keyblock );
-       return;
+  /* get the keyid from the keyblock */
+  node = find_kbnode( keyblock, secret? PKT_SECRET_KEY : PKT_PUBLIC_KEY );
+  if ( !node )
+    {
+      log_error("Oops; key lost!\n");
+      dump_kbnode( keyblock );
+      return;
     }
 
-    if( secret ) {
-       pk = NULL;
-       sk = node->pkt->pkt.secret_key;
-       keyid_from_sk( sk, keyid );
-        printf("sec::%u:%d:%08lX%08lX:%s:%s:::",
-                   nbits_from_sk( sk ),
-                   sk->pubkey_algo,
-                   (ulong)keyid[0],(ulong)keyid[1],
-                   colon_datestr_from_sk( sk ),
-                   colon_strtime (sk->expiredate)
-                   /* fixme: add LID here */ );
+  if ( secret )
+    {
+      pk = NULL;
+      sk = node->pkt->pkt.secret_key;
+      keyid_from_sk ( sk, keyid );
+      printf ("sec::%u:%d:%08lX%08lX:%s:%s:::",
+              nbits_from_sk( sk ),
+              sk->pubkey_algo,
+              (ulong)keyid[0],(ulong)keyid[1],
+              colon_datestr_from_sk( sk ),
+              colon_strtime (sk->expiredate)
+              /* fixme: add LID here */ );
     }
-    else {
-       pk = node->pkt->pkt.public_key;
-       sk = NULL;
-       keyid_from_pk( pk, keyid );
-        fputs( "pub:", stdout );
-        if ( !pk->is_valid )
+  else
+    {
+      pk = node->pkt->pkt.public_key;
+      sk = NULL;
+      keyid_from_pk( pk, keyid );
+      fputs( "pub:", stdout );
+      if ( !pk->is_valid )
+        putchar ('i');
+      else if ( pk->is_revoked )
+        putchar ('r');
+      else if ( pk->has_expired )
+        putchar ('e');
+      else if ( opt.fast_list_mode || opt.no_expensive_trust_checks ) 
+      ;
+      else 
+        {
+          trustletter = get_validity_info ( pk, NULL );
+          if ( trustletter == 'u' )
+            ulti_hack = 1;
+          putchar(trustletter);
+        }
+      printf (":%u:%d:%08lX%08lX:%s:%s::",
+              nbits_from_pk( pk ),
+              pk->pubkey_algo,
+              (ulong)keyid[0],(ulong)keyid[1],
+              colon_datestr_from_pk( pk ),
+              colon_strtime (pk->expiredate) );
+      if ( !opt.fast_list_mode && !opt.no_expensive_trust_checks  )
+        putchar( get_ownertrust_info(pk) );
+      putchar(':');
+    }
+
+  putchar (':');
+  putchar (':');
+  print_capabilities (pk, sk, keyblock);
+  if (secret)
+    {
+      putchar (':'); /* End of field 13. */
+      putchar (':'); /* End of field 14. */
+      if (sk->protect.s2k.mode == 1001)
+        putchar ('#'); /* Key is just a stub. */
+      else if (sk->protect.s2k.mode == 1002)
+        {
+          /* Key is stored on an external token (card) or handled by
+             the gpg-agent.  Print the serial number of that token
+             here. */
+          for (i=0; i < sk->protect.ivlen; i++)
+            printf ("%02X", sk->protect.iv[i]);
+        }
+      putchar (':'); /* End of field 15. */
+    }
+  putchar('\n');
+  if (pk)
+    print_revokers (pk);
+  if (fpr)
+    print_fingerprint (pk, sk, 0);
+  if (opt.with_key_data)
+    print_key_data (pk);
+
+
+  for ( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; )
+    {
+      if ( node->pkt->pkttype == PKT_USER_ID && !opt.fast_list_mode )
+        {
+          char *str;
+          PKT_user_id *uid=node->pkt->pkt.user_id;
+
+          if (attrib_fp && node->pkt->pkt.user_id->attrib_data != NULL)
+            dump_attribs (node->pkt->pkt.user_id,pk,sk);
+          /*
+           * Fixme: We need a is_valid flag here too 
+           */
+          str = uid->attrib_data? "uat":"uid";
+          /* If we're listing a secret key, leave out the validity
+             values for now.  This is handled better in 1.9. */
+          if (sk)
+            printf ("%s:::::",str);
+          else if ( uid->is_revoked )
+            printf ("%s:r::::",str);
+          else if ( uid->is_expired )
+            printf ("%s:e::::",str);
+          else if ( opt.no_expensive_trust_checks )
+            printf ("%s:::::",str);
+          else 
+            {
+              int uid_validity;
+                
+              if ( pk && !ulti_hack )
+                uid_validity=get_validity_info (pk, uid);
+              else
+                uid_validity = 'u';
+              printf ("%s:%c::::",str,uid_validity);
+            }
+            
+          printf ("%s:", colon_strtime (uid->created));
+          printf ("%s:", colon_strtime (uid->expiredate));
+            
+          namehash_from_uid (uid);
+
+          for (i=0; i < 20; i++ )
+            printf ("%02X",uid->namehash[i]);
+            
+          printf ("::");
+
+          if (uid->attrib_data)
+            printf ("%u %lu",uid->numattribs,uid->attrib_len);
+          else
+            print_string (stdout,uid->name,uid->len, ':' );
+          putchar (':');
+          putchar ('\n');
+        }
+      else if ( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) 
+        {
+          u32 keyid2[2];
+          PKT_public_key *pk2 = node->pkt->pkt.public_key;
+            
+          keyid_from_pk ( pk2, keyid2 );
+          fputs ("sub:", stdout );
+          if ( !pk2->is_valid )
             putchar ('i');
-        else if ( pk->is_revoked )
+          else if ( pk2->is_revoked )
             putchar ('r');
-        else if ( pk->has_expired )
+          else if ( pk2->has_expired )
             putchar ('e');
-        else if ( opt.fast_list_mode || opt.no_expensive_trust_checks ) 
+          else if ( opt.fast_list_mode || opt.no_expensive_trust_checks )
             ;
-        else {
-            trustletter = get_validity_info ( pk, NULL );
-            if( trustletter == 'u' )
-                ulti_hack = 1;
-            putchar(trustletter);
+          else
+            {
+              /* TRUSTLETTER should always be defined here. */
+              if (trustletter)
+                printf ("%c", trustletter );
+            }
+          printf(":%u:%d:%08lX%08lX:%s:%s:::::",
+                 nbits_from_pk( pk2 ),
+                 pk2->pubkey_algo,
+                 (ulong)keyid2[0],(ulong)keyid2[1],
+                 colon_datestr_from_pk( pk2 ),
+                 colon_strtime (pk2->expiredate)
+                 /* fixme: add LID and ownertrust here */
+                 );
+          print_capabilities (pk2, NULL, NULL);
+          putchar ('\n');
+          if ( fpr > 1 )
+            print_fingerprint ( pk2, NULL, 0 );
+          if ( opt.with_key_data )
+            print_key_data( pk2 );
         }
-        printf(":%u:%d:%08lX%08lX:%s:%s::",
-                   nbits_from_pk( pk ),
-                   pk->pubkey_algo,
-                   (ulong)keyid[0],(ulong)keyid[1],
-                   colon_datestr_from_pk( pk ),
-                   colon_strtime (pk->expiredate) );
-        if( !opt.fast_list_mode && !opt.no_expensive_trust_checks  )
-            putchar( get_ownertrust_info(pk) );
-           putchar(':');
-    }
-    
-    if (opt.fixed_list_mode) {
-        /* do not merge the first uid with the primary key */
-        putchar(':');
-        putchar(':');
-        print_capabilities (pk, sk, keyblock);
-        if (secret) {
+      else if( node->pkt->pkttype == PKT_SECRET_SUBKEY )
+        {
+          u32 keyid2[2];
+          PKT_secret_key *sk2 = node->pkt->pkt.secret_key;
+
+          keyid_from_sk ( sk2, keyid2 );
+          printf ("ssb::%u:%d:%08lX%08lX:%s:%s:::::",
+                  nbits_from_sk( sk2 ),
+                  sk2->pubkey_algo,
+                  (ulong)keyid2[0],(ulong)keyid2[1],
+                  colon_datestr_from_sk( sk2 ),
+                  colon_strtime (sk2->expiredate)
+                  /* fixme: add LID */ );
+          print_capabilities (NULL, sk2, NULL);
           putchar(':'); /* End of field 13. */
           putchar(':'); /* End of field 14. */
-          if (sk->protect.s2k.mode == 1001)
-            putchar('#'); /* Key is just a stub. */
-          else if (sk->protect.s2k.mode == 1002) {
-            /* Key is stored on an external token (card) or handled by
-               the gpg-agent.  Print the serial number of that token
-               here. */
-            for (i=0; i < sk->protect.ivlen; i++)
-              printf ("%02X", sk->protect.iv[i]);
-          }
+          if (sk2->protect.s2k.mode == 1001)
+            putchar ('#'); /* Key is just a stub. */
+          else if (sk2->protect.s2k.mode == 1002)
+            {
+              /* Key is stored on an external token (card) or handled by
+                 the gpg-agent.  Print the serial number of that token
+                 here. */
+              for (i=0; i < sk2->protect.ivlen; i++)
+                printf ("%02X", sk2->protect.iv[i]);
+            }
           putchar(':'); /* End of field 15. */
+          putchar ('\n');
+        
+          if ( fpr > 1 )
+            print_fingerprint ( NULL, sk2, 0 );
         }
-        putchar('\n');
-        if( fpr )
-            print_fingerprint( pk, sk, 0 );
-        if( opt.with_key_data )
-            print_key_data( pk );
-        any = 1;
-    }
-
-
-    for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) {
-       if( node->pkt->pkttype == PKT_USER_ID && !opt.fast_list_mode ) {
-           PKT_user_id *uid=node->pkt->pkt.user_id;
-           if(attrib_fp && node->pkt->pkt.user_id->attrib_data!=NULL)
-             dump_attribs(node->pkt->pkt.user_id,pk,sk);
-            /*
-             * Fixme: We need a is_valid flag here too 
-             */
-           if( any ) {
-               char *str=uid->attrib_data?"uat":"uid";
-               /* If we're listing a secret key, leave out the
-                  validity values for now.  This is handled better in
-                  1.9. */
-               if ( sk )
-                   printf("%s:::::",str);
-                else if ( uid->is_revoked )
-                   printf("%s:r::::",str);
-                else if ( uid->is_expired )
-                   printf("%s:e::::",str);
-               else if ( opt.no_expensive_trust_checks )
-                   printf("%s:::::",str);
-                else {
-                   int uid_validity;
+      else if ( opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE )
+        {
+          PKT_signature *sig = node->pkt->pkt.signature;
+          int sigrc,fprokay=0;
+          char *sigstr;
+          size_t fplen;
+          byte fparray[MAX_FINGERPRINT_LEN];
+        
+          if ( sig->sig_class == 0x20 || sig->sig_class == 0x28
+               || sig->sig_class == 0x30 )
+            sigstr = "rev";
+          else if ( (sig->sig_class&~3) == 0x10 )
+            sigstr = "sig";
+          else if ( sig->sig_class == 0x18 )
+            sigstr = "sig";
+          else if ( sig->sig_class == 0x1F )
+            sigstr = "sig";
+          else 
+            {
+              printf ("sig::::::::::%02x%c:\n",
+                      sig->sig_class, sig->flags.exportable?'x':'l');
+              continue;
+            }
 
-                   if( pk && !ulti_hack )
-                     uid_validity=get_validity_info (pk, uid);
-                   else
-                       uid_validity = 'u';
-                   printf("%s:%c::::",str,uid_validity);
+          if ( opt.check_sigs )
+            {
+              PKT_public_key *signer_pk=NULL;
+            
+              fflush (stdout);
+              if (opt.no_sig_cache)
+                signer_pk = xmalloc_clear (sizeof(PKT_public_key));
+            
+              rc = check_key_signature2 ( keyblock, node, NULL, signer_pk,
+                                          NULL, NULL, NULL );
+              switch ( gpg_err_code (rc) )
+                {
+                case 0:                              sigrc = '!'; break;
+                case GPG_ERR_BAD_SIGNATURE:   sigrc = '-'; break;
+                case GPG_ERR_NO_PUBKEY: 
+                case GPG_ERR_UNUSABLE_PUBKEY: sigrc = '?'; break;
+                default:                     sigrc = '%'; break;
                 }
 
-               printf("%s:",colon_strtime(uid->created));
-               printf("%s:",colon_strtime(uid->expiredate));
-
-               namehash_from_uid(uid);
-
-               for(i=0; i < 20; i++ )
-                 printf("%02X",uid->namehash[i]);
-
-               printf("::");
-           }
-           if(uid->attrib_data)
-             printf("%u %lu",uid->numattribs,uid->attrib_len);
-            else
-             print_string(stdout,uid->name,uid->len, ':' );
-            putchar(':');
-           if (any)
-                putchar('\n');
-            else {
-                putchar(':');
-                print_capabilities (pk, sk, keyblock);
-                putchar('\n');
-               if( fpr )
-                   print_fingerprint( pk, sk, 0 );
-               if( opt.with_key_data )
-                   print_key_data( pk );
-               any = 1;
-           }
-       }
-       else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
-           u32 keyid2[2];
-           PKT_public_key *pk2 = node->pkt->pkt.public_key;
-
-           if( !any ) {
-                putchar(':');
-                putchar(':');
-                print_capabilities (pk, sk, keyblock);
-                putchar('\n');
-               if( fpr )
-                   print_fingerprint( pk, sk, 0 ); /* of the main key */
-               any = 1;
-           }
-
-           keyid_from_pk( pk2, keyid2 );
-            fputs ("sub:", stdout );
-            if ( !pk2->is_valid )
-                putchar ('i');
-            else if ( pk2->is_revoked )
-                putchar ('r');
-            else if ( pk2->has_expired )
-                putchar ('e');
-            else if ( opt.fast_list_mode || opt.no_expensive_trust_checks )
-                ;
-            else {
-               /* trustletter should always be defined here */
-               if(trustletter)
-                 printf("%c", trustletter );
+              if (opt.no_sig_cache)
+                {
+                  if (!rc)
+                    {
+                      fingerprint_from_pk (signer_pk, fparray, &fplen);
+                      fprokay = 1;
+                    }
+                  free_public_key(signer_pk);
+                }
             }
-            printf(":%u:%d:%08lX%08lX:%s:%s:::::",
-                       nbits_from_pk( pk2 ),
-                       pk2->pubkey_algo,
-                       (ulong)keyid2[0],(ulong)keyid2[1],
-                       colon_datestr_from_pk( pk2 ),
-                       colon_strtime (pk2->expiredate)
-                       /* fixme: add LID and ownertrust here */
-                                               );
-            print_capabilities (pk2, NULL, NULL);
-            putchar('\n');
-           if( fpr > 1 )
-               print_fingerprint( pk2, NULL, 0 );
-           if( opt.with_key_data )
-               print_key_data( pk2 );
-       }
-       else if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
-           u32 keyid2[2];
-           PKT_secret_key *sk2 = node->pkt->pkt.secret_key;
-
-           if( !any ) {
-                putchar(':');
-                putchar(':');
-                print_capabilities (pk, sk, keyblock);
-               putchar('\n');
-               if( fpr )
-                   print_fingerprint( pk, sk, 0 ); /* of the main key */
-               any = 1;
-           }
-
-           keyid_from_sk( sk2, keyid2 );
-            printf("ssb::%u:%d:%08lX%08lX:%s:%s:::::",
-                       nbits_from_sk( sk2 ),
-                       sk2->pubkey_algo,
-                       (ulong)keyid2[0],(ulong)keyid2[1],
-                       colon_datestr_from_sk( sk2 ),
-                       colon_strtime (sk2->expiredate)
-                   /* fixme: add LID */ );
-            print_capabilities (NULL, sk2, NULL);
-            if (opt.fixed_list_mode) {
-              /* We print the serial number only in fixed list mode
-                 for the primary key so, so avoid questions we print
-                 it for subkeys also only in this mode.  There is no
-                 technical reason, though. */
-              putchar(':'); /* End of field 13. */
-              putchar(':'); /* End of field 14. */
-              if (sk2->protect.s2k.mode == 1001)
-                putchar('#'); /* Key is just a stub. */
-              else if (sk2->protect.s2k.mode == 1002) {
-                /* Key is stored on an external token (card) or handled by
-                   the gpg-agent.  Print the serial number of that token
-                   here. */
-                for (i=0; i < sk2->protect.ivlen; i++)
-                  printf ("%02X", sk2->protect.iv[i]);
-              }
-              putchar(':'); /* End of field 15. */
+          else 
+            {
+              rc = 0;
+              sigrc = ' ';
+            }
+          fputs ( sigstr, stdout );
+          putchar (':');
+          if ( sigrc != ' ' )
+            putchar (sigrc);
+          printf ("::%d:%08lX%08lX:%s:%s:", sig->pubkey_algo,
+                  (ulong)sig->keyid[0], (ulong)sig->keyid[1],
+                  colon_datestr_from_sig(sig),
+                  colon_expirestr_from_sig(sig));
+
+          if (sig->trust_depth || sig->trust_value)
+            printf("%d %d",sig->trust_depth,sig->trust_value);
+          printf (":");
+
+          if (sig->trust_regexp)
+            print_string (stdout,sig->trust_regexp,
+                          strlen(sig->trust_regexp),':');
+          printf(":");
+        
+          if ( sigrc == '%' )
+            printf("[%s] ", g10_errstr(rc) );
+          else if ( sigrc == '?' )
+            ;
+          else if ( !opt.fast_list_mode )
+            {
+              size_t n;
+              char *p = get_user_id( sig->keyid, &n );
+              print_string( stdout, p, n, ':' );
+              xfree(p);
+            }
+          printf (":%02x%c:", sig->sig_class,sig->flags.exportable?'x':'l');
+        
+          if (opt.no_sig_cache && opt.check_sigs && fprokay)
+            {
+              putchar (':');
+            
+              for (i=0; i < fplen ; i++ )
+                printf ("%02X", fparray[i] );
+            
+              putchar (':');
             }
-            putchar ('\n');
-           if( fpr > 1 )
-              print_fingerprint( NULL, sk2, 0 );
-       }
-       else if( opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE ) {
-           PKT_signature *sig = node->pkt->pkt.signature;
-           int sigrc,fprokay=0;
-            char *sigstr;
-           size_t fplen;
-           byte fparray[MAX_FINGERPRINT_LEN];
-
-           if( !any ) { /* no user id, (maybe a revocation follows)*/
-               if( sig->sig_class == 0x20 )
-                   fputs("[revoked]:", stdout);
-               else if( sig->sig_class == 0x18 )
-                   fputs("[key binding]:", stdout);
-               else if( sig->sig_class == 0x28 )
-                   fputs("[subkey revoked]:", stdout);
-                else
-                    putchar (':');
-                putchar(':');
-                print_capabilities (pk, sk, keyblock);
-                putchar('\n');
-               if( fpr )
-                   print_fingerprint( pk, sk, 0 );
-               any=1;
-           }
-
-           if( sig->sig_class == 0x20 || sig->sig_class == 0x28
-                                      || sig->sig_class == 0x30 )
-              sigstr = "rev";
-           else if( (sig->sig_class&~3) == 0x10 )
-              sigstr = "sig";
-           else if( sig->sig_class == 0x18 )
-              sigstr = "sig";
-           else if( sig->sig_class == 0x1F )
-              sigstr = "sig";
-           else {
-                printf ("sig::::::::::%02x%c:\n",
-                        sig->sig_class, sig->flags.exportable?'x':'l');
-               continue;
-           }
-           if( opt.check_sigs ) {
-               PKT_public_key *signer_pk=NULL;
-
-               fflush(stdout);
-               if(opt.no_sig_cache)
-                 signer_pk=m_alloc_clear(sizeof(PKT_public_key));
-
-               rc = check_key_signature2( keyblock, node, NULL, signer_pk,
-                                          NULL, NULL, NULL );
-               switch( rc ) {
-                 case 0:                  sigrc = '!'; break;
-                 case G10ERR_BAD_SIGN:    sigrc = '-'; break;
-                 case G10ERR_NO_PUBKEY: 
-                 case G10ERR_UNU_PUBKEY:  sigrc = '?'; break;
-                 default:                 sigrc = '%'; break;
-               }
-
-               if(opt.no_sig_cache)
-                 {
-                   if(rc==0)
-                     {
-                       fingerprint_from_pk (signer_pk, fparray, &fplen);
-                       fprokay=1;
-                     }
-                   free_public_key(signer_pk);
-                 }
-           }
-           else {
-               rc = 0;
-               sigrc = ' ';
-           }
-            fputs( sigstr, stdout );
-            putchar(':');
-            if( sigrc != ' ' )
-                putchar(sigrc);
-            printf("::%d:%08lX%08lX:%s:%s:", sig->pubkey_algo,
-                  (ulong)sig->keyid[0], (ulong)sig->keyid[1],
-                  colon_datestr_from_sig(sig),
-                  colon_expirestr_from_sig(sig));
-
-           if(sig->trust_depth || sig->trust_value)
-             printf("%d %d",sig->trust_depth,sig->trust_value);
-           printf(":");
-
-           if(sig->trust_regexp)
-             print_string(stdout,sig->trust_regexp,
-                          strlen(sig->trust_regexp),':');
-           printf(":");
-
-           if( sigrc == '%' )
-               printf("[%s] ", g10_errstr(rc) );
-           else if( sigrc == '?' )
-               ;
-           else if ( !opt.fast_list_mode ) {
-               size_t n;
-               char *p = get_user_id( sig->keyid, &n );
-                print_string( stdout, p, n, ':' );
-               m_free(p);
-           }
-            printf(":%02x%c:", sig->sig_class,sig->flags.exportable?'x':'l');
-
-           if(opt.no_sig_cache && opt.check_sigs && fprokay)
-             {
-               printf(":");
-
-               for (i=0; i < fplen ; i++ )
-                 printf ("%02X", fparray[i] );
-
-               printf(":");
-             }
-
-           printf("\n");
 
-           /* fixme: check or list other sigs here */
-       }
-    }
-    if( !any ) {/* oops, no user id */
-        putchar(':');
-        putchar(':');
-        print_capabilities (pk, sk, keyblock);
-       putchar('\n');
+          printf ("\n");
+        
+          if (opt.show_subpackets)
+            print_subpackets_colon (sig);
+          
+          /* fixme: check or list other sigs here */
+        }
     }
 }
 
@@ -1256,15 +1406,16 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
  * Reorder the keyblock so that the primary user ID (and not attribute
  * packet) comes first.  Fixme: Replace this by a generic sort
  * function.  */
-void
-reorder_keyblock (KBNODE keyblock)
+static void
+do_reorder_keyblock (KBNODE keyblock,int attr)
 {
     KBNODE primary = NULL, primary0 = NULL, primary2 = NULL;
     KBNODE last, node;
 
     for (node=keyblock; node; primary0=node, node = node->next) {
        if( node->pkt->pkttype == PKT_USER_ID &&
-           !node->pkt->pkt.user_id->attrib_data &&
+           ((attr && node->pkt->pkt.user_id->attrib_data) ||
+            (!attr && !node->pkt->pkt.user_id->attrib_data)) &&
             node->pkt->pkt.user_id->is_primary ) {
             primary = primary2 = node;
             for (node=node->next; node; primary2=node, node = node->next ) {
@@ -1296,6 +1447,13 @@ reorder_keyblock (KBNODE keyblock)
 }
 
 void
+reorder_keyblock (KBNODE keyblock)
+{
+  do_reorder_keyblock(keyblock,1);
+  do_reorder_keyblock(keyblock,0);
+}
+
+void
 list_keyblock( KBNODE keyblock, int secret, int fpr, void *opaque )
 {
     reorder_keyblock (keyblock);
@@ -1346,14 +1504,14 @@ print_fingerprint (PKT_public_key *pk, PKT_secret_key *sk, int mode )
       {
        if(sk)
          {
-           PKT_secret_key *primary_sk=m_alloc_clear(sizeof(*primary_sk));
+           PKT_secret_key *primary_sk=xmalloc_clear(sizeof(*primary_sk));
            get_seckey(primary_sk,sk->main_keyid);
            print_fingerprint(NULL,primary_sk,mode|0x80);
            free_secret_key(primary_sk);
          }
        else
          {
-           PKT_public_key *primary_pk=m_alloc_clear(sizeof(*primary_pk));
+           PKT_public_key *primary_pk=xmalloc_clear(sizeof(*primary_pk));
            get_pubkey(primary_pk,pk->main_keyid);
            print_fingerprint(primary_pk,NULL,mode|0x80);
            free_public_key(primary_pk);
@@ -1361,7 +1519,7 @@ print_fingerprint (PKT_public_key *pk, PKT_secret_key *sk, int mode )
       }
 
     if (mode == 1) {
-        fp = log_stream ();
+        fp = log_get_stream ();
        if(primary)
          text = _("Primary key fingerprint:");
        else
@@ -1369,9 +1527,9 @@ print_fingerprint (PKT_public_key *pk, PKT_secret_key *sk, int mode )
     }
     else if (mode == 2) {
         fp = NULL; /* use tty */
-        /* Translators: this should fit into 24 bytes to that the fingerprint
-         * data is properly aligned with the user ID */
        if(primary)
+          /* TRANSLATORS: this should fit into 24 bytes to that the
+           * fingerprint data is properly aligned with the user ID */
          text = _(" Primary key fingerprint:");
        else
          text = _("      Subkey fingerprint:");
@@ -1436,29 +1594,70 @@ print_fingerprint (PKT_public_key *pk, PKT_secret_key *sk, int mode )
         tty_printf ("\n");
 }
 
-void set_attrib_fd(int fd)
+/* Print the serial number of an OpenPGP card if available. */
+static void
+print_card_serialno (PKT_secret_key *sk)
+{
+  int i;
+
+  if (!sk)
+    return;
+  if (!sk->is_protected || sk->protect.s2k.mode != 1002) 
+    return; /* Not a card. */
+  if (opt.with_colons)
+    return; /* Handled elsewhere. */
+
+  fputs (_("      Card serial no. ="), stdout);
+  putchar (' ');
+  if (sk->protect.ivlen == 16
+      && !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01", 6) )
+    { /* This is an OpenPGP card. Just print the relevant part. */
+      for (i=8; i < 14; i++)
+        {
+          if (i == 10)
+            putchar (' ');
+          printf ("%02X", sk->protect.iv[i]);
+        }
+    }
+  else
+    { /* Something is wrong: Print all. */
+      for (i=0; i < sk->protect.ivlen; i++)
+        printf ("%02X", sk->protect.iv[i]);
+    }
+  putchar ('\n');
+}
+
+
+
+void
+set_attrib_fd (int fd)
 {
   static int last_fd=-1;
 
   if ( fd != -1 && last_fd == fd )
     return;
 
-  if ( attrib_fp && attrib_fp != stdout && attrib_fp != stderr )
+  if ( attrib_fp && attrib_fp != stdout && attrib_fp != stderr 
+       && attrib_fp != log_get_stream () )
     fclose (attrib_fp);
   attrib_fp = NULL;
   if ( fd == -1 ) 
     return;
 
+#ifdef HAVE_DOSISH_SYSTEM
+  setmode (fd, O_BINARY);
+#endif
   if( fd == 1 )
     attrib_fp = stdout;
   else if( fd == 2 )
     attrib_fp = stderr;
   else
-    attrib_fp = fdopen( fd, "wb" );
-  if( !attrib_fp ) {
-    log_fatal("can't open fd %d for attribute output: %s\n",
-             fd, strerror(errno));
-  }
-
+    attrib_fp = fdopen (fd, "wb");
+  if (!attrib_fp) 
+    {
+      log_fatal("can't open fd %d for attribute output: %s\n",
+                fd, strerror(errno));
+    }
+  
   last_fd = fd;
 }