* keyring.c: Make some strings translatable.
[gnupg.git] / g10 / pkclist.c
index 99f98b3..da07639 100644 (file)
@@ -1,6 +1,6 @@
 /* pkclist.c
- * Copyright (C) 1998, 1999, 2000, 2001, 2002
- *               2003 Free Software Foundation, Inc.
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
+ *               2004 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
 #include "photoid.h"
 #include "i18n.h"
 
-
 #define CONTROL_D ('D' - 'A' + 1)
 
-
 /****************
  * Show the revocation reason as it is stored with the given signature
  */
@@ -158,74 +156,6 @@ show_revocation_reason( PKT_public_key *pk, int mode )
 }
 
 
-static void
-show_paths (const PKT_public_key *pk, int only_first )
-{
-    log_debug("not yet implemented\n");
-#if 0    
-    void *context = NULL;
-    unsigned otrust, validity;
-    int last_level, level;
-
-    last_level = 0;
-    while( (level=enum_cert_paths( &context, &lid, &otrust, &validity)) != -1){
-       char *p;
-       int c, rc;
-       size_t n;
-       u32 keyid[2];
-       PKT_public_key *pk ;
-
-       if( level < last_level && only_first )
-           break;
-       last_level = level;
-
-       rc = keyid_from_lid( lid, keyid );
-
-       if( rc ) {
-           log_error("ooops: can't get keyid for lid %lu\n", lid);
-           return;
-       }
-
-       pk = m_alloc_clear( sizeof *pk );
-       rc = get_pubkey( pk, keyid );
-       if( rc ) {
-           log_error("key %08lX: public key not found: %s\n",
-                                   (ulong)keyid[1], g10_errstr(rc) );
-           return;
-       }
-
-       tty_printf("%*s%4u%c/%08lX.%lu %s \"",
-                 level*2, "",
-                 nbits_from_pk( pk ), pubkey_letter( pk->pubkey_algo ),
-                 (ulong)keyid[1], lid, datestr_from_pk( pk ) );
-
-       c = trust_letter(otrust);
-       if( c )
-           putchar( c );
-       else
-           printf( "%02x", otrust );
-       putchar('/');
-       c = trust_letter(validity);
-       if( c )
-           putchar( c );
-       else
-           printf( "%02x", validity );
-       putchar(' ');
-
-       p = get_user_id( keyid, &n );
-       tty_print_utf8_string( p, n ),
-       m_free(p);
-       tty_printf("\"\n");
-       free_public_key( pk );
-    }
-    enum_cert_paths( &context, NULL, NULL, NULL ); /* release context */
-#endif
-    tty_printf("\n");
-}
-
-
-
-
 /****************
  * mode: 0 = standard
  *       1 = Without key info and additional menu option 'm'
@@ -241,7 +171,6 @@ do_edit_ownertrust (PKT_public_key *pk, int mode,
                     unsigned *new_trust, int defer_help )
 {
   char *p;
-  size_t n;
   u32 keyid[2];
   int changed=0;
   int quit=0;
@@ -261,7 +190,18 @@ do_edit_ownertrust (PKT_public_key *pk, int mode,
 
   keyid_from_pk (pk, keyid);
   for(;;) {
-    /* a string with valid answers */
+    /* A string with valid answers.
+
+       Note to translators: These are the allowed answers in lower and
+       uppercase.  Below you will find the matching strings which
+       should be translated accordingly and the letter changed to
+       match the one in the answer string.
+    
+         i = please show me more information
+         m = back to the main menu
+         s = skip this key
+        q = quit
+    */
     const char *ans = _("iImMqQsS");
 
     if( !did_help ) 
@@ -270,73 +210,87 @@ do_edit_ownertrust (PKT_public_key *pk, int mode,
           {
             KBNODE keyblock, un;
 
-            tty_printf(_("No trust value assigned to:\n"
-                         "%4u%c/%08lX %s \""),
-                       nbits_from_pk( pk ), pubkey_letter( pk->pubkey_algo ),
-                       (ulong)keyid[1], datestr_from_pk( pk ) );
-            p = get_user_id( keyid, &n );
-            tty_print_utf8_string( p, n ),
-              m_free(p);
-            tty_printf("\"\n");
+            tty_printf(_("No trust value assigned to:\n"));
+           tty_printf("%4u%c/%s %s\n",nbits_from_pk( pk ),
+                      pubkey_letter( pk->pubkey_algo ),
+                       keystr(keyid), datestr_from_pk( pk ) );
+           p=get_user_id_native(keyid);
+           tty_printf(_("      \"%s\"\n"),p);
+           m_free(p);
 
             keyblock = get_pubkeyblock (keyid);
             if (!keyblock)
                 BUG ();
-            for (un=keyblock; un; un = un->next) {
+            for (un=keyblock; un; un = un->next)
+             {
                 if (un->pkt->pkttype != PKT_USER_ID )
-                    continue;
+                 continue;
                 if (un->pkt->pkt.user_id->is_revoked )
-                    continue;
+                 continue;
                 if (un->pkt->pkt.user_id->is_expired )
-                    continue;
+                 continue;
                /* Only skip textual primaries */
-                if (un->pkt->pkt.user_id->is_primary &&
-                   !un->pkt->pkt.user_id->attrib_data )
-                   continue;
-                
-               if(opt.show_photos && un->pkt->pkt.user_id->attrib_data)
-                    show_photos(un->pkt->pkt.user_id->attribs,
-                                un->pkt->pkt.user_id->numattribs,pk,NULL);
+                if (un->pkt->pkt.user_id->is_primary
+                   && !un->pkt->pkt.user_id->attrib_data )
+                 continue;
                 
-               tty_printf ("      %s", _("                aka \""));
-                tty_print_utf8_string (un->pkt->pkt.user_id->name,
-                                       un->pkt->pkt.user_id->len );
-                tty_printf("\"\n");
-            }
+               if((opt.verify_options&VERIFY_SHOW_PHOTOS)
+                  && un->pkt->pkt.user_id->attrib_data)
+                 show_photos(un->pkt->pkt.user_id->attribs,
+                             un->pkt->pkt.user_id->numattribs,pk,NULL);
+
+               p=utf8_to_native(un->pkt->pkt.user_id->name,
+                                un->pkt->pkt.user_id->len,0);
+
+               tty_printf(_("  aka \"%s\"\n"),p);
+             }
         
             print_fingerprint (pk, NULL, 2);
             tty_printf("\n");
+           release_kbnode (keyblock);
           }
-       /* This string also used in keyedit.c:sign_uids */
-        tty_printf (_(
-                     "Please decide how far you trust this user to correctly\n"
-                     "verify other users' keys (by looking at passports,\n"
-                     "checking fingerprints from different sources...)?\n\n"));
+
+       if(opt.trust_model==TM_DIRECT)
+         {
+           tty_printf(_("How much do you trust that this key actually "
+                        "belongs to the named user?\n"));
+           tty_printf("\n");
+         }
+       else
+         {
+           /* This string also used in keyedit.c:trustsig_prompt */
+           tty_printf(_("Please decide how far you trust this user to"
+                        " correctly verify other users' keys\n"
+                        "(by looking at passports, checking fingerprints from"
+                        " different sources, etc.)\n"));
+           tty_printf("\n");
+         }
+
        if(min_num<=1)
-         tty_printf (_(" %d = I don't know\n"), 1);
+         tty_printf (_("  %d = I don't know or won't say\n"), 1);
        if(min_num<=2)
-         tty_printf (_(" %d = I do NOT trust\n"), 2);
+         tty_printf (_("  %d = I do NOT trust\n"), 2);
        if(min_num<=3)
-         tty_printf (_(" %d = I trust marginally\n"), 3);
+         tty_printf (_("  %d = I trust marginally\n"), 3);
        if(min_num<=4)
-         tty_printf (_(" %d = I trust fully\n"), 4);
+         tty_printf (_("  %d = I trust fully\n"), 4);
         if (mode)
-          tty_printf (_(" %d = I trust ultimately\n"), 5);
+          tty_printf (_("  %d = I trust ultimately\n"), 5);
 #if 0
        /* not yet implemented */
-        tty_printf (_(" i = please show me more information\n") );
+        tty_printf ("  i = please show me more information\n");
 #endif
         if( mode )
-          tty_printf(_(" m = back to the main menu\n"));
+          tty_printf(_("  m = back to the main menu\n"));
         else
          {
-           tty_printf(_(" s = skip this key\n"));
-           tty_printf(_(" q = quit\n"));
+           tty_printf(_("  s = skip this key\n"));
+           tty_printf(_("  q = quit\n"));
          }
         tty_printf("\n");
        if(minimum)
          tty_printf(_("The minimum trust level for this key is: %s\n\n"),
-                    trust_string(minimum));
+                    trust_value_to_string(minimum));
         did_help = 1;
       }
     if( strlen(ans) != 8 )
@@ -363,7 +317,7 @@ do_edit_ownertrust (PKT_public_key *pk, int mode,
         if (trust == TRUST_ULTIMATE
             && !cpr_get_answer_is_yes ("edit_ownertrust.set_ultimate.okay",
                                        _("Do you really want to set this key"
-                                         " to ultimate trust? ")))
+                                         " to ultimate trust? (y/N) ")))
           ; /* no */
         else
           {
@@ -418,7 +372,6 @@ edit_ownertrust (PKT_public_key *pk, int mode )
         case -1: /* quit */
           return -1;
         case -2: /* show info */
-          show_paths(pk, 1);
           no_help = 1;
           break;
         case 1: /* trust value set */
@@ -438,93 +391,54 @@ edit_ownertrust (PKT_public_key *pk, int mode )
  * Returns: true if we trust.
  */
 static int
-do_we_trust( PKT_public_key *pk, unsigned int *trustlevel )
+do_we_trust( PKT_public_key *pk, unsigned int trustlevel )
 {
-    unsigned int trustmask = 0;
-
-    /* FIXME: get_pubkey_byname already checks the validity and won't
-     * return keys which are either expired or revoked - so these
-     * question here won't get triggered.  We have to find a solution
-     * for this.  It might make sense to have a function in getkey.c
-     * which does only the basic checks and returns even revoked and
-     * expired keys.  This fnction could then also returhn a list of
-     * keys if the speicified name is ambiguous
-     */
-    if( (*trustlevel & TRUST_FLAG_REVOKED) ) {
-       log_info(_("key %08lX: key has been revoked!\n"),
-                                       (ulong)keyid_from_pk( pk, NULL) );
-       show_revocation_reason( pk, 0 );
-       if( opt.batch )
-          return 0; /* no */
-
-       if( !cpr_get_answer_is_yes("revoked_key.override",
-                                   _("Use this key anyway? ")) )
-          return 0; /* no */
-       trustmask |= TRUST_FLAG_REVOKED;
+  /* We should not be able to get here with a revoked or expired
+     key */
+  if(trustlevel & TRUST_FLAG_REVOKED
+     || trustlevel & TRUST_FLAG_SUB_REVOKED
+     || (trustlevel & TRUST_MASK) == TRUST_EXPIRED)
+    BUG();
+
+  if( opt.trust_model==TM_ALWAYS )
+    {
+      if( opt.verbose )
+       log_info("No trust check due to `--trust-model always' option\n");
+      return 1;
     }
-    if( (*trustlevel & TRUST_FLAG_SUB_REVOKED) ) {
-       log_info(_("key %08lX: subkey has been revoked!\n"),
-                                       (ulong)keyid_from_pk( pk, NULL) );
-       show_revocation_reason( pk, 0 );
-       if( opt.batch )
-           return 0;
 
-       if( !cpr_get_answer_is_yes("revoked_key.override",
-                                   _("Use this key anyway? ")) )
-           return 0;
-       trustmask |= TRUST_FLAG_SUB_REVOKED;
-    }
-    *trustlevel &= ~trustmask;
+  switch(trustlevel & TRUST_MASK)
+    {
+    default:
+      log_error ("invalid trustlevel %u returned from validation layer\n",
+                trustlevel);
+      /* fall thru */
+    case TRUST_UNKNOWN: 
+    case TRUST_UNDEFINED:
+      log_info(_("%s: There is no assurance this key belongs"
+                " to the named user\n"),keystr_from_pk(pk));
+      return 0; /* no */
 
-    if( opt.trust_model==TM_ALWAYS ) {
-       if( opt.verbose )
-           log_info("No trust check due to --trust-model always option\n");
-       return 1;
-    }
+    case TRUST_MARGINAL:
+      log_info(_("%s: There is limited assurance this key belongs"
+                " to the named user\n"),keystr_from_pk(pk));
+      return 1; /* yes */
 
-    switch( (*trustlevel & TRUST_MASK) ) {
-      case TRUST_EXPIRED:
-       log_info(_("%08lX: key has expired\n"),
-                                   (ulong)keyid_from_pk( pk, NULL) );
-       return 0; /* no */
-
-      default:
-         log_error ("invalid trustlevel %u returned from validation layer\n",
-                    *trustlevel);
-         /* fall thru */
-      case TRUST_UNKNOWN: 
-      case TRUST_UNDEFINED:
-        log_info(_("%08lX: There is no assurance this key belongs "
-                  "to the named user\n"),(ulong)keyid_from_pk( pk, NULL) );
-       return 0; /* no */
-
-       /* No way to get here? */
-      case TRUST_NEVER:
-       log_info(_("%08lX: We do NOT trust this key\n"),
-                                       (ulong)keyid_from_pk( pk, NULL) );
-       return 0; /* no */
-
-      case TRUST_MARGINAL:
-       log_info(_("%08lX: There is limited assurance this key belongs "
-                  "to the named user\n"),(ulong)keyid_from_pk(pk,NULL));
-       return 1; /* yes */
-
-      case TRUST_FULLY:
-       if( opt.verbose )
-           log_info(_("This key probably belongs to the named user\n"));
-       return 1; /* yes */
-
-      case TRUST_ULTIMATE:
-       if( opt.verbose )
-           log_info(_("This key belongs to us\n"));
-       return 1; /* yes */
+    case TRUST_FULLY:
+      if( opt.verbose )
+       log_info(_("This key probably belongs to the named user\n"));
+      return 1; /* yes */
+
+    case TRUST_ULTIMATE:
+      if( opt.verbose )
+       log_info(_("This key belongs to us\n"));
+      return 1; /* yes */
     }
 
-    return 1; /* yes */
+  return 1; /* yes */
 }
 
 
-
 /****************
  * wrapper around do_we_trust, so we can ask whether to use the
  * key anyway.
@@ -532,52 +446,34 @@ do_we_trust( PKT_public_key *pk, unsigned int *trustlevel )
 static int
 do_we_trust_pre( PKT_public_key *pk, unsigned int trustlevel )
 {
-    int rc;
+  int rc;
 
-    rc = do_we_trust( pk, &trustlevel );
+  rc = do_we_trust( pk, trustlevel );
 
-    if( (trustlevel & TRUST_FLAG_REVOKED) && !rc )
-       return 0;
-    if( (trustlevel & TRUST_FLAG_SUB_REVOKED) && !rc )
-       return 0;
+  if( !opt.batch && !rc )
+    {
+      print_pubkey_info(NULL,pk);
+      print_fingerprint (pk, NULL, 2);
+      tty_printf("\n");
 
-    if( !opt.batch && !rc ) {
-       char *p;
-       u32 keyid[2];
-       size_t n;
-
-       keyid_from_pk( pk, keyid);
-       tty_printf( "%4u%c/%08lX %s \"",
-                 nbits_from_pk( pk ), pubkey_letter( pk->pubkey_algo ),
-                 (ulong)keyid[1], datestr_from_pk( pk ) );
-       p = get_user_id( keyid, &n );
-       tty_print_utf8_string( p, n ),
-       m_free(p);
-       tty_printf("\"\n");
-        print_fingerprint (pk, NULL, 2);
-       tty_printf("\n");
-
-       tty_printf(_(
-"It is NOT certain that the key belongs to the person named\n"
-"in the user ID.  If you *really* know what you are doing,\n"
-"you may answer the next question with yes\n\n"));
-
-       if( cpr_get_answer_is_yes("untrusted_key.override",
-                                 _("Use this key anyway? "))  )
-           rc = 1;
-
-       /* Hmmm: Should we set a flag to tell the user about
-        *       his decision the next time he encrypts for this recipient?
-        */
-    }
-    else if( opt.trust_model==TM_ALWAYS && !rc ) {
-       if( !opt.quiet )
-           log_info(_("WARNING: Using untrusted key!\n"));
+      tty_printf(
+              _("It is NOT certain that the key belongs to the person named\n"
+                "in the user ID.  If you *really* know what you are doing,\n"
+                "you may answer the next question with yes.\n"));
+
+      tty_printf("\n");
+
+      if( cpr_get_answer_is_yes("untrusted_key.override",
+                               _("Use this key anyway? (y/N) "))  )
        rc = 1;
+
+      /* Hmmm: Should we set a flag to tell the user about
+       *        his decision the next time he encrypts for this recipient?
+       */
     }
-    return rc;
-}
 
+  return rc;
+}
 
 
 /****************
@@ -608,12 +504,20 @@ check_signatures_trust( PKT_signature *sig )
       goto leave;
     }
 
+  if(pk->maybe_revoked && !pk->is_revoked)
+    log_info(_("WARNING: this key might be revoked (revocation key"
+              " not present)\n"));
+
   trustlevel = get_validity (pk, NULL);
 
   if ( (trustlevel & TRUST_FLAG_REVOKED) ) 
     {
       write_status( STATUS_KEYREVOKED );
-      log_info(_("WARNING: This key has been revoked by its owner!\n"));
+      if(pk->is_revoked==2)
+       log_info(_("WARNING: This key has been revoked by its"
+                  " designated revoker!\n"));
+      else
+       log_info(_("WARNING: This key has been revoked by its owner!\n"));
       log_info(_("         This could mean that the signature is forgery.\n"));
       show_revocation_reason( pk, 0 );
     }
@@ -812,16 +716,13 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use )
          {
            any_recipients = 1;
 
-           if((rov->flags&2) && (opt.pgp2 || opt.pgp6 || opt.pgp7))
+           if((rov->flags&2) && (PGP2 || PGP6 || PGP7 || PGP8))
              {
                log_info(_("you may not use %s while in %s mode\n"),
                         "--hidden-recipient",
-                        opt.pgp2?"--pgp2":opt.pgp6?"--pgp6":"--pgp7");
+                        compliance_option_string());
 
-               log_info(_("this message may not be usable by %s\n"),
-                        opt.pgp2?"PGP 2.x":opt.pgp6?"PGP 6.x":"PGP 7.x");
-
-               opt.pgp2=opt.pgp6=opt.pgp7=0;
+               compliance_failure();
              }
          }
        else if( (use & PUBKEY_USAGE_ENC) && !opt.no_encrypt_to ) {
@@ -851,16 +752,13 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use )
                    r->flags = (rov->flags&2)?1:0;
                    pk_list = r;
 
-                   if(r->flags&1 && (opt.pgp2 || opt.pgp6 || opt.pgp7))
+                   if(r->flags&1 && (PGP2 || PGP6 || PGP7 || PGP8))
                      {
                        log_info(_("you may not use %s while in %s mode\n"),
                                 "--hidden-encrypt-to",
-                                opt.pgp2?"--pgp2":opt.pgp6?"--pgp6":"--pgp7");
-
-                       log_info(_("this message may not be usable by %s\n"),
-                             opt.pgp2?"PGP 2.x":opt.pgp6?"PGP 6.x":"PGP 7.x");
+                                compliance_option_string());
 
-                       opt.pgp2=opt.pgp6=opt.pgp7=0;
+                       compliance_failure();
                      }
                }
            }
@@ -879,6 +777,8 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use )
        char *answer=NULL;
        STRLIST backlog=NULL;
 
+       if(pk_list)
+         any_recipients = 1;
        def_rec = default_recipient();
        have_def_rec = !!def_rec;
        if( !have_def_rec )
@@ -894,12 +794,41 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use )
            else if(backlog) {
              answer=pop_strlist(&backlog);
            }
-           else {
+           else
+             {
+               PK_LIST iter;
+
+               tty_printf("\n");
+               tty_printf(_("Current recipients:\n"));
+               for(iter=pk_list;iter;iter=iter->next)
+                 {
+                   u32 keyid[2];
+
+                   keyid_from_pk(iter->pk,keyid);
+                   tty_printf("%4u%c/%s %s \"",
+                              nbits_from_pk(iter->pk),
+                              pubkey_letter(iter->pk->pubkey_algo),
+                              keystr(keyid),
+                              datestr_from_pk(iter->pk));
+
+                   if(iter->pk->user_id)
+                     tty_print_utf8_string(iter->pk->user_id->name,
+                                           iter->pk->user_id->len);
+                   else
+                     {
+                       size_t n;
+                       char *p = get_user_id( keyid, &n );
+                       tty_print_utf8_string( p, n );
+                       m_free(p);
+                     }
+                   tty_printf("\"\n");
+                 }
+
                answer = cpr_get_utf8("pklist.user_id.enter",
                         _("\nEnter the user ID.  End with an empty line: "));
                trim_spaces(answer);
                cpr_kill_prompt();
-           }
+             }
            if( !answer || !*answer ) {
                m_free(answer);
                break;
@@ -932,8 +861,8 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use )
                }
                else {
                    int trustlevel;
-
-                   trustlevel = get_validity (pk, NULL);
+                   
+                   trustlevel = get_validity (pk, pk->user_id);
                    if( (trustlevel & TRUST_FLAG_DISABLED) ) {
                        tty_printf(_("Public key is disabled.\n") );
                    }
@@ -946,21 +875,6 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use )
                        }
                        else {
                            PK_LIST r;
-                           char *p;
-                           size_t n;
-                           u32 keyid[2];
-
-                           keyid_from_pk( pk, keyid);
-                           tty_printf("Added %4u%c/%08lX %s \"",
-                                      nbits_from_pk( pk ),
-                                      pubkey_letter( pk->pubkey_algo ),
-                                      (ulong)keyid[1],
-                                      datestr_from_pk( pk ) );
-                           p = get_user_id( keyid, &n );
-                           tty_print_utf8_string( p, n );
-                           m_free(p);
-                           tty_printf("\"\n");
-
                            r = m_alloc( sizeof *r );
                            r->pk = pk; pk = NULL;
                            r->next = pk_list;
@@ -986,7 +900,7 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use )
        /* The default recipient may be disabled */
        rc = get_pubkey_byname( pk, def_rec, NULL, NULL, 1 );
        if( rc )
-           log_error(_("unknown default recipient `%s'\n"), def_rec );
+           log_error(_("unknown default recipient \"%s\"\n"), def_rec );
        else if( !(rc=check_pubkey_algo2(pk->pubkey_algo, use)) ) {
          /* Mark any_recipients here since the default recipient
              would have been used if it wasn't already there.  It
@@ -1028,7 +942,7 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use )
            else if( !(rc=check_pubkey_algo2(pk->pubkey_algo, use )) ) {
                int trustlevel;
 
-               trustlevel = get_validity (pk, NULL);
+               trustlevel = get_validity (pk, pk->user_id);
                if( (trustlevel & TRUST_FLAG_DISABLED) ) {
                    free_public_key(pk); pk = NULL;
                    log_info(_("%s: skipped: public key is disabled\n"),
@@ -1120,46 +1034,60 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use )
    intersection"), and PGP has no mechanism to fix such a broken
    preference list, so I'm including it. -dms */
 
-static int
-algo_available( int preftype, int algo, void *hint )
+int
+algo_available( preftype_t preftype, int algo, void *hint )
 {
-    if( preftype == PREFTYPE_SYM ) {
-        if( opt.pgp6 && ( algo != 1 && algo != 2 && algo != 3) )
-         return 0;
+  if( preftype == PREFTYPE_SYM )
+    {
+      if(PGP6 && (algo != CIPHER_ALGO_IDEA
+                 && algo != CIPHER_ALGO_3DES
+                 && algo != CIPHER_ALGO_CAST5))
+       return 0;
+      
+      if(PGP7 && (algo != CIPHER_ALGO_IDEA
+                 && algo != CIPHER_ALGO_3DES
+                 && algo != CIPHER_ALGO_CAST5
+                 && algo != CIPHER_ALGO_AES
+                 && algo != CIPHER_ALGO_AES192
+                 && algo != CIPHER_ALGO_AES256
+                 && algo != CIPHER_ALGO_TWOFISH))
+       return 0;
 
-        if( (opt.pgp7 || opt.pgp8)
-           && (algo != 1 && algo != 2 && algo != 3
-               && algo != 7 && algo != 8 && algo != 9 && algo != 10) )
-         return 0;
+      /* PGP8 supports all the ciphers we do.. */
 
-       return algo && !check_cipher_algo( algo );
+      return algo && !check_cipher_algo( algo );
     }
-    else if( preftype == PREFTYPE_HASH ) {
-        int bits=0;
-
-       if(hint)
-         bits=*(int *)hint;
+  else if( preftype == PREFTYPE_HASH )
+    {
+      if(hint && ((*(int *)hint) != md_digest_length(algo)))
+       return 0;
 
-       if(bits && (bits != md_digest_length(algo)))
-         return 0;
+      if((PGP6 || PGP7) && (algo != DIGEST_ALGO_MD5
+                           && algo != DIGEST_ALGO_SHA1
+                           && algo != DIGEST_ALGO_RMD160))
+       return 0;
 
-        if( (opt.pgp6 || opt.pgp7) && (algo != 1 && algo != 2 && algo != 3) )
-         return 0;
 
-       if( opt.pgp8 && (algo != 1 && algo != 2 && algo != 3 && algo != 8))
-         return 0;
+      if(PGP8 && (algo != DIGEST_ALGO_MD5
+                 && algo != DIGEST_ALGO_SHA1
+                 && algo != DIGEST_ALGO_RMD160
+                 && algo != DIGEST_ALGO_SHA256))
+       return 0;
 
-       return algo && !check_digest_algo( algo );
+      return algo && !check_digest_algo( algo );
     }
-    else if( preftype == PREFTYPE_ZIP ) {
-        if ( ( opt.pgp6 || opt.pgp7 || opt.pgp8 )
-            && ( algo !=0 && algo != 1) )
-         return 0;
+  else if( preftype == PREFTYPE_ZIP )
+    {
+      if((PGP6 || PGP7) && (algo != COMPRESS_ALGO_NONE
+                           && algo != COMPRESS_ALGO_ZIP))
+       return 0;
 
-       return !check_compress_algo( algo );
+      /* PGP8 supports all the compression algos we do */
+
+      return !check_compress_algo( algo );
     }
-    else
-       return 0;
+  else
+    return 0;
 }
 
 
@@ -1186,7 +1114,7 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype, int request, void *hint)
 
        memset( mask, 0, 8 * sizeof *mask );
        if( preftype == PREFTYPE_SYM ) {
-         if( opt.pgp2 &&
+         if( PGP2 &&
              pkr->pk->version < 4 &&
              pkr->pk->selfsigversion < 4 )
            mask[0] |= (1<<1); /* IDEA is implicitly there for v3 keys
@@ -1204,7 +1132,7 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype, int request, void *hint)
             wasn't locked at MD5, we don't support sign+encrypt in
             --pgp2 mode, and that's the only time PREFTYPE_HASH is
             used anyway. -dms */
-         if( opt.pgp2 &&
+         if( PGP2 &&
              pkr->pk->version < 4 &&
              pkr->pk->selfsigversion < 4 )
            mask[0] |= (1<<1); /* MD5 is there for v3 keys with v3
@@ -1235,18 +1163,18 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype, int request, void *hint)
            compr_hack = 1;
        }
 
-      #if 0
+#if 0
        log_debug("pref mask=%08lX%08lX%08lX%08lX%08lX%08lX%08lX%08lX\n",
               (ulong)mask[7], (ulong)mask[6], (ulong)mask[5], (ulong)mask[4],
             (ulong)mask[3], (ulong)mask[2], (ulong)mask[1], (ulong)mask[0]);
-      #endif
+#endif
        for(i=0; i < 8; i++ )
            bits[i] &= mask[i];
-      #if 0
+#if 0
        log_debug("pref bits=%08lX%08lX%08lX%08lX%08lX%08lX%08lX%08lX\n",
               (ulong)bits[7], (ulong)bits[6], (ulong)bits[5], (ulong)bits[4],
             (ulong)bits[3], (ulong)bits[2], (ulong)bits[1], (ulong)bits[0]);
-      #endif
+#endif
     }
     /* usable algorithms are now in bits
      * We now use the last key from pk_list to select
@@ -1293,9 +1221,9 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype, int request, void *hint)
            }
     }
 
-  #if 0
+#if 0
     log_debug("prefs of type %d: selected %d\n", preftype, i );
-  #endif
+#endif
     if( compr_hack && !i ) {
        /* selected no compression, but we should check whether
         * algorithm 1 is also available (the ordering is not relevant