diff --git a/g10/ChangeLog b/g10/ChangeLog
index b5626a77c..adabf3fc5 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,16 @@
+2004-07-16  David Shaw  <dshaw@jabberwocky.com>
+
+	* keylist.c (list_keyblock_print): Always use the new listing
+	format where uids are always on a line for themselves.  Mark
+	expired secret keys as expired.
+
+	* options.h, g10.c (main): Rename list show-validity to
+	show-uid-validity as it only shows for uids.
+
+	* armor.c (armor_filter): Do not use padding to get us to 8 bytes
+	of header.  Rather, use 2+4 as two different chunks.  This avoids
+	a fake filename of "is".
+
 2004-07-15  David Shaw  <dshaw@jabberwocky.com>
 
 	* keyedit.c (sign_uids): Properly handle remaking a self-sig on
diff --git a/g10/armor.c b/g10/armor.c
index 2003ce31e..5e1732204 100644
--- a/g10/armor.c
+++ b/g10/armor.c
@@ -899,7 +899,7 @@ armor_filter( void *opaque, int control,
 			afx->pgp2mode = 1;
 		}
 		n=0;
-                /* first a gpg control packet */
+                /* First a gpg control packet... */
                 buf[n++] = 0xff; /* new format, type 63, 1 length byte */
                 n++;   /* see below */
                 memcpy(buf+n, sesmark, sesmarklen ); n+= sesmarklen;
@@ -919,17 +919,16 @@ armor_filter( void *opaque, int control,
                     buf[n++] = DIGEST_ALGO_SHA512;
                 buf[1] = n - 2;
 
-		/* followed by an invented plaintext packet.
+		/* ...followed by an invented plaintext packet.
 		   Amusingly enough, this packet is not compliant with
 		   2440 as the initial partial length is less than 512
 		   bytes.  Of course, we'll accept it anyway ;) */
 
 		buf[n++] = 0xCB; /* new packet format, type 11 */
-		buf[n++] = 0xE3; /* 2^3 */
+		buf[n++] = 0xE1; /* 2^1 == 2 bytes */
 		buf[n++] = 't';  /* canonical text mode */
-		buf[n++] = 2;	 /* namelength */
-		buf[n++] = 'i';  /* padding to get us to 2^3 bytes */
-		buf[n++] = 's';  /* this comment intentionally left blank */
+		buf[n++] = 0;	 /* namelength */
+		buf[n++] = 0xE2; /* 2^2 == 4 more bytes */
 		memset(buf+n, 0, 4); /* timestamp */
 		n += 4;
 	    }
diff --git a/g10/g10.c b/g10/g10.c
index 313c00765..4248a8514 100644
--- a/g10/g10.c
+++ b/g10/g10.c
@@ -2158,7 +2158,7 @@ main( int argc, char **argv )
 		  {"show-standard-notations",LIST_SHOW_STD_NOTATIONS,NULL},
 		  {"show-user-notations",LIST_SHOW_USER_NOTATIONS,NULL},
 		  {"show-keyserver-urls",LIST_SHOW_KEYSERVER_URLS,NULL},
-		  {"show-validity",LIST_SHOW_VALIDITY,NULL},
+		  {"show-uid-validity",LIST_SHOW_UID_VALIDITY,NULL},
 		  {"show-unusable-uids",LIST_SHOW_UNUSABLE_UIDS,NULL},
 		  {"show-unusable-subkeys",LIST_SHOW_UNUSABLE_SUBKEYS,NULL},
 		  {"show-keyring",LIST_SHOW_KEYRING,NULL},
diff --git a/g10/keyedit.c b/g10/keyedit.c
index 72688e22f..f5597560d 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -2176,7 +2176,7 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
 		  tty_printf("[%8.8s] ",_("revoked"));
 		else if(uid->is_expired)
 		  tty_printf("[%8.8s] ",_("expired"));
-		else if(opt.list_options&LIST_SHOW_VALIDITY && primary)
+		else if(opt.list_options&LIST_SHOW_UID_VALIDITY && primary)
 		  tty_printf("[%8.8s] ",
 			     trust_value_to_string(get_validity(primary,uid)));
 		else if(indent)
diff --git a/g10/keylist.c b/g10/keylist.c
index 091e1dc46..c9402a201 100644
--- a/g10/keylist.c
+++ b/g10/keylist.c
@@ -602,10 +602,6 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
     int any=0;
     struct sig_stats *stats=opaque;
     int skip_sigs=0;
-    int newformat=((opt.list_options&LIST_SHOW_VALIDITY) && !secret)
-      || (opt.list_options & (LIST_SHOW_UNUSABLE_UIDS
-			      | LIST_SHOW_UNUSABLE_SUBKEYS))
-      || (keystrlen()>10);
 
     /* get the keyid from the keyblock */
     node = find_kbnode( keyblock, secret? PKT_SECRET_KEY : PKT_PUBLIC_KEY );
@@ -620,51 +616,51 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
 	pk = NULL;
 	sk = node->pkt->pkt.secret_key;
 
-        printf("sec%c  %4u%c/%s %s%s",(sk->protect.s2k.mode==1001)?'#':
+        printf("sec%c  %4u%c/%s %s",(sk->protect.s2k.mode==1001)?'#':
 	       (sk->protect.s2k.mode==1002)?'>':' ',
 	       nbits_from_sk( sk ),pubkey_letter( sk->pubkey_algo ),
-	       keystr_from_sk(sk),datestr_from_sk( sk ),newformat?"":" " );
+	       keystr_from_sk(sk),datestr_from_sk( sk ));
 
-	if(newformat && sk->expiredate )
+	if(sk->has_expired)
+	  printf(_(" [expired: %s]"), expirestr_from_sk( sk ) );
+	else if(sk->expiredate )
 	  printf(_(" [expires: %s]"), expirestr_from_sk( sk ) );
+
+	printf("\n");
       }
     else
       {
-#if 0
-	int validity;
-#endif
 	pk = node->pkt->pkt.public_key;
 	sk = NULL;
 
-#if 0
-	validity=get_validity(pk,NULL);
-#endif
-
 	check_trustdb_stale();
 
-	printf("pub   %4u%c/%s %s%s",
+	printf("pub   %4u%c/%s %s",
 	       nbits_from_pk(pk),pubkey_letter(pk->pubkey_algo),
-	       keystr_from_pk(pk),datestr_from_pk( pk ),newformat?"":" " );
+	       keystr_from_pk(pk),datestr_from_pk( pk ));
 
 	/* We didn't include this before in the key listing, but there
 	   is room in the new format, so why not? */
-	if(newformat)
-	  {
-	    if(pk->is_revoked)
-	      printf(_(" [revoked: %s]"), revokestr_from_pk( pk ) );
-	    else if(pk->has_expired)
-	      printf(_(" [expired: %s]"), expirestr_from_pk( pk ) );
-	    else if(pk->expiredate)
-	      printf(_(" [expires: %s]"), expirestr_from_pk( pk ) );
-	  }
+
+	if(pk->is_revoked)
+	  printf(_(" [revoked: %s]"), revokestr_from_pk( pk ) );
+	else if(pk->has_expired)
+	  printf(_(" [expired: %s]"), expirestr_from_pk( pk ) );
+	else if(pk->expiredate)
+	  printf(_(" [expires: %s]"), expirestr_from_pk( pk ) );
 
 #if 0
 	/* I need to think about this some more.  It's easy enough to
 	   include, but it looks sort of confusing in the
 	   listing... */
 	if(opt.list_options&LIST_SHOW_VALIDITY)
-	  printf(" [%s]",trust_value_to_string(validity));
+	  {
+	    int validity=get_validity(pk,NULL);
+	    printf(" [%s]",trust_value_to_string(validity));
+	  }
 #endif
+
+	printf("\n");
       }
 
     for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) {
@@ -683,11 +679,8 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
 	    if(attrib_fp && uid->attrib_data!=NULL)
 	      dump_attribs(uid,pk,sk);
 
-	    if(!any && newformat)
-	      printf("\n");
-
 	    if((uid->is_revoked || uid->is_expired)
-	       || ((opt.list_options&LIST_SHOW_VALIDITY) && pk))
+	       || ((opt.list_options&LIST_SHOW_UID_VALIDITY) && pk))
 	      {
 		const char *validity;
 		int indent;
@@ -706,10 +699,8 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
 
 		printf("uid%*s[%s] ",indent,"",validity);
 	      }
-	    else if(newformat)
+	    else
 	      printf("uid%*s",keystrlen()+10,"");
-	    else if(any)
-	      printf("uid%*s",keystrlen()+21,"");
 
             print_utf8_string( stdout, uid->name, uid->len );
 	    putchar('\n');
diff --git a/g10/options.h b/g10/options.h
index dd5c2802c..7e79b3451 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -259,7 +259,7 @@ struct {
 #define LIST_SHOW_USER_NOTATIONS         (1<<3)
 #define LIST_SHOW_NOTATIONS (LIST_SHOW_STD_NOTATIONS|LIST_SHOW_USER_NOTATIONS)
 #define LIST_SHOW_KEYSERVER_URLS         (1<<4)
-#define LIST_SHOW_VALIDITY               (1<<5)
+#define LIST_SHOW_UID_VALIDITY           (1<<5)
 #define LIST_SHOW_UNUSABLE_UIDS          (1<<6)
 #define LIST_SHOW_UNUSABLE_SUBKEYS       (1<<7)
 #define LIST_SHOW_KEYRING                (1<<8)