* trustdb.c (validate_keys): Reset the trustdb before checking if we have

any ultimately trusted keys.  This ensures that if we lose all our
ultimately trusted keys, we don't leave behind the old validity
calculations.  Noted by Peter Palfrader.

* revoke.c (gen_desig_revoke): Specify in the comment when a designated
revocation is generated.

* getkey.c (merge_selfsigs_main, merge_selfsigs_subkey,
get_seckey_byname2): Remove Elgamal check since we are removing type 20
keys altogether.

g10/ChangeLog

@@ -1,3 +1,17 @@
+2003-11-29  David Shaw  <dshaw@jabberwocky.com>
+
+	* trustdb.c (validate_keys): Reset the trustdb before checking if
+	we have any ultimately trusted keys.  This ensures that if we lose
+	all our ultimately trusted keys, we don't leave behind the old
+	validity calculations.  Noted by Peter Palfrader.
+
+	* revoke.c (gen_desig_revoke): Specify in the comment when a
+	designated revocation is generated.
+
+	* getkey.c (merge_selfsigs_main, merge_selfsigs_subkey,
+	get_seckey_byname2): Remove Elgamal check since we are removing
+	type 20 keys altogether.
+
 2003-11-27  David Shaw  <dshaw@jabberwocky.com>
 
 	* pkclist.c (build_pk_list): Do not allow an empty PK list in

g10/getkey.c

@@ -1055,11 +1055,7 @@ get_seckey_byname2( GETKEY_CTX *retctx,
 	ctx.items[0].mode = KEYDB_SEARCH_MODE_FIRST;
 	rc = lookup( &ctx, &kb, 1 );
         if (!rc && sk )
-	  {
-	    sk_from_block ( &ctx, sk, kb );
-	    if(sk->pubkey_algo==PUBKEY_ALGO_ELGAMAL)
-	      rc=G10ERR_UNU_SECKEY;
-	  }
+            sk_from_block ( &ctx, sk, kb );
         release_kbnode ( kb );
 	get_seckey_end( &ctx );
     }
@@ -1681,11 +1677,6 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
         if ( x ) /* mask it down to the actual allowed usage */
             key_usage &= x; 
     }
-
-    /* Type 20 Elgamal keys are not usable. */
-    if(pk->pubkey_algo==PUBKEY_ALGO_ELGAMAL)
-      key_usage=0;
-
     pk->pubkey_usage = key_usage;
 
     if ( !key_expire_seen ) {
@@ -1902,13 +1893,6 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
         if ( x ) /* mask it down to the actual allowed usage */
             key_usage &= x; 
     }
-
-    /* Type 20 Elgamal subkeys or any subkey on a type 20 primary are
-       not usable. */
-    if(mainpk->pubkey_algo==PUBKEY_ALGO_ELGAMAL
-       || subpk->pubkey_algo==PUBKEY_ALGO_ELGAMAL)
-      key_usage=0;
-
     subpk->pubkey_usage = key_usage;
     
     p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);

g10/revoke.c

@@ -294,7 +294,7 @@ gen_desig_revoke( const char *uname )
 	      goto leave;
 
 	    afx.what = 1;
-	    afx.hdrlines = "Comment: A revocation certificate should follow\n";
+	    afx.hdrlines = "Comment: A designated revocation certificate should follow\n";
 	    iobuf_push_filter( out, armor_filter, &afx );
 
 	    /* create it */

g10/trustdb.c

@@ -1949,6 +1949,10 @@ validate_keys (int interactive)
   stored = new_key_hash_table ();
   used = new_key_hash_table ();
   full_trust = new_key_hash_table ();
+
+  kdb = keydb_new (0);
+  reset_trust_records (kdb,NULL);
+
   /* Fixme: Instead of always building a UTK list, we could just build it
    * here when needed */
   if (!utk_list)
@@ -1957,10 +1961,6 @@ validate_keys (int interactive)
       goto leave;
     }
 
-  kdb = keydb_new (0);
-
-  reset_trust_records (kdb,NULL);
-
   /* mark all UTKs as used and fully_trusted and set validity to
      ultimate */
   for (k=utk_list; k; k = k->next)