*** empty log message ***

1998-09-28 19:25:31 +00:00 · 1998-09-28 19:25:31 +00:00 · 41fa8a3345
parent 0e3d05fdac
commit 41fa8a3345
58 changed files with 1105 additions and 729 deletions
--- a/Makefile.am
+++ b/Makefile.am
@ -1,7 +1,7 @@
 ## Process this file with automake to produce Makefile.in
 SUBDIRS =  intl po zlib util mpi cipher tools g10 doc checks
-EXTRA_DIST = VERSION
+EXTRA_DIST = VERSION  PROJECTS
 dist-hook:
--- a/14
+++ b/14
@ -1,3 +1,17 @@
 Noteworthy changes in version 0.4.1
 -----------------------------------
    * A secondary key is used when the primary key is specified but cannot
      be used for the operation (if it is a sign-only key).
    * GNUPG can now handle concatenated armored messages:  There is still a
      bug if different kinds of messages are mixed.
    * Iterated+Salted passphrases now work.  If want to be sure that PGP5
      is able to handle them you may want to use the options
 	"--s2k-mode 3 --s2k-cipher-algo cast5 --s2k-digest-algo sha1"
      when changing a passphrase.
 Noteworthy changes in version 0.4.0
 -----------------------------------
    * Triple DES is now supported.  Michael Roth did this piece of
--- a/6
+++ b/6
@ -0,0 +1,6 @@
  - abstraction of the MPI
  - Add a way to override the current cipher/md implementations
    by others (using extensions)
--- a/19
+++ b/19
@ -1,5 +1,3 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 		  GNUPG - The GNU Privacy Guard
 		 -------------------------------
 			  Version 0.4
@ -49,7 +47,7 @@
    The default algorithms are now DSA and ELGamal.  ELGamal for signing
    is still available, but due to the larger size of such signatures it
    is depreciated (Please note that the GNUPG implementation of ElGamal
-    signatures is *not* insecure).  Symmetric algorithms are: Blowfish
+    signatures is *not* insecure).  Symmetric algorithms are: 3DES, Blowfish
    and CAST5,	Digest algorithms are MD5, RIPEMD160, SHA1 and TIGER/192.
@ -57,7 +55,9 @@
    Installation
    ------------
-    See the file INSTALL.  Here is a quick summary:
+    Please read the file INSTALL.
    Here is a quick summary:
    1)	"./configure"
@ -321,7 +321,7 @@
    ugly data structures, weird usage of filenames and other things.
    The primary FTP site is "ftp://ftp.guug.de/pub/gcrypt/"
-    The primary WWW page is "http://www.d.shuttle.de/isil/crypt/gnupg.html"
+    The primary WWW page is "http://www.d.shuttle.de/isil/gnupg/"
    If you like, send your keys to <gnupg-keys@isil.d.shuttle.de>; use
    "gpg --export --armor | mail gnupg-keys@isil.d.shuttle.de" to do this.
@ -330,12 +330,3 @@
    post them to the mailing list <g10@net.lut.ac.uk> (this is a closed list,
    please subscribe before posting).
 -----BEGIN PGP SIGNATURE-----
 Version: GNUPG v0.3.5a (GNU/Linux)
 Comment: Get GNUPG from ftp://ftp.guug.de/pub/gcrypt/
 iQB1AwUBNgJ6bB0Z9MEMmFelAQEBHgL+JhFVCrTAK2G3NVVVQBHXU5eucNx3tQQE3UucvSBA
 YaKfX8dC5QU7wfgv8nFBXMK2mnAcJhJzBT6mZwxpzTZZTh7IS4qu//R9Vgy3A06ZddxKFf2M
 YFelmgdpqTL6ntJC
 =JZ3m
 -----END PGP SIGNATURE-----
--- a/8
+++ b/8
@ -15,12 +15,17 @@ Detlef Lannert		lannert@lannert.rz.uni-duesseldorf.de
 Ed Boraas		ecxjo@esperanto.org
 Ernst Molitor		ernst.molitor@uni-bonn.de
 Frank Heckenbach	heckenb@mi.uni-erlangen.de
 Gaël Quéri		gqueri@mail.dotcom.fr
 Hendrik Buschkamp	buschkamp@rheumanet.org
 Holger Schurig		holger@d.om.org
 Hugh Daniel		hugh@toad.com
 Ian McKellar		imckellar@harvestroad.com.au
 James Troup		james@nocrew.org
 Jean-loup Gailly	gzip@prep.ai.mit.edu
 Jens Bachem		bachem@rrz.uni-koeln.de
 Jörg Schilling		schilling@fokus.gmd.de
 Karl Fogel		kfogel@guanabana.onshore.com
 Karsten Thygesen	karthy@kom.auc.dk
 Lars Kellogg-Stedman	lars@bu.edu
 Marco d'Itri            md@linux.it
 Mark Adler		madler@alumni.caltech.edu
@ -37,9 +42,10 @@ Paul D. Smith		psmith@baynetworks.com
 Peter Gutmann		pgut001@cs.auckland.ac.nz
 QingLong		qinglong@bolizm.ihep.su
 Ralph Gillen		gillen@theochem.uni-duesseldorf.de
 Roland Rosenfeld	roland@spinnaker.rhein.de
 Serge Munhoven		munhoven@mema.ucl.ac.be
 Steffen Ullrich 	ccrlphr@xensei.com
-Steffen Zahn		Steffen.Zahn@oen.siemens.de
+Steffen Zahn		zahn@berlin.snafu.de
 Thomas Roessler 	roessler@guug.de
 Tom Spindler		dogcow@home.merit.edu
 Tom Zerucha		tzeruch@ceddec.com
--- a/22
+++ b/22
@ -1,11 +1,18 @@
    * after creating a new uid, the preferences in the trustdb are not updated.
      We should always sync the trustdb in such cases.
    * write a tool to extract selected keys from a file.
    * new menu to delete signatures and list signature in menu
    * commandline controlled --edit-key with assumed save.
    * -rdynamic auf Solaris Problem
    * if --libdir is used, the extensions are put in a wrong place.
      How does GNOME handle this or make a new option for this directory.
-
+      Hmmm, I don´ like to pass ot as a commandline option to cc.
    * Should we use the ElGamal subkey if the DSA keyid is given?
      What about an option --loose-keyid-match?
    * salted and iterated S2Ks don't work (see passphrase.c).
    * Replace the SIGUSR1 stuff by semaphores to avoid loss of a signal.
@ -42,11 +49,6 @@
    * Add some stuff for DU cc
    * check for "expect" before running test genkey1024
    * use "passphrase" instead of "pass phrase"
    * Use "user ID", "trustdb" and "WARNING".
    * armor.c cannot handle concatenated armored messages.
      at least it should be possible to do this for "KEY BLOCK"
--- a/2
+++ b/2
@ -1 +1 @@
-0.4.0
+0.4.0a
--- a/acconfig.h
+++ b/acconfig.h
@ -80,6 +80,7 @@
 #undef USE_SHM_COPROCESSING
 #undef IPC_HAVE_SHM_LOCK
 #undef IPC_RMID_DEFERRED_RELEASE
@BOTTOM@
--- a/acinclude.m4
+++ b/acinclude.m4
@ -116,6 +116,7 @@ define(WK_CHECK_CACHE,
 ######################################################################
 # Check for SysV IPC  (from GIMP)
 #   And see whether we have a SHM_LOCK (FreeBSD does not have it).
 ######################################################################
 dnl WK_CHECK_IPC
 dnl
@ -150,6 +151,15 @@ define(WK_CHECK_IPC,
 	AC_MSG_RESULT(yes),
 	AC_MSG_RESULT(no),
 	AC_MSG_RESULT(assuming no))
      AC_MSG_CHECKING(whether SHM_LOCK is available)
      AC_TRY_COMPILE([#include <sys/types.h>
 	    #include <sys/ipc.h>
 	    #include <sys/shm.h>],[
 	    int foo( int shm_id ) {  shmctl(shm_id, SHM_LOCK, 0); }
 	    ],
 	AC_DEFINE(IPC_HAVE_SHM_LOCK)
 	AC_MSG_RESULT(yes),
 	AC_MSG_RESULT(no))
    fi
  ])
@ -165,6 +175,7 @@ define(WK_CHECK_MLOCK,
    if test "$ac_cv_func_mlock" = "yes"; then
 	AC_MSG_CHECKING(whether mlock is broken)
 	  AC_TRY_RUN([
 		#include <stdlib.h>
 		#include <unistd.h>
 		#include <errno.h>
 		#include <sys/mman.h>
--- a/checks/ChangeLog
+++ b/checks/ChangeLog
@ -1,3 +1,7 @@
 Wed Sep 23 12:25:07 1998  Werner Koch  (wk@isil.d.shuttle.de)
 	* run-gpg.patterns: New (because Solaris fgrep does not like -f -).
 Mon Aug 10 21:33:38 1998  Werner Koch  (wk@(none))
 	* genkey1024.test: Ariel fixed this.
--- a/checks/Makefile.am
+++ b/checks/Makefile.am
@ -18,7 +18,7 @@ TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \
 DATA_FILES = data-500 data-9000 data-32000 data-80000
-EXTRA_DIST = defs.inc run-gpg run-gpgm $(TESTS) $(TEST_FILES)
+EXTRA_DIST = defs.inc run-gpg run-gpgm run-gpg.patterns $(TESTS) $(TEST_FILES)
 CLEANFILES = prepared.stamp x y z out err  $(DATA_FILES) \
 	     plain-1 plain-2 plain-3
 DISTCLEANFILES = pubring.gpg secring.gpg pubring.pkr secring.skr
--- a/checks/genkey1024.test
+++ b/checks/genkey1024.test
@ -2,9 +2,19 @@
 . $srcdir/defs.inc || exit 3
 if which expect ; then
  :
 else
  echo "\"expect\" needed but not found - test skipped"
  exit 0
 fi
 expect - <<EOF
 #set timeout -1
-set timeout 5
+set timeout 8
 match_max 100000
 spawn ../g10/gpg --no-batch --quick-random --homedir . --gen-key
 expect { 
@ -86,7 +96,7 @@ some other action (work in another window, move the mouse, utilize the\r
 network and the disks) during the prime generation; this gives the random\r
 number generator a better chance to gain enough entropy.\r" {}
    timeout { exit 1 } }
-set timeout 120
+set timeout 600
 expect {
    -ex "public and secret key created and signed.\r" { exit 0 }
    eof  { exit 1 }
--- a/checks/mds.test
+++ b/checks/mds.test
@ -3,7 +3,7 @@
 . $srcdir/defs.inc || exit 3
 test_one () {
-   if [ "$(grep $1 y | sed -e 's/.*=[ ]\(.*\)/\1/' -e 's/ //g')" != "$2" ]; then
+   if [ "`grep $1 y | sed -e 's/.*=[ ]\(.*\)/\1/' -e 's/ //g'`" != "$2" ]; then
 	failed="$failed $1"
   fi
 }
--- a/checks/run-gpg
+++ b/checks/run-gpg
@ -10,11 +10,6 @@ else
    rm err.tmp.$$
    exit 1
 fi
-fgrep -v -f - err.tmp.$$ <<EOF
+fgrep -v -f run-gpg.patterns err.tmp.$$
 gpg: Good signature from
 gpg: Signature made
 gpg: note: cipher algorithm 3 not found in preferences
 gpg: note: cipher algorithm 4 not found in preferences
 EOF
 rm err.tmp.$$
--- a/checks/run-gpg.patterns
+++ b/checks/run-gpg.patterns
@ -0,0 +1,6 @@
 gpg: Good signature from
 gpg: Signature made
 gpg: note: cipher algorithm 3 not found in preferences
 gpg: note: cipher algorithm 4 not found in preferences
 gpg: note: secret key 2E5FA4F4 is NOT protected.
 gpg: note: secret key 439F02CA is NOT protected.
--- a/cipher/ChangeLog
+++ b/cipher/ChangeLog
@ -1,3 +1,16 @@
 Mon Sep 28 13:23:09 1998  Werner Koch  (wk@isil.d.shuttle.de)
 	* md.c (md_digest): New.
 	(md_reset): New.
 Wed Sep 23 12:27:02 1998  Werner Koch  (wk@isil.d.shuttle.de)
 	* tiger.c (TIGER_CONTEXT): moved "buf", so that it is 64 bit aligned.
 Mon Sep 21 06:22:53 1998  Werner Koch  (wk@(none))
 	* des.c: Some patches from Michael.
 Thu Sep 17 19:00:06 1998  Werner Koch  (wk@(none))
 	* des.c : New file from Michael Roth <mroth@nessie.de>
--- a/cipher/Makefile.am
+++ b/cipher/Makefile.am
@ -48,11 +48,11 @@ EXTRA_twofish_SOURCES = twofish.c
 tiger: $(srcdir)/tiger.c
-	`echo $(COMPILE) -shared  -fPIC -o tiger $(srcdir)/tiger.c | \
+	`echo $(COMPILE) -shared  -fPIC -lc -o tiger $(srcdir)/tiger.c | \
 	    sed -e 's/-O2/-O1/' `
 twofish: $(srcdir)/twofish.c
-	`echo $(COMPILE) -shared  -fPIC -o twofish $(srcdir)/twofish.c | \
+	`echo $(COMPILE) -shared  -fPIC -lc -o twofish $(srcdir)/twofish.c | \
 	    sed -e 's/-O2/  /' `
--- a/cipher/des.c
+++ b/cipher/des.c
@ -152,7 +152,6 @@
 */
 typedef struct _des_ctx
  {
    int mode;
    u32 encrypt_subkeys[32];
    u32 decrypt_subkeys[32];
  }
@ -163,19 +162,19 @@ des_ctx[1];
 */
 typedef struct _tripledes_ctx
  {
    int mode;
    u32 encrypt_subkeys[96];
    u32 decrypt_subkeys[96];
  }
 tripledes_ctx[1];
-static void des_key_schedule (const byte *, u32 *, int);
+static void des_key_schedule (const byte *, u32 *);
 static int des_setkey (struct _des_ctx *, const byte *);
 static int des_ecb_crypt (struct _des_ctx *, const byte *, byte *, int);
 static int tripledes_set2keys (struct _tripledes_ctx *, const byte *, const byte *);
 static int tripledes_set3keys (struct _tripledes_ctx *, const byte *, const byte *, const byte *);
 static int tripledes_ecb_crypt (struct _tripledes_ctx *, const byte *, byte *, int);
 static int is_weak_key ( const byte *key );
 static const char *selftest (void);
@ -308,18 +307,58 @@ u32 rightkey_swap[16] =
 /*
 * Numbers of left shifts per round for encryption subkey schedule
 * To calculate the decryption key scheduling we just reverse the
 * ordering of the subkeys so we can omit the table for decryption
 * subkey schedule.
 */
 static byte encrypt_rotate_tab[16] =
 {
  1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
 };
 /*
- * Numbers of right shifts per round for decryption subkey schedule
+ * Table with weak DES keys sorted in ascending order.
 * In DES their are 64 known keys wich are weak. They are weak
 * because they produce only one, two or four different
 * subkeys in the subkey scheduling process.
 * The keys in this table have all their parity bits cleared.
 */
-static byte decrypt_rotate_tab[16] =
+static byte weak_keys[64][8] =
 {
-  0, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
+  { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },  { 0x00, 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e },
  { 0x00, 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0 },  { 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe },
  { 0x00, 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e },  { 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00 },
  { 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe },  { 0x00, 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0 },
  { 0x00, 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0 },  { 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe },
  { 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00 },  { 0x00, 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e },
  { 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe },  { 0x00, 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0 },
  { 0x00, 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e },  { 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00 },
  { 0x0e, 0x0e, 0x0e, 0x0e, 0xf0, 0xf0, 0xf0, 0xf0 },  { 0x1e, 0x00, 0x00, 0x1e, 0x0e, 0x00, 0x00, 0x0e },
  { 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e, 0x00 },  { 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0, 0xfe },
  { 0x1e, 0x00, 0xfe, 0xe0, 0x0e, 0x00, 0xfe, 0xf0 },  { 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00, 0x00 },
  { 0x1e, 0x1e, 0x1e, 0x1e, 0x0e, 0x0e, 0x0e, 0x0e },  { 0x1e, 0x1e, 0xe0, 0xe0, 0x0e, 0x0e, 0xf0, 0xf0 },
  { 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe, 0xfe },  { 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00, 0xfe },
  { 0x1e, 0xe0, 0x1e, 0xe0, 0x0e, 0xf0, 0x0e, 0xf0 },  { 0x1e, 0xe0, 0xe0, 0x1e, 0x0e, 0xf0, 0xf0, 0x0e },
  { 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe, 0x00 },  { 0x1e, 0xfe, 0x00, 0xe0, 0x0e, 0xfe, 0x00, 0xf0 },
  { 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e, 0xfe },  { 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0, 0x00 },
  { 0x1e, 0xfe, 0xfe, 0x1e, 0x0e, 0xfe, 0xfe, 0x0e },  { 0xe0, 0x00, 0x00, 0xe0, 0xf0, 0x00, 0x00, 0xf0 },
  { 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e, 0xfe },  { 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0, 0x00 },
  { 0xe0, 0x00, 0xfe, 0x1e, 0xf0, 0x00, 0xfe, 0x0e },  { 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00, 0xfe },
  { 0xe0, 0x1e, 0x1e, 0xe0, 0xf0, 0x0e, 0x0e, 0xf0 },  { 0xe0, 0x1e, 0xe0, 0x1e, 0xf0, 0x0e, 0xf0, 0x0e },
  { 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe, 0x00 },  { 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00, 0x00 },
  { 0xe0, 0xe0, 0x1e, 0x1e, 0xf0, 0xf0, 0x0e, 0x0e },  { 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe, 0xfe },
  { 0xe0, 0xfe, 0x00, 0x1e, 0xf0, 0xfe, 0x00, 0x0e },  { 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e, 0x00 },
  { 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0, 0xfe },  { 0xe0, 0xfe, 0xfe, 0xe0, 0xf0, 0xfe, 0xfe, 0xf0 },
  { 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe },  { 0xfe, 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0 },
  { 0xfe, 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e },  { 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00 },
  { 0xfe, 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0 },  { 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe },
  { 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00 },  { 0xfe, 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e },
  { 0xfe, 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e },  { 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00 },
  { 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe },  { 0xfe, 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0 },
  { 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00 },  { 0xfe, 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e },
  { 0xfe, 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0 },  { 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe }
 };
@ -359,7 +398,7 @@ static byte decrypt_rotate_tab[16] =
 /*
- * A full DES round including 'expansion funtion', 'sbox substitution'
+ * A full DES round including 'expansion function', 'sbox substitution'
 * and 'primitive function P' but without swapping the left and right word.
 */
 #define DES_ROUND(from, to, work, subkey)		\
@ -403,23 +442,22 @@ static byte decrypt_rotate_tab[16] =
 /*
- * des_key_schedule():	  Calculate 16 subkeys pairs (even/odd) for one DES round
+ * des_key_schedule():	  Calculate 16 subkeys pairs (even/odd) for
 *			  16 encryption rounds.
 *			  To calculate subkeys for decryption the caller
 *			  have to reorder the generated subkeys.
 *
 *    rawkey:	    8 Bytes of key data
 *    subkey:	    Array of at least 32 u32s. Will be filled
 *		    with calculated subkeys.
 *    mode:	    Key schedule mode.
 *		    mode == 0:	Calculate subkeys to encrypt
 *		    mode != 0:	Calculate subkeys to decrypt
 *
 */
 static void
-des_key_schedule (const byte * rawkey, u32 * subkey, int mode)
+des_key_schedule (const byte * rawkey, u32 * subkey)
 {
  u32 left, right, work;
  int round;
  READ_64BIT_DATA (rawkey, left, right)
  DO_PERMUTATION (right, work, left, 4, 0x0f0f0f0f)
@ -441,20 +479,8 @@ des_key_schedule (const byte * rawkey, u32 * subkey, int mode)
  for (round = 0; round < 16; ++round)
    {
-      if (mode)
+      left = ((left << encrypt_rotate_tab[round]) | (left >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
-	{
+      right = ((right << encrypt_rotate_tab[round]) | (right >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
 	  /* decrypt */
 	  left = ((left >> decrypt_rotate_tab[round]) | (left << (28 - decrypt_rotate_tab[round]))) & 0x0fffffff;
 	  right = ((right >> decrypt_rotate_tab[round]) | (right << (28 - decrypt_rotate_tab[round]))) & 0x0fffffff;
 	}
      else
 	{
 	  /* encrypt */
 	  left = ((left << encrypt_rotate_tab[round]) | (left >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
 	  right = ((right << encrypt_rotate_tab[round]) | (right >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
 	}
      *subkey++ = ((left << 4) & 0x24000000)
 	| ((left << 28) & 0x10000000)
@ -514,11 +540,15 @@ des_key_schedule (const byte * rawkey, u32 * subkey, int mode)
 static int
 des_setkey (struct _des_ctx *ctx, const byte * key)
 {
-  if (!ctx || !key)
+  int i;
    return -1;
-  des_key_schedule (key, ctx->encrypt_subkeys, 0);
+  des_key_schedule (key, ctx->encrypt_subkeys);
-  des_key_schedule (key, ctx->decrypt_subkeys, 1);
+
  for(i=0; i<32; i+=2)
    {
      ctx->decrypt_subkeys[i]	= ctx->encrypt_subkeys[30-i];
      ctx->decrypt_subkeys[i+1] = ctx->encrypt_subkeys[31-i];
    }
  return 0;
 }
@ -535,9 +565,6 @@ des_ecb_crypt (struct _des_ctx *ctx, const byte * from, byte * to, int mode)
  u32 left, right, work;
  u32 *keys;
  if (!ctx || !from || !to)
    return -1;
  keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;
  READ_64BIT_DATA (from, left, right)
@ -570,17 +597,25 @@ tripledes_set2keys (struct _tripledes_ctx *ctx,
 		    const byte * key1,
 		    const byte * key2)
 {
-  if (!ctx || !key1 || !key2)
+  int i;
    return -1;
-  des_key_schedule (key1, ctx->encrypt_subkeys, 0);
+  des_key_schedule (key1, ctx->encrypt_subkeys);
-  des_key_schedule (key1, ctx->decrypt_subkeys, 1);
+  des_key_schedule (key2, &(ctx->decrypt_subkeys[32]));
-  des_key_schedule (key2, &(ctx->encrypt_subkeys[32]), 1);
+  for(i=0; i<32; i+=2)
-  des_key_schedule (key2, &(ctx->decrypt_subkeys[32]), 0);
+    {
      ctx->decrypt_subkeys[i]	 = ctx->encrypt_subkeys[30-i];
      ctx->decrypt_subkeys[i+1]  = ctx->encrypt_subkeys[31-i];
-  des_key_schedule (key1, &(ctx->encrypt_subkeys[64]), 0);
+      ctx->encrypt_subkeys[i+32] = ctx->decrypt_subkeys[62-i];
-  des_key_schedule (key1, &(ctx->decrypt_subkeys[64]), 1);
+      ctx->encrypt_subkeys[i+33] = ctx->decrypt_subkeys[63-i];
      ctx->encrypt_subkeys[i+64] = ctx->encrypt_subkeys[i];
      ctx->encrypt_subkeys[i+65] = ctx->encrypt_subkeys[i+1];
      ctx->decrypt_subkeys[i+64] = ctx->decrypt_subkeys[i];
      ctx->decrypt_subkeys[i+65] = ctx->decrypt_subkeys[i+1];
    }
  return 0;
 }
@ -598,17 +633,23 @@ tripledes_set3keys (struct _tripledes_ctx *ctx,
 		    const byte * key2,
 		    const byte * key3)
 {
-  if (!ctx || !key1 || !key2 || !key3)
+  int i;
    return -1;
-  des_key_schedule (key1, ctx->encrypt_subkeys, 0);
+  des_key_schedule (key1, ctx->encrypt_subkeys);
-  des_key_schedule (key1, ctx->decrypt_subkeys, 1);
+  des_key_schedule (key2, &(ctx->decrypt_subkeys[32]));
  des_key_schedule (key3, &(ctx->encrypt_subkeys[64]));
-  des_key_schedule (key2, &(ctx->encrypt_subkeys[32]), 1);
+  for(i=0; i<32; i+=2)
-  des_key_schedule (key2, &(ctx->decrypt_subkeys[32]), 0);
+    {
      ctx->decrypt_subkeys[i]	 = ctx->encrypt_subkeys[94-i];
      ctx->decrypt_subkeys[i+1]  = ctx->encrypt_subkeys[95-i];
-  des_key_schedule (key3, &(ctx->encrypt_subkeys[64]), 0);
+      ctx->encrypt_subkeys[i+32] = ctx->decrypt_subkeys[62-i];
-  des_key_schedule (key3, &(ctx->decrypt_subkeys[64]), 1);
+      ctx->encrypt_subkeys[i+33] = ctx->decrypt_subkeys[63-i];
      ctx->decrypt_subkeys[i+64] = ctx->encrypt_subkeys[30-i];
      ctx->decrypt_subkeys[i+65] = ctx->encrypt_subkeys[31-i];
    }
  return 0;
 }
@ -617,6 +658,7 @@ tripledes_set3keys (struct _tripledes_ctx *ctx,
 /*
 * Electronic Codebook Mode Triple-DES encryption/decryption of data according to 'mode'.
 * Sometimes this mode is named 'EDE' mode (Encryption-Decryption-Encryption).
 */
 static int
 tripledes_ecb_crypt (struct _tripledes_ctx *ctx, const byte * from, byte * to, int mode)
@ -624,9 +666,6 @@ tripledes_ecb_crypt (struct _tripledes_ctx *ctx, const byte * from, byte * to, i
  u32 left, right, work;
  u32 *keys;
  if (!ctx || !from || !to)
    return -1;
  keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;
  READ_64BIT_DATA (from, left, right)
@ -666,17 +705,45 @@ tripledes_ecb_crypt (struct _tripledes_ctx *ctx, const byte * from, byte * to, i
 }
 /*
 * Check whether the 8 byte key is weak.
 * Dose not check the parity bits of the key but simple ignore them.
 */
 static int
-is_weak_key ( byte *key )
+is_weak_key ( const byte *key )
 {
-    return 0; /* FIXME */
+  byte work[8];
  int i, left, right, middle, cmp_result;
  /* clear parity bits */
  for(i=0; i<8; ++i)
     work[i] = key[i] & 0xfe;
  /* binary search in the weak key table */
  left = 0;
  right = 63;
  while(1)
    {
      middle = (left + right) / 2;
      if ( !(cmp_result=memcmp(work, weak_keys[middle], 8)) )
 	  return -1;
      if ( left == right )
 	  break;
      if ( cmp_result > 0 )
 	  left = middle + 1;
      else
 	  right = middle - 1;
    }
  return 0;
 }
 /*
 * Performs a selftest of this DES/Triple-DES implementation.
 * Returns an string with the error text on failure.
@ -717,12 +784,14 @@ selftest (void)
 	memcpy (input, temp1, 8);
      }
    if (memcmp (temp3, result, 8))
-      return "DES maintenace test failed.";
+      return "DES maintenance test failed.";
  }
  /*
-   * Triple-DES test  (Does somebody known on official test?)
+   * Triple-DES test  (Do somebody known on official test?)
   *
   * FIXME: This test doesn't use tripledes_set3keys() !
   */
  {
    int i;
@ -749,6 +818,20 @@ selftest (void)
      return "TRIPLE-DES test failed.";
  }
  /*
   * Check the weak key detection. We simply assume the table with
   * weak keys is ok and check every key in the table if it is
   * detected... (This test is a little bit stupid)
   */
  {
    int i;
    for (i = 0; i < 64; ++i)
 	if (!is_weak_key(weak_keys[i]))
 	    return "DES weak key detection failed";
  }
  return 0;
 }
@ -759,11 +842,11 @@ do_tripledes_setkey ( struct _tripledes_ctx *ctx, byte *key, unsigned keylen )
    if( keylen != 24 )
 	return G10ERR_WRONG_KEYLEN;
    tripledes_set3keys ( ctx, key, key+8, key+16);
    if( is_weak_key( key ) || is_weak_key( key+8 ) || is_weak_key( key+16 ) )
 	return G10ERR_WEAK_KEY;
    tripledes_set3keys ( ctx, key, key+8, key+16);
    return 0;
 }
@ -800,7 +883,7 @@ des_get_info( int algo, size_t *keylen,
    if( !did_selftest ) {
 	const char *s = selftest();
 	if( s )
-	    log_fatal("selftest failed: %s", s );
+	    log_fatal("selftest failed: %s\n", s );
 	did_selftest = 1;
    }
--- a/cipher/md.c
+++ b/cipher/md.c
@ -256,7 +256,7 @@ md_copy( MD_HANDLE a )
 		  : m_alloc( sizeof *b );
    memcpy( b, a, sizeof *a );
    b->list = NULL;
-    /* and now copy the compelte list of algorithms */
+    /* and now copy the complete list of algorithms */
    /* I know that the copied list is reversed, but that doesn't matter */
    for( ar=a->list; ar; ar = ar->next ) {
 	br = a->secure ? m_alloc_secure( sizeof *br + ar->contextsize )
@ -269,6 +269,23 @@ md_copy( MD_HANDLE a )
 }
 /****************
 * Reset all contexts and discard any buffered stuuf.  This may be used
 * instead of a md_close(); md_open().
 */
 void
 md_reset( MD_HANDLE a )
 {
    struct md_digest_list_s *r;
    a->bufcount = 0;
    for( r=a->list; r; r = r->next ) {
 	memset( r->context, 0, r->contextsize );
 	(*r->init)( &r->context );
    }
 }
 void
 md_close(MD_HANDLE a)
 {
@ -331,7 +348,7 @@ md_read( MD_HANDLE a, int algo )
    if( !algo ) {  /* return the first algorithm */
 	if( (r=a->list) ) {
 	    if( r->next )
-		log_error("warning: more than algorithm in md_read(0)\n");
+		log_debug("more than algorithm in md_read(0)\n");
 	    return (*r->read)( &r->context );
 	}
    }
@ -344,6 +361,58 @@ md_read( MD_HANDLE a, int algo )
    return NULL;
 }
 /****************
 * This function combines md_final and md_read but keeps the context
 * intact.  This function can be used to calculate intermediate
 * digests.  The digest is copied into buffer and the digestlength is
 * returned.  If buffer is NULL only the needed size for buffer is returned.
 * buflen gives the max size of buffer. If the buffer is too shourt to
 * hold the complete digest, the buffer is filled with as many bytes are
 * possible and this value is returned.
 */
 int
 md_digest( MD_HANDLE a, int algo, byte *buffer, int buflen )
 {
    struct md_digest_list_s *r = NULL;
    char *context;
    char *digest;
    if( a->bufcount )
 	md_write( a, NULL, 0 );
    if( !algo ) {  /* return digest for the first algorithm */
 	if( (r=a->list) && r->next )
 	    log_debug("more than algorithm in md_digest(0)\n");
    }
    else {
 	for(r=a->list; r; r = r->next )
 	    if( r->algo == algo )
 		break;
    }
    if( !r )
 	BUG();
    if( !buffer )
 	return r->mdlen;
    /* I don't want to change the interface, so I simply work on a copy
     * the context (extra overhead - should be fixed)*/
    context = a->secure ? m_alloc_secure( r->contextsize )
 			: m_alloc( r->contextsize );
    memcpy( context, r->context, r->contextsize );
    (*r->final)( context );
    digest = (*r->read)( context );
    if( buflen > r->mdlen )
 	buflen = r->mdlen;
    memcpy( buffer, digest, buflen );
    m_free(context);
    return buflen;
 }
 int
 md_get_algo( MD_HANDLE a )
 {
@ -423,5 +492,13 @@ md_stop_debug( MD_HANDLE md )
 	fclose(md->debug);
 	md->debug = NULL;
    }
  #ifdef HAVE_U64_TYPEDEF
    {  /* a kludge to pull in the __muldi3 for Solaris */
       volatile u32 a = (u32)md;
       volatile u32 b = 42;
       volatile u64 c;
       c = a * b;
    }
  #endif
 }
--- a/cipher/pubkey.c
+++ b/cipher/pubkey.c
@ -480,7 +480,7 @@ pubkey_decrypt( int algo, MPI *result, MPI *data, MPI *skey )
 /****************
 * This is the interface to the public key signing.
- * Sign hash with skey and put the result into resarr which
+ * Sign data with skey and put the result into resarr which
 * should be an array of MPIs of size PUBKEY_MAX_NSIG (or less if the
 * algorithm allows this - check with pubkey_get_nsig() )
 */
--- a/cipher/tiger.c
+++ b/cipher/tiger.c
@ -29,9 +29,9 @@
 typedef struct {
    u64  a, b, c;
    u32  nblocks;
    byte buf[64];
    int  count;
    u32  nblocks;
 } TIGER_CONTEXT;
--- a/configure.in
+++ b/configure.in
@ -254,14 +254,15 @@ fi
 AC_SUBST(ZLIBS)
 AM_GNU_GETTEXT
 G10_LOCALEDIR="$g10_prefix/$DATADIRNAME/locale"
 AC_SUBST(G10_LOCALEDIR)
 AC_DEFINE_UNQUOTED(G10_LOCALEDIR, "$G10_LOCALEDIR")
-WK_LINK_FILES($nls_cv_header_libgt, $nls_cv_header_intl )
+dnl WK_LINK_FILES($nls_cv_header_libgt, $nls_cv_header_intl )
 WK_DO_LINK_FILES
 AM_GNU_GETTEXT
 AC_OUTPUT([
 Makefile
 intl/Makefile
--- a/doc/HACKING
+++ b/doc/HACKING
@ -0,0 +1,92 @@
 			  A Hacker's Guide to GNUPG
 		       ================================
 		       (Some notes on GNUPG internals.)
 Memory allocation
 -----------------
 Use only the functions:
    m_alloc()
    m_alloc_clear()
    m_strdup()
    m_free()
 If you want to store a passphrase or some other sensitive data you may
 want to use m_alloc_secure() instead of m_alloc(), as this puts the data
 into a memory region which is protected from swapping (on some platforms).
 m_free() works for both.  This functions will not return if there is not
 enough memory available.
 Logging
 -------
 Option parsing
 ---------------
 GNUPG does not use getopt or GNU getopt but functions of it's own.  See
 util/argparse.c for details.  The advantage of these funtions is that
 it is more easy to display and maintain the help texts for the options.
 The same option table is also used to parse resource files.
 What is an iobuf
 ----------------
 This is the data structure used for most I/O of gnupg.	It is similiar
 to System V Streams but much simpler.  It should be replaced by a cleaner
 and faster implementation.  We are doing to much copying and the semantics
 of "filter" removing are not very clean.  EOF handling is also a problem.
 How to use the message digest functions
 ---------------------------------------
 cipher/md.c implements an interface to hash (message diesgt functions).
 a) If you have a common part of data and some variable parts
   and you need to hash of the concatenated parts, you can use this:
 	md = md_open(...)
 	md_write( md,  common_part )
 	md1 = md_copy( md )
 	md_write(md1, part1)
 	md_final(md1);
 	digest1 = md_read(md1)
 	md2 = md_copy( md )
 	md_write(md2, part2)
 	md_final(md2);
 	digest2 = md_read(md2)
   An example are key signatures; the key packet is the common part
   and the user-id packets are the variable parts.
 b) If you need a running digest you should use this:
 	md = md_open(...)
 	md_write( md, part1 )
 	digest_of_part1 = md_digest( md );
 	md_write( md, part2 )
 	digest_of_part1_cat_part2 = md_digest( md );
 	....
 Both methods may be combined. [Please see the source for the real syntax]
 How to use the cipher functions
 -------------------------------
 How to use the public key functions
 -----------------------------------
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@ -1,9 +1,18 @@
 ## Process this file with automake to create Makefile.in
-EXTRA_DIST = DETAILS rfcs gpg.1pod gpg.1 FAQ
+EXTRA_DIST = DETAILS rfcs gpg.1pod gpg.1 FAQ  HACKING
 man_MANS = gpg.1
 install-data-hook:
 	 if test -f $(man1dir)/gpgm.1; then rm $(man1dir)/gpgm.1; fi
 	 ln -s $(man1dir)/gpg.1 $(man1dir)/gpgm.1 \
 	    || ln $(man1dir)/gpg.1 $(man1dir)/gpgm.1
 %: %pod
 	 pod2man $< --section=`echo $@ | sed 's/^.*(?)$$/$$&/'`\
 		    --release="`date -r $< '+%d %b %Y'`"\
--- a/doc/gpg.1pod
+++ b/doc/gpg.1pod
@ -75,7 +75,7 @@ B<-k> [I<username>] [I<keyring>]
    B<-kvc>   List fingerprints
    B<-kvvc>  List fingerprints and signatures
-B<--list-keys>	[I<names>]
+B<--list-keys>  [I<names>]
    List all keys from the public keyrings, or just the
    ones given on the command line.
@ -83,7 +83,7 @@ B<--list-secret-keys> [I<names>]
    List all keys from the secret keyrings, or just the
    ones given on the command line.
-B<--list-sigs>	[I<names>]
+B<--list-sigs>  [I<names>]
    Same as B<--list-keys>, but the signatures are listed
    too.
@ -201,7 +201,7 @@ B<--import-ownertrust> [I<filename>]
 Long options can be put in an options file (default F<~/.gnupg/options>);
 do not write the 2 dashes, but simply the name of the option and any
-arguments if required.	Lines with a hash as the first non-white-space
+arguments if required.  Lines with a hash as the first non-white-space
 character are ignored. Commands may be put in this file too, but that
 does not make sense.
@ -324,6 +324,26 @@ B<--digest-algo> I<name>
    program with the option B<--verbose> yields a list of
    supported algorithms.
 B<--s2k-cipher-algo> I<name>
    Use I<name> as the cipher algorithm used to protect secret
    keys.  The default cipher is BLOWFISH.  This cipher is
    also used for conventional encryption if B<--cipher-algo>
    is not given.
 B<--s2k-digest-algo> I<name>
    Use I<name> as the digest algorithm used to mangle the
    passphrases.  The default algorithm is RIPE-MD-160.
    This digest algorithm is also used for conventional
    encryption if B<--digest-algo> is not given.
 B<--s2k-mode> I<number>
    Selects how passphrases are mangled: A number of I<0>
    uses the plain passphrase (which is not recommended),
    a I<1> (default) adds a salt to the passphrase and
    I<3> interates the whole process a couple of times.
    Unless -B<--rfc1991> is used, this mode is also used
    for conventional encryption.
 B<--compress-algo> I<number>
    Use compress algorithm I<number>. Default is I<2> which is
    RFC1950 compression; you may use I<1> to use the old zlib
@ -333,6 +353,12 @@ B<--compress-algo> I<number>
    If this is not used the OpenPGP behaviour is used; i.e.
    the compression algorith is selected from the preferences.
 B<--digest-algo> I<name>
    Use I<name> as message digest algorithm. Running the
    program with the option B<--verbose> yields a list of
    supported algorithms.
 B<--throw-keyid>
    Do not put the keyid into encrypted packets.  This option
    hides the receiver of the message and is a countermeasure
@ -385,11 +411,11 @@ a signature was bad and other errorcode for fatal errors.
 =head1 EXAMPLES
-  -se -r Bob [file]	     sign and encrypt for user Bob
+  -se -r Bob [file]          sign and encrypt for user Bob
-  -sat [file]		     make a clear text signature
+  -sat [file]                make a clear text signature
-  -sb  [file]		     make a detached signature
+  -sb  [file]                make a detached signature
-  -k   [userid] 	     show keys
+  -k   [userid]              show keys
-  -kc  [userid] 	     show fingerprint
+  -kc  [userid]              show fingerprint
 =head1 ENVIRONMENT
@ -404,13 +430,13 @@ F<~/.gnupg/pubring.gpg>     The public keyring
 F<~/.gnupg/trustdb.gpg>     The trust database
-F<~/.gnupg/options>	    May contain options
+F<~/.gnupg/options>         May contain options
 F</usr[/local]/lib/gnupg/>  Default location for extensions
 =head1 SEE ALSO
-gpgm(1)  gpgd(1)
+gpg(1)  gpgm(1)
 =head1 WARNINGS
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,21 +1,67 @@
-Fri Sep 18 16:50:32 1998  Werner Koch  (wk@(none))
+Mon Sep 28 12:57:12 1998  Werner Koch  (wk@isil.d.shuttle.de)
 	* g10.c (verify_own_keys): Add warning if a key is not protected.
 	* passphrase (hash_passphrase): Fixed iterated+salted mode and
 	setup for keysizes > hashsize.
 	* g10.c (main): New options: --s2k-{cipher,digest,mode}.
 Fri Sep 25 09:34:23 1998  Werner Koch  (wk@isil.d.shuttle.de)
 	* g10.c: Chnaged some help texts.
 Tue Sep 22 19:34:39 1998  Werner Koch  (wk@isil.d.shuttle.de)
 	* passphrase.c (read_passphrase_from_fd): fixed bug for long
 	passphrases.
 Mon Sep 21 11:28:05 1998  Werner Koch  (wk@(none))
 	* getkey.c (lookup): Add code to use the sub key if the primary one
 	does not match the usage.
 	* armor.c (armor_filter): New error message: no valid data found.
 	(radix64_read): Changes to support multiple messages.
 	(i18n.h): New.
 	* mainproc.c (add_onepass_sig): bug fix.
 Mon Sep 21 08:03:16 1998  Werner Koch  (wk@isil.d.shuttle.de)
 	* pkclist.c (do_we_trust): Add keyid to most messages.
 	* passphrase.c (read_passphrase_from_fd): New.
 	(have_static_passphrase): New
 	(get_passphrase_fd): Removed.
 	(set_passphrase_fd): Removed.
 	* g10.c (main): passphrase is now read here.
 	* keyedit.c (keyedit_menu): "help" texts should now translate fine.
 Mon Sep 21 06:40:02 1998  Werner Koch  (wk@isil.d.shuttle.de)
 	* encode.c (encode_simple): Now disables compression
 	when --rfc1991 is used.
 	(encode_crypt): Ditto.
 Fri Sep 18 16:50:32 1998  Werner Koch  (wk@isil.d.shuttle.de)
 	* getkey.c (merge_key_and_selfsig): New.
-Fri Sep 18 10:20:11 1998  Werner Koch  (wk@(none))
+Fri Sep 18 10:20:11 1998  Werner Koch  (wk@isil.d.shuttle.de)
-	* pkclist.c (select_algo_from_prefs): Removed 3DEs kludge.
+	* pkclist.c (select_algo_from_prefs): Removed 3DES kludge.
 	* seskey.c (make_session_key): Fixed SERIOUS bug introduced
 	by adding the weak key detection code.
 	* sign.c (sign_file): Changed aremor header in certain cases.
-Tue Sep 15 17:52:55 1998  Werner Koch  (wk@(none))
+Tue Sep 15 17:52:55 1998  Werner Koch  (wk@isil.d.shuttle.de)
 	* mainproc.c (check_sig_and_print): Replaced ascime by asctimestamp.
-Mon Sep 14 11:40:52 1998  Werner Koch  (wk@(none))
+Mon Sep 14 11:40:52 1998  Werner Koch  (wk@isil.d.shuttle.de)
 	* seskey.c (make_session_key): Now detects weak keys.
@ -24,17 +70,17 @@ Mon Sep 14 11:40:52 1998  Werner Koch  (wk@(none))
 	* plaintext.c (handle_plaintext): Does no anymore suppress CR from
 	cleartext signed messages.
-Sun Sep 13 12:54:29 1998  Werner Koch  (wk@(none))
+Sun Sep 13 12:54:29 1998  Werner Koch  (wk@isil.d.shuttle.de)
 	* trustdb.c (insert_trust_record): Fixed a stupid bug in the free
 	liunked list loops.
-Sat Sep 12 15:49:16 1998  Werner Koch  (wk@(none))
+Sat Sep 12 15:49:16 1998  Werner Koch  (wk@isil.d.shuttle.de)
 	* status.c (remove_shmid): New.
 	(init_shm_comprocess): Now sets permission to the real uid.
-Wed Sep  9 11:15:03 1998  Werner Koch  (wk@(none))
+Wed Sep  9 11:15:03 1998  Werner Koch  (wk@isil.d.shuttle.de)
 	* packet.h (PKT_pubkey_enc): New flah throw_keyid, and add logic to
 	implement it.
@ -42,11 +88,11 @@ Wed Sep  9 11:15:03 1998  Werner Koch  (wk@(none))
 	* getkey.c (enum_secret_keys): Add new ar and changed all callers.
-Tue Sep  8 20:04:09 1998  Werner Koch  (wk@(none))
+Tue Sep  8 20:04:09 1998  Werner Koch  (wk@isil.d.shuttle.de)
 	* delkey.c (delete_key): Moved from keyedit.c.
-Mon Sep  7 16:37:52 1998  Werner Koch  (wk@(none))
+Mon Sep  7 16:37:52 1998  Werner Koch  (wk@isil.d.shuttle.de)
 	* build-packet.c (calc_length_header): New arg new_ctb to correctly
 	calculate the length of new style packets.
@ -55,7 +101,7 @@ Mon Sep  7 16:37:52 1998  Werner Koch  (wk@(none))
 	* pkclist.c (select_algo_from_prefs): 3DEs substitute is now CAST5.
-Tue Aug 11 17:54:50 1998  Werner Koch  (wk@(none))
+Tue Aug 11 17:54:50 1998  Werner Koch  (wk@isil.d.shuttle.de)
 	* build-packet.c (do_secret_key): Fixed handling of old keys.
@ -63,7 +109,7 @@ Tue Aug 11 17:54:50 1998  Werner Koch  (wk@(none))
 	* openfile.c (open_outfile): Changed arguments and all callers.
-Tue Aug 11 09:14:35 1998  Werner Koch  (wk@(none))
+Tue Aug 11 09:14:35 1998  Werner Koch  (wk@isil.d.shuttle.de)
 	* encode.c (encode_simple): Applied option set-filename and comment.
 	(encode_crypt): Ditto.
@ -87,7 +133,7 @@ Tue Aug 11 09:14:35 1998  Werner Koch  (wk@(none))
 	* status.c (cpr_get_answer_is_yes): add display_help.
-Mon Aug 10 10:11:28 1998  Werner Koch  (wk@(none))
+Mon Aug 10 10:11:28 1998  Werner Koch  (wk@isil.d.shuttle.de)
 	* getkey.c (lookup_sk): Now always returns the primary if arg
 	primary is true.
@ -96,15 +142,15 @@ Mon Aug 10 10:11:28 1998  Werner Koch  (wk@(none))
 	(get_seckey_byname): Ditto.
-Mon Aug 10 08:34:03 1998  Werner Koch  (wk@(none))
+Mon Aug 10 08:34:03 1998  Werner Koch  (wk@isil.d.shuttle.de)
 	* keyid.c (pubkey_letter): ELG_E is now a small g.
-Sat Aug  8 17:26:12 1998  Werner Koch  (wk@(none))
+Sat Aug  8 17:26:12 1998  Werner Koch  (wk@isil.d.shuttle.de)
 	* openfile (overwrite_filep): Changed semantics and all callers.
-Sat Aug  8 12:17:07 1998  Werner Koch  (wk@(none))
+Sat Aug  8 12:17:07 1998  Werner Koch  (wk@isil.d.shuttle.de)
 	* status.c (display_help): New.
@ -118,7 +164,7 @@ Thu Aug  6 07:34:56 1998  Werner Koch,mobil,,,	(wk@tobold)
 	secret keyrings and add additional warning in case of
 	a failed secret keyring operation.
-Wed Aug  5 11:54:37 1998  Werner Koch  (wk@(none))
+Wed Aug  5 11:54:37 1998  Werner Koch  (wk@isil.d.shuttle.de)
 	* g10.c (check_opts): Moved to main.  Changed def_cipher_algo
 	semantics and chnaged all users.
@ -131,7 +177,7 @@ Wed Aug  5 11:54:37 1998  Werner Koch  (wk@(none))
 	* build-packet.c (do_secret_key): Ditto.
 	(do_symkey_enc): Ditto.
-Tue Aug  4 08:59:10 1998  Werner Koch  (wk@(none))
+Tue Aug  4 08:59:10 1998  Werner Koch  (wk@isil.d.shuttle.de)
 	* getkey.c (enum_secret_keys): Now returns only primary keys.
@ -142,36 +188,36 @@ Tue Aug  4 08:59:10 1998  Werner Koch  (wk@(none))
 	* sign.c (sign_file): one-pass sigs are now emiited reverse.
 	Preference data is considered when selecting the compress algo.
-Wed Jul 29 12:53:03 1998  Werner Koch  (wk@(none))
+Wed Jul 29 12:53:03 1998  Werner Koch  (wk@isil.d.shuttle.de)
 	* free-packet.c (copy_signature): New.
 	* keygen.c (generate_subkeypair): rewritten
 	* g10.c (aKeyadd): Removed option --add-key
-Mon Jul 27 10:37:28 1998  Werner Koch  (wk@(none))
+Mon Jul 27 10:37:28 1998  Werner Koch  (wk@isil.d.shuttle.de)
 	* seckey-cert.c (do_check): Additional check on cipher blocksize.
 	(protect_secret_key): Ditto.
 	* encr-data.c: Support for other blocksizes.
 	* cipher.c (write_header): Ditto.
-Fri Jul 24 16:47:59 1998  Werner Koch  (wk@(none))
+Fri Jul 24 16:47:59 1998  Werner Koch  (wk@isil.d.shuttle.de)
 	* kbnode.c (insert_kbnode): Changed semantics and all callers.
 	* keyedit.c : More or less a complete rewrite
-Wed Jul 22 17:10:04 1998  Werner Koch  (wk@(none))
+Wed Jul 22 17:10:04 1998  Werner Koch  (wk@isil.d.shuttle.de)
 	* build-packet.c (write_sign_packet_header): New.
-Tue Jul 21 14:37:09 1998  Werner Koch  (wk@(none))
+Tue Jul 21 14:37:09 1998  Werner Koch  (wk@isil.d.shuttle.de)
 	* import.c (import_one): Now creates a trustdb record.
 	* g10.c (main): New command --check-trustdb
-Mon Jul 20 11:15:07 1998  Werner Koch  (wk@(none))
+Mon Jul 20 11:15:07 1998  Werner Koch  (wk@isil.d.shuttle.de)
 	* genkey.c (generate_keypair): Default key is now DSA with
 	encryption only ElGamal subkey.
--- a/g10/Makefile.am
+++ b/g10/Makefile.am
@ -71,6 +71,8 @@ gpgm_SOURCES = dearmor.c     \
 #gpgd_SOURCES = gpgd.c \
 #	       ks-proto.h \
 #	       ks-proto.c \
 #	       ks-db.c \
 #	       ks-db.h \
 #	       $(common_source)
--- a/g10/OPTIONS
+++ b/g10/OPTIONS
@ -49,7 +49,7 @@ compress-sigs
 run-as-shm-coprocess [request-locked-shm-size]
 # very special :-)
 # You will have to use "--status-fd" too
-
+# Note:  This option dioes only work if given on the command line.
 set-filename <name>
 # Set <name> as the filename into the plaintext packet
--- a/g10/armor.c
+++ b/g10/armor.c
@ -34,6 +34,7 @@
 #include "options.h"
 #include "main.h"
 #include "status.h"
 #include "i18n.h"
 #define CRCINIT 0xB704CE
@ -51,7 +52,7 @@ static int is_initialized;
 typedef enum {
-    fhdrHASArmor,
+    fhdrHASArmor = 0,
    fhdrNOArmor,
    fhdrINIT,
    fhdrINITCont,
@ -331,12 +332,12 @@ find_header( fhdr_state_t state, byte *buf, size_t *r_buflen,
 			if( buf[n-1] == '\r' )
 			    buf[--n] = 0;
 			if( opt.verbose ) {
-			    log_info("armor header: ");
+			    log_info(_("armor header: "));
 			    print_string( stderr, buf, n, 0 );
 			    putc('\n', stderr);
 			}
 			if( clearsig && !(hashes=parse_hash_header( buf )) ) {
-			    log_error("invalid clearsig header\n");
+			    log_error(_("invalid clearsig header\n"));
 			    state = fhdrERROR;
 			}
 			else {
@ -362,7 +363,7 @@ find_header( fhdr_state_t state, byte *buf, size_t *r_buflen,
 		    }
 		}
 		else {
-		    log_error("invalid armor header: ");
+		    log_error(_("invalid armor header: "));
 		    print_string( stderr, buf, n, 0 );
 		    putc('\n', stderr);
 		    state = fhdrERROR;
@ -371,7 +372,7 @@ find_header( fhdr_state_t state, byte *buf, size_t *r_buflen,
 	    else if( c != -1 ) {
 		if( strchr( buf, ':') ) { /* buffer to short, but this is okay*/
 		    if( opt.verbose ) {
-			log_info("armor header: ");
+			log_info(_("armor header: "));
 			print_string( stderr, buf, n, 0 );
 			fputs("[...]\n", stderr);  /* indicate it is truncated */
 		    }
@ -436,7 +437,7 @@ find_header( fhdr_state_t state, byte *buf, size_t *r_buflen,
 	    if( hdr_line == BEGIN_SIGNED_MSG_IDX )
 		clearsig = 1;
 	    if( opt.verbose > 1 )
-		log_info("armor: %s\n", head_strings[hdr_line]);
+		log_info(_("armor: %s\n"), head_strings[hdr_line]);
 	    break;
 	  case fhdrCLEARSIG:
@ -480,7 +481,7 @@ find_header( fhdr_state_t state, byte *buf, size_t *r_buflen,
 				 fhdrREADClearsig : fhdrTESTSpaces;
 	    }
 	    else {
-		log_error("invalid dash escaped line: ");
+		log_error(_("invalid dash escaped line: "));
 		print_string( stderr, buf, n, 0 );
 		putc('\n', stderr);
 		state = fhdrERROR;
@ -549,7 +550,7 @@ find_header( fhdr_state_t state, byte *buf, size_t *r_buflen,
 	  } break;
 	  case fhdrERRORShow:
-	    log_error("invalid clear text header: ");
+	    log_error(_("invalid clear text header: "));
 	    print_string( stderr, buf, n, 0 );
 	    putc('\n', stderr);
 	    state = fhdrERROR;
@ -779,7 +780,7 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn,
 	    break;
 	}
 	else if( (c = asctobin[(c2=c)]) == 255 ) {
-	    log_error("invalid radix64 character %02x skipped\n", c2);
+	    log_error(_("invalid radix64 character %02x skipped\n"), c2);
 	    continue;
 	}
 	switch(idx) {
@ -797,7 +798,10 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn,
    afx->idx = idx;
    afx->radbuf[0] = val;
    if( checkcrc ) {
-	afx->inp_eof = 1; /*assume eof */
+	afx->any_data = 1;
 	afx->inp_checked=0;
 	afx->faked = 0;
 	afx->parse_state = 0;
 	for(;;) { /* skip lf and pad characters */
 	    if( afx->helpidx < afx->helplen )
 		c = afx->helpbuf[afx->helpidx++];
@ -809,7 +813,7 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn,
 	    break;
 	}
 	if( c == -1 )
-	    log_error("premature eof (no CRC)\n");
+	    log_error(_("premature eof (no CRC)\n"));
 	else {
 	    u32 mycrc = 0;
 	    idx = 0;
@ -828,15 +832,15 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn,
 		    break;
 	    } while( ++idx < 4 );
 	    if( c == -1 ) {
-		log_error("premature eof (in CRC)\n");
+		log_error(_("premature eof (in CRC)\n"));
 		rc = G10ERR_INVALID_ARMOR;
 	    }
 	    else if( idx != 4 ) {
-		log_error("malformed CRC\n");
+		log_error(_("malformed CRC\n"));
 		rc = G10ERR_INVALID_ARMOR;
 	    }
 	    else if( mycrc != afx->crc ) {
-		log_error("CRC error; %06lx - %06lx\n",
+		log_error(_("CRC error; %06lx - %06lx\n"),
 				    (ulong)afx->crc, (ulong)mycrc);
 		rc = G10ERR_INVALID_ARMOR;
 	    }
@ -855,11 +859,11 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn,
 		if( rc == -1 )
 		    rc = 0;
 		else if( rc == 2 ) {
-		    log_error("premature eof (in Trailer)\n");
+		    log_error(_("premature eof (in Trailer)\n"));
 		    rc = G10ERR_INVALID_ARMOR;
 		}
 		else {
-		    log_error("error in trailer line\n");
+		    log_error(_("error in trailer line\n"));
 		    rc = G10ERR_INVALID_ARMOR;
 		}
 	      #endif
@ -874,7 +878,6 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn,
    return rc;
 }
 /****************
 * This filter is used to handle the armor stuff
 */
@ -914,13 +917,6 @@ armor_filter( void *opaque, int control,
 	if( size < 15+(4*15) )	/* need space for up to 4 onepass_sigs */
 	    BUG(); /* supplied buffer too short */
 	if( afx->inp_eof ) {
 	    *ret_len = 0;
 	    if( DBG_FILTER )
 		log_debug("armor-filter: eof due to inp_eof flag\n" );
 	    return -1;
 	}
 	if( afx->faked )
 	    rc = fake_packet( afx, a, &n, buf, size );
 	else if( !afx->inp_checked ) {
@ -1021,7 +1017,7 @@ armor_filter( void *opaque, int control,
 	    }
 	    else
 		iobuf_writestr(a,
-		    "Comment: Get GNUPG from ftp://ftp.guug.de/pub/gcrypt/\n");
+		    "Comment: For info finger gcrypt@ftp.guug.de\n");
 	    if( afx->hdrlines )
 		iobuf_writestr(a, afx->hdrlines);
 	    iobuf_put(a, '\n');
@ -1120,6 +1116,8 @@ armor_filter( void *opaque, int control,
 	    iobuf_writestr(a, tail_strings[afx->what] );
 	    iobuf_writestr(a, "-----\n");
 	}
 	else if( !afx->any_data && !afx->inp_bypass )
 	    log_error(_("no valid RFC1991 or OpenPGP data found.\n"));
    }
    else if( control == IOBUFCTRL_DESC )
 	*(char**)buf = "armor_filter";
--- a/g10/encode.c
+++ b/g10/encode.c
@ -76,6 +76,7 @@ encode_simple( const char *filename, int mode )
    cipher_filter_context_t cfx;
    armor_filter_context_t afx;
    compress_filter_context_t zfx;
    int do_compress = opt.compress && !opt.rfc1991;
    memset( &cfx, 0, sizeof cfx);
    memset( &afx, 0, sizeof afx);
@ -92,12 +93,12 @@ encode_simple( const char *filename, int mode )
    cfx.dek = NULL;
    if( mode ) {
 	s2k = m_alloc_clear( sizeof *s2k );
-	s2k->mode = opt.rfc1991? 0:1;
+	s2k->mode = opt.rfc1991? 0:opt.s2k_mode;
 	s2k->hash_algo = opt.def_digest_algo ? opt.def_digest_algo
-					     : DEFAULT_DIGEST_ALGO;
+					     : opt.s2k_digest_algo;
 	cfx.dek = passphrase_to_dek( NULL,
 		       opt.def_cipher_algo ? opt.def_cipher_algo
-					   : DEFAULT_CIPHER_ALGO , s2k, 2 );
+					   : opt.s2k_cipher_algo , s2k, 2 );
 	if( !cfx.dek || !cfx.dek->keylen ) {
 	    rc = G10ERR_PASSPHRASE;
 	    m_free(cfx.dek);
@ -158,13 +159,13 @@ encode_simple( const char *filename, int mode )
    pt->buf = inp;
    pkt.pkttype = PKT_PLAINTEXT;
    pkt.pkt.plaintext = pt;
-    cfx.datalen = filesize && !opt.compress ? calc_packet_length( &pkt ) : 0;
+    cfx.datalen = filesize && !do_compress ? calc_packet_length( &pkt ) : 0;
    /* register the cipher filter */
    if( mode )
 	iobuf_push_filter( out, cipher_filter, &cfx );
    /* register the compress filter */
-    if( opt.compress )
+    if( do_compress )
 	iobuf_push_filter( out, compress_filter, &zfx );
    /* do the work */
@ -197,6 +198,7 @@ encode_crypt( const char *filename, STRLIST remusr )
    armor_filter_context_t afx;
    compress_filter_context_t zfx;
    PK_LIST pk_list;
    int do_compress = opt.compress && !opt.rfc1991;
    memset( &cfx, 0, sizeof cfx);
    memset( &afx, 0, sizeof afx);
@ -270,12 +272,12 @@ encode_crypt( const char *filename, STRLIST remusr )
    pt->buf = inp;
    pkt.pkttype = PKT_PLAINTEXT;
    pkt.pkt.plaintext = pt;
-    cfx.datalen = filesize && !opt.compress? calc_packet_length( &pkt ) : 0;
+    cfx.datalen = filesize && !do_compress? calc_packet_length( &pkt ) : 0;
    /* register the cipher filter */
    iobuf_push_filter( out, cipher_filter, &cfx );
    /* register the compress filter */
-    if( opt.compress ) {
+    if( do_compress ) {
 	int compr_algo = select_algo_from_prefs( pk_list, PREFTYPE_COMPR );
 	if( !compr_algo )
 	    ; /* don't use compression */
--- a/g10/filter.h
+++ b/g10/filter.h
@ -42,7 +42,7 @@ typedef struct {
    int parse_state;
    int inp_checked;   /* set if inp has been checked */
    int inp_bypass;    /* set if the input is not armored */
-    int inp_eof;
+    int any_data;
    const char *hdrlines;
 } armor_filter_context_t;
--- a/g10/g10.c
+++ b/g10/g10.c
@ -135,6 +135,9 @@ enum cmd_and_opt_values { aNull = 0,
    oSetFilename,
    oComment,
    oThrowKeyid,
    oS2KMode,
    oS2KDigest,
    oS2KCipher,
 aTest };
@ -212,6 +215,11 @@ static ARGPARSE_OPTS opts[] = {
    { oMarginalsNeeded, "marginals-needed", 1, N_("(default is 3)")},
    { oLoadExtension, "load-extension" ,2, N_("|file|load extension module")},
    { oRFC1991, "rfc1991",   0, N_("emulate the mode described in RFC1991")},
    { oS2KMode, "s2k-mode",  1, N_("|N| use passphrase mode N")},
    { oS2KDigest, "s2k-digest-algo",2,
 		N_("|NAME| use message digest algorithm NAME for passphrases")},
    { oS2KCipher, "s2k-cipher-algo",2,
 		N_("|NAME| use cipher algorithm NAME for passphrases")},
  #ifdef IS_G10
    { oCipherAlgo, "cipher-algo", 2 , N_("|NAME|use cipher algorithm NAME")},
    { oDigestAlgo, "digest-algo", 2 , N_("|NAME|use message digest algorithm NAME")},
@ -226,10 +234,10 @@ static ARGPARSE_OPTS opts[] = {
  #ifdef IS_G10
    { 302, NULL, 0, N_("@\nExamples:\n\n"
    " -se -r Bob [file]          sign and encrypt for user Bob\n"
-    " -sat [file]                make a clear text signature\n"
+    " --clearsign [file]         make a clear text signature\n"
-    " -sb  [file]                make a detached signature\n"
+    " --detach-sign [file]       make a detached signature\n"
-    " -k   [userid]              show keys\n"
+    " --list-keys [names]        show keys\n"
-    " -kc  [userid]              show fingerprint\n"  ) },
+    " --fingerprint [names]      show fingerprints\n"  ) },
  #endif
  /* hidden options */
@ -472,11 +480,15 @@ main( int argc, char **argv )
    const char *trustdb_name = NULL;
    char *def_cipher_string = NULL;
    char *def_digest_string = NULL;
    char *s2k_cipher_string = NULL;
    char *s2k_digest_string = NULL;
    int pwfd = -1;
  #ifdef USE_SHM_COPROCESSING
    ulong requested_shm_size=0;
  #endif
    trap_unaligned();
    secmem_set_flags( secmem_get_flags() | 2 ); /* suspend warnings */
  #ifdef IS_G10MAINT
    secmem_init( 0 );	   /* disable use of secmem */
    maybe_setuid = 0;
@ -497,6 +509,9 @@ main( int argc, char **argv )
    opt.def_cipher_algo = 0;
    opt.def_digest_algo = 0;
    opt.def_compress_algo = 2;
    opt.s2k_mode = 1; /* salted */
    opt.s2k_digest_algo = DIGEST_ALGO_RMD160;
    opt.s2k_cipher_algo = CIPHER_ALGO_BLOWFISH;
    opt.completes_needed = 1;
    opt.marginals_needed = 3;
    opt.homedir = getenv("GNUPGHOME");
@ -527,8 +542,34 @@ main( int argc, char **argv )
 	    default_config = 0; /* --no-options */
 	else if( pargs.r_opt == oHomedir )
 	    opt.homedir = pargs.r.ret_str;
      #ifdef USE_SHM_COPROCESSING
 	else if( pargs.r_opt == oRunAsShmCP ) {
 	    /* does not make sense in a options file, we do it here,
 	     * so that we are the able to drop setuid as soon as possible */
 	    opt.shm_coprocess = 1;
 	    requested_shm_size = pargs.r.ret_ulong;
 	}
      #endif
    }
  #ifdef USE_SHM_COPROCESSING
    if( opt.shm_coprocess ) {
      #ifdef IS_G10
 	init_shm_coprocessing(requested_shm_size, 1 );
      #else
 	init_shm_coprocessing(requested_shm_size, 0 );
      #endif
    }
  #endif
  #ifdef IS_G10
    /* initialize the secure memory. */
    secmem_init( 16384 );
    maybe_setuid = 0;
    /* Okay, we are now working under our real uid */
  #endif
    if( default_config )
 	configname = make_filename(opt.homedir, "options", NULL );
@ -550,7 +591,7 @@ main( int argc, char **argv )
 	    else {
 		log_error(_("option file '%s': %s\n"),
 				    configname, strerror(errno) );
-		g10_exit(1);
+		g10_exit(2);
 	    }
 	    m_free(configname); configname = NULL;
 	}
@ -654,16 +695,18 @@ main( int argc, char **argv )
 	  case oDoNotExportRSA: opt.do_not_export_rsa = 1; break;
 	  case oCompressSigs: opt.compress_sigs = 1; break;
 	  case oRunAsShmCP:
-	  #ifdef USE_SHM_COPROCESSING
+	  #ifndef USE_SHM_COPROCESSING
-	    opt.shm_coprocess = 1;
+	    /* not possible in the option file,
-	    requested_shm_size = pargs.r.ret_ulong;
+	     * but we print the warning here anyway */
 	  #else
 	    log_error("shared memory coprocessing is not available\n");
 	  #endif
 	    break;
 	  case oSetFilename: opt.set_filename = pargs.r.ret_str; break;
 	  case oComment: opt.comment_string = pargs.r.ret_str; break;
 	  case oThrowKeyid: opt.throw_keyid = 1; break;
 	  case oS2KMode:   opt.s2k_mode = pargs.r.ret_int; break;
 	  case oS2KDigest: s2k_digest_string = m_strdup(pargs.r.ret_str); break;
 	  case oS2KCipher: s2k_cipher_string = m_strdup(pargs.r.ret_str); break;
 	#ifdef IS_G10
 	  case oRemote: /* store the remote users */
@ -680,7 +723,7 @@ main( int argc, char **argv )
 	    locusr = sl;
 	    break;
 	  case oCompress: opt.compress = pargs.r.ret_int; break;
-	  case oPasswdFD: set_passphrase_fd( pargs.r.ret_int ); break;
+	  case oPasswdFD: pwfd = pargs.r.ret_int; break;
 	  case oCipherAlgo: def_cipher_string = m_strdup(pargs.r.ret_str); break;
 	  case oDigestAlgo: def_digest_string = m_strdup(pargs.r.ret_str); break;
 	  case oNoSecmemWarn: secmem_set_flags( secmem_get_flags() | 1 ); break;
@ -709,22 +752,7 @@ main( int argc, char **argv )
 	tty_printf("%s\n", strusage(15) );
    }
-  #ifdef USE_SHM_COPROCESSING
+    secmem_set_flags( secmem_get_flags() & ~2 ); /* resume warnings */
    if( opt.shm_coprocess ) {
      #ifdef IS_G10
 	init_shm_coprocessing(requested_shm_size, 1 );
      #else
 	init_shm_coprocessing(requested_shm_size, 0 );
      #endif
    }
  #endif
  #ifdef IS_G10
    /* initialize the secure memory. */
    secmem_init( 16384 );
    maybe_setuid = 0;
    /* Okay, we are now working under our real uid */
  #endif
    set_debug();
@ -742,12 +770,29 @@ main( int argc, char **argv )
 	if( check_digest_algo(opt.def_digest_algo) )
 	    log_error(_("selected digest algorithm is invalid\n"));
    }
    if( s2k_cipher_string ) {
 	opt.s2k_cipher_algo = string_to_cipher_algo(s2k_cipher_string);
 	m_free(s2k_cipher_string); s2k_cipher_string = NULL;
 	if( check_cipher_algo(opt.s2k_cipher_algo) )
 	    log_error(_("selected cipher algorithm is invalid\n"));
    }
    if( s2k_digest_string ) {
 	opt.s2k_digest_algo = string_to_digest_algo(s2k_digest_string);
 	m_free(s2k_digest_string); s2k_digest_string = NULL;
 	if( check_digest_algo(opt.s2k_digest_algo) )
 	    log_error(_("selected digest algorithm is invalid\n"));
    }
    if( opt.def_compress_algo < 1 || opt.def_compress_algo > 2 )
 	log_error(_("compress algorithm must be in range %d..%d\n"), 1, 2);
    if( opt.completes_needed < 1 )
 	log_error(_("completes-needed must be greater than 0\n"));
    if( opt.marginals_needed < 2 )
 	log_error(_("marginals-needed must be greater than 1\n"));
    switch( opt.s2k_mode ) {
      case 0: case 1: case 3: break;
      default:
 	log_error(_("invalid S2K mode; must be 0, 1 or 3\n"));
    }
    if( log_get_errorcount(0) )
 	g10_exit(2);
@ -795,20 +840,11 @@ main( int argc, char **argv )
    FREE_STRLIST(nrings);
    FREE_STRLIST(sec_nrings);
-    if( argc )
+
-	fname = *argv;
+    if( pwfd != -1 )  /* read the passphrase now. */
-    else {
+	read_passphrase_from_fd( pwfd );
-	fname = NULL;
+
-	if( get_passphrase_fd() == 0 ) {
+    fname = argc? *argv : NULL;
 	    /* reading data and passphrase from stdin:
 	     * we assume the first line is the passphrase, so
 	     * we should read it now.
 	     *
 	     * We should do it here, but for now it is not needed.
 	     * Anyway, this password scheme is not quite good
 	     */
 	}
    }
    switch( cmd ) {
      case aPrimegen:
--- a/g10/getkey.c
+++ b/g10/getkey.c
@ -31,6 +31,7 @@
 #include "keydb.h"
 #include "options.h"
 #include "main.h"
 #include "i18n.h"
 #define MAX_PK_CACHE_ENTRIES 500
@ -789,9 +790,6 @@ lookup( PKT_public_key *pk, int mode,  u32 *keyid,
 	    }
 	}
 	else { /* keyid or fingerprint lookup */
 	    /* No need to compare the usage here, as we already have the
 	     * keyid to use
 	     */
 	    if( DBG_CACHE && (mode== 10 || mode==11) ) {
 		log_debug("lookup keyid=%08lx%08lx req_algo=%d mode=%d\n",
 				(ulong)keyid[0], (ulong)keyid[1],
@ -867,6 +865,29 @@ lookup( PKT_public_key *pk, int mode,  u32 *keyid,
 		merge_one_pk_and_selfsig( keyblock, keyblock );
 	    }
 	    else {
 		if( primary && pk->pubkey_usage
 		    && check_pubkey_algo2( k->pkt->pkt.public_key->pubkey_algo,
 			       pk->pubkey_usage ) == G10ERR_WR_PUBKEY_ALGO ) {
 		    /* if the usage is not correct, try to use a subkey */
 		    KBNODE save_k = k;
 		    for( ; k; k = k->next ) {
 			if( k->pkt->pkttype == PKT_PUBLIC_SUBKEY
 			    && !check_pubkey_algo2(
 				    k->pkt->pkt.public_key->pubkey_algo,
 						     pk->pubkey_usage ) )
 			    break;
 		    }
 		    if( !k )
 			k = save_k;
 		    else
 			log_info(_("using secondary key %08lX "
 				   "instead of primary key %08lX\n"),
 		      (ulong)keyid_from_pk( k->pkt->pkt.public_key, NULL),
 		      (ulong)keyid_from_pk( save_k->pkt->pkt.public_key, NULL)
 				);
 		}
 		copy_public_key_new_namehash( pk, k->pkt->pkt.public_key,
 					      use_namehash? namehash:NULL);
 		merge_one_pk_and_selfsig( keyblock, k );
--- a/g10/gpgd.c
+++ b/g10/gpgd.c
@ -18,6 +18,15 @@
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
 */
 /****************
 * This is a spinning server for most purposes, the server does only
 * fork for updates (which may require signature checks and lengthy DB
 * operations).
 *
 * see ks-proto.c for the used protocol.
 * see ks-db.c	  for the layout of the database.
 */
 #include <config.h>
 #include <stdio.h>
 #include <errno.h>
--- a/g10/import.c
+++ b/g10/import.c
@ -459,7 +459,7 @@ import_secret_one( const char *fname, KBNODE keyblock )
 		      _("can't lock secret keyring: %s\n"), g10_errstr(rc) );
 	else if( (rc=insert_keyblock( &kbpos, keyblock )) )
 	    log_error_f(keyblock_resource_name(&kbpos),
-		      _("can't write keyring\n"), g10_errstr(rc) );
+		      _("can't write keyring: %s\n"), g10_errstr(rc) );
 	unlock_keyblock( &kbpos );
 	/* we are ready */
 	log_info_f(fname, _("key %08lX: secret key imported\n"), (ulong)keyid[1]);
@ -655,16 +655,17 @@ delete_inv_parts( const char *fname, KBNODE keyblock, u32 *keyid )
 	else if( node->pkt->pkttype == PKT_SIGNATURE
 		 && node->pkt->pkt.signature->sig_class == 0x20 )  {
 	    if( uid_seen ) {
-		log_error_f(fname, _("key %08lX: revocation certificate at wrong "
+		log_error_f(fname, _("key %08lX: revocation certificate "
-			   "place - skipped\n"), fname, (ulong)keyid[1]);
+				     "at wrong place - skipped\n"),
 				    (ulong)keyid[1]);
 		delete_kbnode( node );
 	    }
 	    else {
 		int rc = check_key_signature( keyblock, node, NULL);
 		if( rc ) {
-		    log_error_f(fname, _("key %08lX: invalid revocation certificate"
+		    log_error_f(fname, _("key %08lX: invalid revocation "
-			      ": %s - skipped\n"),
+			      "certificate: %s - skipped\n"),
-			      fname, (ulong)keyid[1], g10_errstr(rc));
+			      (ulong)keyid[1], g10_errstr(rc));
 		    delete_kbnode( node );
 		}
 	    }
@ -788,7 +789,7 @@ append_uid( KBNODE keyblock, KBNODE node, int *n_sigs,
    /* at lease a self signature comes next to the user-id */
    if( node->next->pkt->pkttype == PKT_USER_ID ) {
 	log_error_f(fname, _("key %08lX: our copy has no self-signature\n"),
-						  fname, (ulong)keyid[1]);
+						  (ulong)keyid[1]);
 	return G10ERR_GENERAL;
    }
--- a/g10/keydb.h
+++ b/g10/keydb.h
@ -99,8 +99,8 @@ int  build_sk_list( STRLIST locusr, SK_LIST *ret_sk_list,
 					    int unlock, unsigned usage );
 /*-- passphrase.h --*/
-void set_passphrase_fd( int fd );
+int  have_static_passphrase(void);
-int  get_passphrase_fd(void);
+void read_passphrase_from_fd( int fd );
 DEK *passphrase_to_dek( u32 *keyid, int cipher_algo, STRING2KEY *s2k, int mode);
 void set_next_passphrase( const char *s );
 char *get_last_passphrase(void);
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@ -199,7 +199,6 @@ check_all_keysigs( KBNODE keyblock, int only_selected )
 }
 /****************
 * Loop over all locusr and and sign the uids after asking.
 * If no user id is marked, all user ids will be signed;
@ -259,10 +258,9 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified )
 						  (ulong)sk_keyid[1] );
 	    continue;
 	}
-	/* Ask whether we realy should sign these user id(s) */
+	/* Ask whether we really should sign these user id(s) */
 	tty_printf("\n");
 	show_key_with_all_names( keyblock, 1, 1, 0, 0 );
 	tty_printf("\n");
 	tty_printf(_(
 	     "Are you really sure that you want to sign this key\n"
 	     "with your key: \""));
@ -372,9 +370,9 @@ change_passphrase( KBNODE keyblock )
 	set_next_passphrase( NULL );
 	for(;;) {
-	    s2k->mode = 1;
+	    s2k->mode = opt.s2k_mode;
-	    s2k->hash_algo = DIGEST_ALGO_RMD160;
+	    s2k->hash_algo = opt.s2k_digest_algo;
-	    dek = passphrase_to_dek( NULL, CIPHER_ALGO_BLOWFISH, s2k, 2 );
+	    dek = passphrase_to_dek( NULL, opt.s2k_cipher_algo, s2k, 2 );
 	    if( !dek ) {
 		tty_printf(_("passphrase not correctly repeated; try again.\n"));
 	    }
@ -556,7 +554,7 @@ keyedit_menu( const char *username, STRLIST locusr )
 		if( cmds[i].need_sk && !sec_keyblock )
 		    ; /* skip if we do not have the secret key */
 		else if( cmds[i].desc )
-		    tty_printf("%-10s %s\n", cmds[i].name, cmds[i].desc );
+		    tty_printf("%-10s %s\n", cmds[i].name, _(cmds[i].desc) );
 	    }
 	    break;
--- a/g10/keygen.c
+++ b/g10/keygen.c
@ -687,9 +687,9 @@ ask_passphrase( STRING2KEY **ret_s2k )
    s2k = m_alloc_secure( sizeof *s2k );
    for(;;) {
-	s2k->mode = 1;
+	s2k->mode = opt.s2k_mode;
-	s2k->hash_algo = DIGEST_ALGO_RMD160;
+	s2k->hash_algo = opt.s2k_digest_algo;
-	dek = passphrase_to_dek( NULL, CIPHER_ALGO_BLOWFISH, s2k, 2 );
+	dek = passphrase_to_dek( NULL, opt.s2k_cipher_algo, s2k, 2 );
 	if( !dek ) {
 	    tty_printf(_("passphrase not correctly repeated; try again.\n"));
 	}
@ -970,10 +970,10 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock )
    if( passphrase ) {
 	s2k = m_alloc_secure( sizeof *s2k );
-	s2k->mode = 1;
+	s2k->mode = opt.s2k_mode;
-	s2k->hash_algo = DIGEST_ALGO_RMD160;
+	s2k->hash_algo = opt.s2k_digest_algo;
 	set_next_passphrase( passphrase );
-	dek = passphrase_to_dek( NULL, CIPHER_ALGO_BLOWFISH, s2k, 2 );
+	dek = passphrase_to_dek( NULL, opt.s2k_cipher_algo, s2k, 2 );
    }
    rc = do_create( algo, nbits, pub_keyblock, sec_keyblock,
--- a/g10/ks-proto.c
+++ b/g10/ks-proto.c
@ -42,245 +42,114 @@
 *  X-Key-MTime: <last modification time>
 *  X-Key-LID: <local_key_id_used_for_update_etc>
 * [fixme: is X-.... allowed?]
 *
 */
 #include <config.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
 #include <ctype.h>
 #include "util.h"
 #include "ks-proto.h"
-#if 0
+
 /****************
 * Read a protocol line
 */
 static int
-read_line( FILE *fp )
+do_read( int fd, char *buffer, size_t bufsize, int *ret_nread )
 {
-    return -1;
+    int n;
    fd_set rfds;
    struct timeval tv;
    int rc;
    *ret_nread = 0;
    do {
 	FD_ZERO(&rfds);
 	FD_SET(fd, &rfds);
 	tv.tv_sec = 1;
 	tv.tv_usec = 0;
 	if( !(rc=select(fd+1, &rfds, NULL, NULL, &tv)) )
 	    return 0; /* timeout */
 	if( rc == -1 ) {
 	    log_error("select() error: %s\n", strerror(errno));
 	    return -1;
 	}
 	do {
 	    n = read(fd, buffer, bufsize );
 	    if( n >= 0 && n > bufsize )
 		log_bug("bogus read from fd %d (n=%d)\n", fd, n );
 	} while( n == -1 && errno == EINTR );
 	if( n == -1 ) {
 	    log_error("read error on fd %d: %s\n", fd, strerror(errno) );
 	    return -1;
 	}
    } while( !n );
    *ret_nread = n;
    return 0;
 }
 /****************
 * Send a HKP request
 */
 int
 hkp_request( int operation, const char *user_id )
 {
 }
 /************************************************
 ******* client communication stuff  ************
 ************************************************/
 /****************
 * Initialisieren des clients
 * Es wird ein Handle zurückgegeben oder -1 bei einem fehler.
 * z.Z. ist nut eine Verbindung gleichzeitig möglich.
 * Wenn einer serverpid von 0 angegeben wird, so wird diese
 * der environment  variabeln ATEXDB_PID entnommen.
 */
 int
-hkp_open( const char *serverurl )
+ks_get_request( int fd, KS_TRANS *req )
 {
-    const char *s;
+    char *p, *p2, buf[500];
    int nread, n;
    int state = 0;
-    s = SERVER_NAME_TEMPLATE;
+    req->err = 0;
-    client.serv_name = xmalloc(strlen(s) + 10 );
+    req->data = NULL;
-    sprintf(client.serv_name,s, serverpid );
+    while( !do_read( fd, buf, DIM(buf)-1, &nread ) {
-    if( opt.verbose )
+	p = buf;
-	Info("Using unix domain stream '%s'", client.serv_name );
+	if( !state ) {
 	    /* replace the trailing LF with a 0 */
 	    for(p2=p,n=0; n < nread && *p2 != '\n'; p2++ )
 		;
 	    if( *p2 != '\n' ) {
 		req->err = KS_ERR_REQ_TOO_LONG;
 		break;
 	    }
 	    *p2++ = 0;
 	    n++;
-    memset( &client.serv_addr, 0, sizeof client.serv_addr );
+	    /* now look at the request.  Note that the isspace() will work
-    client.serv_addr.sun_family = AF_UNIX;
+	     * because there is still a CR before the 0 */
-    strcpy( client.serv_addr.sun_path, client.serv_name );
+	    if(      (p[0] == 'G' || p[0] == 'g')
-    client.serv_addr_len = strlen(client.serv_addr.sun_path)
+		  && (p[1] == 'E' || p[1] == 'e')
-			    + sizeof client.serv_addr.sun_family;
+		  && (p[2] == 'T' || p[2] == 't') && isspace( p[3] ) ) {
-
+		req->cmd = KS_REQ_GET;
-    client.sockfd = -1;
+		p += 4;
-    if( DoCheckVersion() )
+	    }
-	return -1;
+	    else if( (p[0] == 'H' || p[0] == 'h')
-    return 0;
+		  && (p[1] == 'E' || p[1] == 'e')
-}
+		  && (p[2] == 'A' || p[2] == 'a')
-
+		  && (p[3] == 'D' || p[3] == 'd') && isspace( p[4] ) ) {
-
+		req->cmd = KS_REQ_HEAD;
-static int
+		p += 5;
-DoConnect()
+	    }
-{
+	    else if( (p[0] == 'H' || p[0] == 'h')
-    if( client.sockfd != -1 )
+		  && (p[1] == 'E' || p[1] == 'e')
-	DoDisconnect();
+		  && (p[2] == 'L' || p[2] == 'l')
-    if( (client.sockfd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1 ) {
+		  && (p[3] == 'P' || p[3] == 'p') && isspace( p[4] ) ) {
-	Error(1000,"can't open unix domain socket");
+		req->cmd = KS_REQ_HELP;
-	return 1;
+		p += 5;
-    }
+	    }
-    if( connect(client.sockfd, (struct sockaddr*)&client.serv_addr,
+	    else
-				client.serv_addr_len) == -1 ) {
+		req->cmd = KS_REQ_UNKNOWN;
-	Error(1000,"can't connect to '%s'",client.serv_addr.sun_path);
+	    /* skip spaces, store args and remaining data */
-	return 1;
+	    while( *p == ' ' || *p == '\t' )
-    }
+		p++;
-
+	    /* fixme: remove trailing blanks from args */
-    return 0; /* okay */
+	    req->args = p;
-}
+	    p = p2; /* p now points to the remaining n bytes in the buffer */
-
+	    state = 1;
 static int
 DoDisconnect()
 {
    if( client.sockfd != -1 ) {
 	close(client.sockfd);
 	client.sockfd = -1;
    }
    return 0; /* okay */
 }
 /****************
 * NBYTES auf den aktuellen stream schreiben.
 */
 static int
 DoWrite( void *buf, size_t nbytes )
 {
    size_t nleft = nbytes;
    ssize_t nwritten;
    while( nleft > 0 ) {
 	/* FIXME: add EINTR handling */
 	nwritten = write(client.sockfd, buf, nleft);
 	if( nwritten < 0 ) {
 	    Error(1000,"error writing to server");
 	    return -1;
 	}
-	nleft -= nwritten;
+	if( state == 1 ) {
-	buf = (char*)buf + nwritten;
+	    /* read the option lines */
    }
    return 0;
 }
 static int
 DoWriteStr( const char *s )
 {
    return DoWrite((char *)s, strlen(s) );
 }
 static int
 DoRead( void *buf, size_t buflen, size_t *ret_nread, int stop)
 {
    size_t nleft = buflen;
    int nread;
    char *p;
    p = buf;
    while( nleft > 0 ) {
 	/* FIXME: add EINTR handling */
 	nread = read(client.sockfd, buf, stop? 1 : nleft);
 	if( nread < 0 ) {
 	    Error(1000,"error reading from server");
 	    return -1;
 	}
-	else if( !nread )
+
 	    break; /* EOF */
 	nleft -= nread;
 	buf = (char*)buf + nread;
 	if( stop )
 	    for(; p < (char*)buf ; p++ )
 		if( *p == '\n' )
 		    goto leave;
    }
  leave:
    if( ret_nread )
 	*ret_nread = buflen - nleft;
    return 0;
 }
 /****************
 * Like DoRead(), but append the received data to the given strgbuf.
 * read a maximum of nbytes;
 */
 static int
 DoReadIntoStrgbuf( strgbuf_t *strgbuf, size_t nbytes, size_t *ret_nread)
 {
    size_t ntotal, nleft;
    int nread;
    byte *p, buffer[1000];
    ntotal = 0;
    nleft = nbytes;
    while( nleft ) {
 	nread = read(client.sockfd, buffer,
 			    nleft > DIM(buffer)? DIM(buffer) : nleft);
 	if( nread < 0 ) {
 	    Error(1000,"error reading from server");
 	    return -1;
 	}
 	else if( !nread )
 	    break; /* EOF */
 	nleft -= nread;
 	ntotal += nread;
 	/* ab in den stringbuffer */
 	for(p=buffer; nread; nread--, p++ )
 	    PutStrgbuf(strgbuf, *p );
    }
    if( ret_nread )
 	*ret_nread = ntotal;
    return 0;
 }
 /****************
 * In retval wird das numerische argument nach OK zurückgegeben
 */
 static int
 DoRequest( char *request, long *retval )
 {
    if( DoWrite(request, strlen(request)) )
 	return -1;
    return DoWaitReply( retval );
 }
 static int
 DoWaitReply( long *retval )
 {
    char *p, buf[200]; /* enough room for messages */
    size_t nread;
    /* read but stop at the first newline */
    if( DoRead(buf, DIM(buf)-2, &nread, 1 ) )
 	return -1;
    buf[DIM(buf)-1] = 0;
    /* fixme: should check, that we have the linefeed and otherwise
     * perform a dummy read */
    if( p = strchr(buf, '\n') )
 	*p = 0;
    if( *buf == 'O' && buf[1] == 'K' && (buf[2]==' ' || !buf[2]) ) {
 	if( retval )
 	    *retval = buf[2]? strtol(buf+3, NULL, 10 ):0;
 	return 0;
    }
    Error(0, "Server replied: %.60s", buf );
    return -1;
 }
 #endif
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@ -88,8 +88,10 @@ add_onepass_sig( CTX c, PACKET *pkt )
 	if( c->list->pkt->pkttype != PKT_ONEPASS_SIG ) {
 	   log_error("add_onepass_sig: another packet is in the way\n");
 	   release_list( c );
 	   c->list = new_kbnode( pkt );
 	}
-	add_kbnode( c->list, new_kbnode( pkt ));
+	else
 	   add_kbnode( c->list, new_kbnode( pkt ));
    }
    else /* insert the first one */
 	c->list = node = new_kbnode( pkt );
--- a/g10/options.h
+++ b/g10/options.h
@ -55,6 +55,9 @@ struct {
    const char *set_filename;
    const char *comment_string;
    int throw_keyid;
    int s2k_mode;
    int s2k_digest_algo;
    int s2k_cipher_algo;
 } opt;
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@ -1068,6 +1068,9 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
 		    }
 		    sk->protect.s2k.count = iobuf_get(inp);
 		    pktlen--;
 		    if( list_mode )
 			printf("\tprotect count: %lu\n",
 					    (ulong)sk->protect.s2k.count);
 		}
 	    }
 	    else { /* old version; no S2K, so we set mode to 0, hash MD5 */
--- a/g10/passphrase.c
+++ b/g10/passphrase.c
@ -34,22 +34,16 @@
 #include "i18n.h"
 #include "status.h"
-static int pwfd = -1;
+static char *fd_passwd = NULL;
 static char *next_pw = NULL;
 static char *last_pw = NULL;
 static void hash_passphrase( DEK *dek, char *pw, STRING2KEY *s2k, int create );
 void
 set_passphrase_fd( int fd )
 {
    pwfd = fd;
 }
 int
-get_passphrase_fd()
+have_static_passphrase()
 {
-    return pwfd;
+    return !!fd_passwd;
 }
 /****************
@ -81,6 +75,36 @@ get_last_passphrase()
 }
 void
 read_passphrase_from_fd( int fd )
 {
    int i, len;
    char *pw;
    if( !opt.batch )
 	tty_printf("Reading passphrase from file descriptor %d ...", fd );
    for( pw = NULL, i = len = 100; ; i++ ) {
 	if( i >= len-1 ) {
 	    char *pw2 = pw;
 	    len += 100;
 	    pw = m_alloc_secure( len );
 	    if( pw2 )
 		memcpy(pw, pw2, i );
 	    else
 		i=0;
 	}
 	if( read( fd, pw+i, 1) != 1 || pw[i] == '\n' )
 	    break;
    }
    pw[i] = 0;
    if( !opt.batch )
 	tty_printf("\b\b\b   \n" );
    m_free( fd_passwd );
    fd_passwd = pw;
 }
 /****************
 * Get a passphrase for the secret key with KEYID, display TEXT
 * if the user needs to enter the passphrase.
@ -140,26 +164,9 @@ passphrase_to_dek( u32 *keyid, int cipher_algo, STRING2KEY *s2k, int mode )
 	pw = next_pw;
 	next_pw = NULL;
    }
-    else if( pwfd != -1 ) { /* read the passphrase from the file */
+    else if( fd_passwd ) {
-	int i, len;
+	pw = m_alloc_secure( strlen(fd_passwd)+1 );
-
+	strcpy( pw, fd_passwd );
 	if( !opt.batch )
 	    tty_printf("Reading from file descriptor %d ...", pwfd );
 	for( pw = NULL, i = len = 100; ; i++ ) {
 	    if( i >= len-1 ) {
 		char *pw2 = pw;
 		len += 100;
 		pw = m_alloc_secure( len );
 		if( pw2 )
 		    memcpy(pw, pw2, i );
 		i=0;
 	    }
 	    if( read( pwfd, pw+i, 1) != 1 || pw[i] == '\n' )
 		break;
 	}
 	pw[i] = 0;
 	if( !opt.batch )
 	    tty_printf("\b\b\b   \n" );
    }
    else if( opt.batch )
 	log_fatal("Can't query password in batchmode\n");
@ -192,54 +199,69 @@ passphrase_to_dek( u32 *keyid, int cipher_algo, STRING2KEY *s2k, int mode )
 /****************
 * Hash a passphrase using the supplied s2k. If create is true, create
- * a new salt or whatelse must be filled into the s2k for a new key.
+ * a new salt or what else must be filled into the s2k for a new key.
 * always needs: dek->algo, s2k->mode, s2k->hash_algo.
 */
 static void
 hash_passphrase( DEK *dek, char *pw, STRING2KEY *s2k, int create )
 {
    MD_HANDLE md;
    int pass, i;
    int used = 0;
    int pwlen = strlen(pw);
    assert( s2k->hash_algo );
-    dek->keylen = 0;
+    dek->keylen = cipher_get_keylen( dek->algo ) / 8;
    if( !(dek->keylen > 0 && dek->keylen <= DIM(dek->key)) )
 	BUG();
    md = md_open( s2k->hash_algo, 1);
-    if( s2k->mode == 1 || s2k->mode == 3 ) {
+    for(pass=0; used < dek->keylen ; pass++ ) {
-	ulong count = 0;
+	if( pass ) {
-	int len = strlen(pw);
+	    md_reset(md);
-	int len2 = len + 8;
+	    for(i=0; i < pass; i++ ) /* preset the hash context */
-
+		md_putc(md, 0 );
 	if( create )
 	    randomize_buffer(s2k->salt, 8, 1);
 	if( s2k->mode == 3 ) {
 	    count = (16ul + (s2k->count & 15)) << ((s2k->count >> 4) + 6);
 	    log_debug("s2k iteration count=%lu\n", count );
 	}
-	for(;;) {
+
-	    md_write( md, s2k->salt, 8 );
+	if( s2k->mode == 1 || s2k->mode == 3 ) {
-	    md_write( md, pw, len );
+	    int len2 = pwlen + 8;
-	    if( count <= len2 )
+	    ulong count = len2;
-		break;
+
-	    count -= len2;
+	    if( create && !pass ) {
-	}
+		randomize_buffer(s2k->salt, 8, 1);
-	if( count ) {
+		if( s2k->mode == 3 )
-	    if( count < 8 ) {
+		    s2k->count = 96; /* = 56536 */
 		md_write( md, s2k->salt, count );
 	    }
 	    if( s2k->mode == 3 ) {
 		count = (16ul + (s2k->count & 15)) << ((s2k->count >> 4) + 6);
 		if( count < len2 )
 		    count = len2;
 	    }
 	    /* a little bit complicated because we need a ulong for count */
 	    while( count > len2 ) { /* maybe iterated+salted */
 		md_write( md, s2k->salt, 8 );
 		md_write( md, pw, pwlen );
 		count -= len2;
 	    }
 	    if( count < 8 )
 		md_write( md, s2k->salt, count );
 	    else {
 		md_write( md, s2k->salt, 8 );
 		count -= 8;
-		assert( count <= len );
+		assert( count >= 0 );
 		md_write( md, pw, count );
 	    }
 	}
 	else
 	    md_write( md, pw, pwlen );
 	md_final( md );
 	i = md_digest_length( s2k->hash_algo );
 	if( i > dek->keylen - used )
 	    i = dek->keylen - used;
 	memcpy( dek->key+used, md_read(md, s2k->hash_algo), i );
 	used += i;
    }
    else
 	md_write( md, pw, strlen(pw) );
    md_final( md );
    dek->keylen = cipher_get_keylen( dek->algo ) / 8;
    assert(dek->keylen > 0 && dek->keylen <= DIM(dek->key) );
    memcpy( dek->key, md_read(md,0), dek->keylen );
    md_close(md);
 }
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@ -182,7 +182,8 @@ do_we_trust( PKT_public_key *pk, int trustlevel )
    int rc;
    if( (trustlevel & TRUST_FLAG_REVOKED) ) {
-	log_info("key has been revoked!\n");
+	log_info("%08lX: key has been revoked!\n",
 					(ulong)keyid_from_pk( pk, NULL) );
 	if( opt.batch )
 	    return 0;
@ -209,12 +210,13 @@ do_we_trust( PKT_public_key *pk, int trustlevel )
 	return do_we_trust( pk, trustlevel );
      case TRUST_EXPIRED:
-	log_info("key has expired\n");
+	log_info("%08lX: key has expired\n", (ulong)keyid_from_pk( pk, NULL) );
 	return 0; /* no */
      case TRUST_UNDEFINED:
 	if( opt.batch || opt.answer_no )
-	    log_info("no info to calculate a trust probability\n");
+	    log_info("%08lX: no info to calculate a trust probability\n",
 					(ulong)keyid_from_pk( pk, NULL) );
 	else {
 	    rc = add_ownertrust( pk );
 	    if( !rc ) {
@ -229,12 +231,14 @@ do_we_trust( PKT_public_key *pk, int trustlevel )
 	return 0;
      case TRUST_NEVER:
-	log_info("We do NOT trust this key\n");
+	log_info("%08lX: We do NOT trust this key\n",
 					(ulong)keyid_from_pk( pk, NULL) );
 	return 0; /* no */
      case TRUST_MARGINAL:
-	log_info("I'm not sure whether this key really belongs to the owner\n"
+	log_info("%08lX: I'm not sure whether this key really belongs to the owner\n"
-		 "but I proceed anyway\n");
+		 "but I proceed anyway\n",
 					(ulong)keyid_from_pk( pk, NULL) );
 	return 1; /* yes */
      case TRUST_FULLY:
--- a/g10/seckey-cert.c
+++ b/g10/seckey-cert.c
@ -168,7 +168,7 @@ check_secret_key( PKT_secret_key *sk, int n )
 	if( i )
 	    log_error(_("Invalid passphrase; please try again ...\n"));
 	rc = do_check( sk );
-	if( get_passphrase_fd() != -1 )
+	if( have_static_passphrase() )
 	    break;
    }
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@ -152,8 +152,8 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest )
    u32 cur_time;
    if( pk->version == 4 && pk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) {
-	log_info("this is a PGP generated "
+	log_info(_("this is a PGP generated "
-		 "ElGamal key which is NOT secure for signatures!\n");
+		  "ElGamal key which is NOT secure for signatures!\n"));
 	return G10ERR_PUBKEY_ALGO;
    }
--- a/g10/status.c
+++ b/g10/status.c
@ -31,6 +31,9 @@
  #ifdef HAVE_SYS_SHM_H
    #include <sys/shm.h>
  #endif
  #if defined(HAVE_MLOCK)
    #include <sys/mman.h>
  #endif
 #endif
 #include "util.h"
 #include "status.h"
@ -142,11 +145,21 @@ init_shm_coprocessing ( ulong requested_shm_size, int lock_mem )
    log_info("mapped %uk shared memory at %p, id=%d\n",
 			    (unsigned)shm_size/1024, shm_area, shm_id );
    if( lock_mem ) {
      #ifdef IPC_HAVE_SHM_LOCK
 	if ( shmctl (shm_id, SHM_LOCK, 0) )
-	    log_info("Locking shared memory %d failed: %s\n",
+	    log_info("locking shared memory %d failed: %s\n",
 				shm_id, strerror(errno));
 	else
 	    shm_is_locked = 1;
      #elif defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK)
 	if ( mlock (shm_area, shm_size) )
 	    log_info("locking shared memory %d failed: %s\n",
 				shm_id, strerror(errno));
 	else
 	    shm_is_locked = 1;
      #else
 	log_info("Locking shared memory %d failed: No way to do it\n", shm_id );
      #endif
    }
@ -225,7 +238,7 @@ do_shm_get( const char *keyword, int hidden, int bool )
 static void
 display_help( const char *keyword )
 {
-    char *p;
+    const char *p;
    int hint = 0;
    tty_kill_prompt();
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@ -105,7 +105,7 @@ static TRUST_SEG_LIST last_trust_web_tslist;
 #define HEXTOBIN(a) ( (a) >= '0' && (a) <= '9' ? ((a)-'0') : \
 		      (a) >= 'A' && (a) <= 'F' ? ((a)-'A'+10) : ((a)-'a'+10))
-
+
 /**********************************************
 ************* list helpers *******************
 **********************************************/
@ -239,6 +239,8 @@ keyid_from_lid( ulong lid, u32 *keyid )
    return 0;
 }
 /****************
 * Walk through the signatures of a public key.
 * The caller must provide a context structure, with all fields set
@ -333,7 +335,7 @@ walk_sigrecs( SIGREC_CONTEXT *c, int create )
-
+
 /***********************************************
 *************	Trust  stuff  ******************
 ***********************************************/
@ -357,6 +359,10 @@ verify_own_keys()
 	if( DBG_TRUST )
 	    log_debug("key %08lX: checking secret key\n", (ulong)keyid[1] );
 	if( is_secret_key_protected( sk ) < 1 )
 	    log_info("note: secret key %08lX is NOT protected.\n",
 							    (ulong)keyid[1] );
 	/* see whether we can access the public key of this secret key */
 	memset( pk, 0, sizeof *pk );
 	rc = get_pubkey( pk, keyid );
@ -1204,7 +1210,7 @@ do_check( TRUSTREC *dr, unsigned *trustlevel )
    return 0;
 }
-
+
 /***********************************************
 ****************  API	************************
 ***********************************************/
@ -1564,6 +1570,8 @@ check_trustdb( const char *username )
    }
 }
 /****************
 * Get the trustlevel for this PK.
 * Note: This does not ask any questions
@ -1612,11 +1620,11 @@ check_trust( PKT_public_key *pk, unsigned *r_trustlevel )
 	    rc = insert_trust_record( pk );
 	    if( rc ) {
 		log_error(_("key %08lX: insert trust record failed: %s\n"),
-						keyid[1], g10_errstr(rc));
+					  (ulong)keyid[1], g10_errstr(rc));
 		goto leave;
 	    }
 	    log_info(_("key %08lX.%lu: inserted into trustdb\n"),
-					  keyid[1], pk->local_id );
+					  (ulong)keyid[1], pk->local_id );
 	    /* and re-read the dir record */
 	    if( tdbio_read_record( pk->local_id, &rec, RECTYPE_DIR ) ) {
 		log_error("check_trust: reread dir record failed\n");
@ -1628,14 +1636,14 @@ check_trust( PKT_public_key *pk, unsigned *r_trustlevel )
    if( pk->timestamp > cur_time ) {
 	log_info(_("key %08lX.%lu: created in future "
 		   "(time warp or clock problem)\n"),
-					  keyid[1], pk->local_id );
+					  (ulong)keyid[1], pk->local_id );
 	return G10ERR_TIME_CONFLICT;
    }
    if( pk->valid_days && add_days_to_timestamp(pk->timestamp,
 						pk->valid_days) < cur_time ) {
 	log_info(_("key %08lX.%lu: expired at %s\n"),
-			keyid[1], pk->local_id,
+			(ulong)keyid[1], pk->local_id,
 		    asctimestamp( add_days_to_timestamp(pk->timestamp,
 							pk->valid_days)));
 	 trustlevel = TRUST_EXPIRED;
@ -1644,7 +1652,7 @@ check_trust( PKT_public_key *pk, unsigned *r_trustlevel )
 	rc = do_check( &rec, &trustlevel );
 	if( rc ) {
 	    log_error(_("key %08lX.%lu: trust check failed: %s\n"),
-			    keyid[1], pk->local_id, g10_errstr(rc));
+			    (ulong)keyid[1], pk->local_id, g10_errstr(rc));
 	    return rc;
 	}
    }
--- a/include/cipher.h
+++ b/include/cipher.h
@ -106,10 +106,12 @@ int check_digest_algo( int algo );
 MD_HANDLE md_open( int algo, int secure );
 void md_enable( MD_HANDLE hd, int algo );
 MD_HANDLE md_copy( MD_HANDLE a );
 void md_reset( MD_HANDLE a );
 void md_close(MD_HANDLE a);
 void md_write( MD_HANDLE a, byte *inbuf, size_t inlen);
 void md_final(MD_HANDLE a);
 byte *md_read( MD_HANDLE a, int algo );
 int md_digest( MD_HANDLE a, int algo, byte *buffer, int buflen );
 int md_get_algo( MD_HANDLE a );
 int md_digest_length( int algo );
 const byte *md_asn_oid( int algo, size_t *asnlen, size_t *mdlen );
--- a/po/ChangeLog
+++ b/po/ChangeLog
@ -1,3 +1,11 @@
 Mon Sep 21 15:03:44 1998  Werner Koch  (wk@(none))
 	* it.po: New version from Marco d'Itri
 Mon Sep 21 09:28:54 1998  Werner Koch  (wk@(none))
 	* fr.po: New version from Gaël Quéri
 Tue Aug 11 12:28:11 1998  Werner Koch  (wk@(none))
 	* it.po: New file from Marco.
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@ -15,10 +15,12 @@ cipher/rand-w32.c
 # main program
 g10/g10.c
 g10/armor.c
 g10/pkclist.c
 g10/keygen.c
 g10/decrypt.c
 g10/encode.c
 g10/getkey.c
 g10/import.c
 g10/keyedit.c
 g10/keylist.c
--- a/po/de.po
+++ b/po/de.po
@ -298,19 +298,19 @@ msgid ""
 "Examples:\n"
 "\n"
 " -se -r Bob [file]          sign and encrypt for user Bob\n"
-" -sat [file]                make a clear text signature\n"
+" --clearsign [file]         make a clear text signature\n"
-" -sb  [file]                make a detached signature\n"
+" --detach-sign [file]       make a detached signature\n"
-" -k   [userid]              show keys\n"
+" --list-keys [names]        show keys\n"
-" -kc  [userid]              show fingerprint\n"
+" --fingerprint [names]      show fingerprint\n"
 msgstr ""
 "@\n"
 "Beispiele:\n"
 "\n"
 " -se -r Bob [file]          Signieren und verschlüsseln für Benutzer Bob\n"
-" -sat [file]                Eine Klartextsignatur erzeugen\n"
+" --clearsign [file]         Eine Klartextsignatur erzeugen\n"
-" -sb  [file]                Eine abgetrennte Signatur erzeugen\n"
+" --detach-sign [file]       Eine abgetrennte Signatur erzeugen\n"
-" -k   [userid]              Die Schlüssel anzeigen\n"
+" --list-keys [names]        Die Schlüssel anzeigen\n"
-" -kc  [userid]              Die \"Fingerabdrücke\" anzeigen\n"
+" --fingerprint [names]      Die \"Fingerabdrücke\" anzeigen\n"
 #: g10/g10.c:302
 msgid "Please report bugs to <gnupg-bugs@gnu.org>.\n"
--- a/po/fr.po
+++ b/po/fr.po
@ -2,15 +2,16 @@
 # Copyright (C) 1998 Free Software Foundation, Inc.
 # Gaël Quéri <gqueri@mail.dotcom.fr>, 1998.
 #
 #, fuzzy
 msgid ""
 msgstr ""
-"Project-Id-Version: gnupg-0.3.4\n"
+"Project-Id-Version: gnupg-0.4.0\n"
 "POT-Creation-Date: 1998-09-18 17:16+0200\n"
-"PO-Revision-Date: 1998-08-20 00:0000+0200\n"
+"PO-Revision-Date: 1998-09-17 03:14+0200\n"
 "Last-Translator: Gaël Quéri <gqueri@mail.dotcom.fr>\n"
 "Language-Team: French <fr@li.org>\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=iso8859-1\n"
 "Content-Transfer-Encoding: 8-bit\n"
 #: util/secmem.c:226
 msgid "Warning: using insecure memory!\n"
@ -52,7 +53,7 @@ msgid ""
 msgstr ""
 "\n"
 "Il n'y a pas assez d'octets aléatoires disponibles. Faites autre chose\n"
-"pur que l'OS puisse amasser plus d'entropie! (il faut %d octets de plus)\n"
+"pour que l'OS puisse amasser plus d'entropie! (il faut %d octets de plus)\n"
 #: g10/g10.c:143
 msgid ""
@ -120,7 +121,7 @@ msgstr "g
 #: g10/g10.c:163
 msgid "remove key from the public keyring"
-msgstr "enlever la clé du pore-clés public"
+msgstr "enlever la clé du porte-clés public"
 #: g10/g10.c:165
 msgid "sign or edit a key"
@ -156,15 +157,15 @@ msgstr "|[NOMS]|v
 #: g10/g10.c:177
 msgid "De-Armor a file or stdin"
-msgstr "Enlever l'armure d'un fichier ou de l'entrée standard"
+msgstr "Enlever l'armure d'un fichier ou de stdin"
 #: g10/g10.c:178
 msgid "En-Armor a file or stdin"
-msgstr "Mettre une armure à un fichier ou à l'entrée standard"
+msgstr "Mettre une armure à un fichier ou à stdin"
 #: g10/g10.c:179
 msgid "|algo [files]|print message digests"
-msgstr "|algo [fichiers]|indiquer les fonctions de hachage"
+msgstr "|alg. [fich.]|indiquer les fonctions de hachage"
 #: g10/g10.c:180
 msgid "print all message digests"
@ -263,7 +264,7 @@ msgstr "(3 par d
 #: g10/g10.c:213
 msgid "|file|load extension module"
-msgstr "|fichier|charger un module d'extension"
+msgstr "|fich|charger un module d'extension"
 #: g10/g10.c:214
 msgid "emulate the mode described in RFC1991"
@ -283,33 +284,31 @@ msgstr "|N|utiliser l'algorithme de compression N"
 #: g10/g10.c:219
 msgid "throw keyid field of encrypted packets"
-msgstr ""
+msgstr "enlever l'idendification de la clé des paquets cryptés"
 # encore un qui a lu Applied Cryptography ! (Bob)...
 #
 #: g10/g10.c:227
 msgid ""
 "@\n"
 "Examples:\n"
 "\n"
 " -se -r Bob [file]          sign and encrypt for user Bob\n"
-" -sat [file]                make a clear text signature\n"
+" --clearsign [file]         make a clear text signature\n"
-" -sb  [file]                make a detached signature\n"
+" --detach-sign [file]       make a detached signature\n"
-" -k   [userid]              show keys\n"
+" --list-keys [names]        show keys\n"
-" -kc  [userid]              show fingerprint\n"
+" --fingerprint [names]      show fingerprint\n"
 msgstr ""
 "@\n"
 "Exemples:\n"
 "\n"
-" -se -r Alice [fichier]    signer et crypter pour l'utilisateur Alice\n"
+" -se -r Alice [fichier]       signer et crypter pour l'utilisateur Alice\n"
-" -sat [fichier]            faire une signature en texte clair\n"
+" --clearsign [fichier]        faire une signature en texte clair\n"
-" -sb  [fichier]            faire une signature détachée\n"
+" --detach-sign [fichier]      faire une signature détachée\n"
-" -k   [utilisateur]        montrer les clés\n"
+" --list-keys [utilisateur]    montrer les clés\n"
-" -kc  [utilisateur]        montrer les empreintes\n"
+" --fingerprint [utilisateur]  montrer les empreintes\n"
 #: g10/g10.c:302
 msgid "Please report bugs to <gnupg-bugs@gnu.org>.\n"
-msgstr "Rapprter toutes anomalies à <gnupg-bugs@gnu.org>.\n"
+msgstr "Rapporter toutes anomalies à <gnupg-bugs@gnu.org>.\n"
 #: g10/g10.c:307
 msgid "Usage: gpgm [options] [files] (-h for help)"
@ -342,6 +341,8 @@ msgid ""
 "\n"
 "Supported algorithms:\n"
 msgstr ""
 "\n"
 "Algorithmes supportés:\n"
 #: g10/g10.c:398
 msgid "usage: gpgm [options] "
@ -474,8 +475,8 @@ msgid ""
 "RSA keys are deprecated; please consider creating a new key and use this key "
 "in the future\n"
 msgstr ""
-"Les clés RSA sont déconseillées: considérez créer une nouvelle clé "
+"Les clés RSA sont déconseillées: considérez créer une nouvelle clé et "
-"etl'utiliser dans l'avenir\n"
+"l'utiliser dans l'avenir\n"
 #: g10/pkclist.c:71
 #, c-format
@ -520,6 +521,10 @@ msgstr "sSmM"
 #: g10/pkclist.c:99
 msgid "edit_ownertrust.value"
 msgstr ""
 "C'est à vous d'assigner une valeur ici; cette valeur ne sera jamais\n"
 "exportée à une tierce personne. Nous en avons besoin pour créer le;\n"
 "réseau de confiance (web-of-trust); cela n'a rien à voir avec le\n"
 "réseau de certificats (créé implicitement)"
 #: g10/pkclist.c:99
 msgid "Your decision? "
@ -549,6 +554,7 @@ msgstr ""
 #: g10/pkclist.c:189
 msgid "revoked_key.override"
 msgstr ""
 "Si vous voulez utiliser cette clé révoquée quand-même, répondez \"oui\"."
 #: g10/pkclist.c:190 g10/pkclist.c:277
 msgid "Use this key anyway? "
@ -569,6 +575,7 @@ msgstr ""
 #: g10/pkclist.c:276
 msgid "untrusted_key.override"
 msgstr ""
 "Si vous voulez utiliser cette clé peu sûre quand-même, répondez \"oui\"."
 #: g10/pkclist.c:281
 msgid "WARNING: Using untrusted key!\n"
@ -625,7 +632,7 @@ msgstr ""
 #: g10/pkclist.c:423
 msgid "pklist.user_id.enter"
-msgstr ""
+msgstr "Entrez le nom de l'adresse à qui vous voulez envoyer le message."
 #: g10/pkclist.c:424
 msgid "Enter the user ID: "
@ -690,7 +697,7 @@ msgstr "   (%d) ElGamal dans un paquet v3\n"
 #: g10/keygen.c:393
 msgid "keygen.algo"
-msgstr ""
+msgstr "Sélectionnez l'algorithme à utiliser:"
 #: g10/keygen.c:393
 msgid "Your selection? "
@ -750,8 +757,8 @@ msgid ""
 "Okay, but keep in mind that your monitor and keyboard radiation is also very "
 "vulnerable to attacks!\n"
 msgstr ""
-"D'accord, mais n'oubliez pas que votre écran et les radiations du "
+"D'accord, mais n'oubliez pas que votre écran et les radiations du clavier "
-"claviersont aussi vulnérables aux attaques! :)\n"
+"sont aussi très vulnérables aux attaques!\n"
 #: g10/keygen.c:459
 msgid "keygen.size.large.okay"
@ -815,7 +822,7 @@ msgstr ""
 #: g10/keygen.c:525
 msgid "Is this correct (y/n)? "
-msgstr "Est-ce correct (y/n)? "
+msgstr "Est-ce correct (o/n)? "
 #: g10/keygen.c:553
 msgid ""
@ -827,8 +834,8 @@ msgid ""
 "\n"
 msgstr ""
 "\n"
-"Vous avez besoin d'un nom d'utilisateur pour identifier votre clé; "
+"Vous avez besoin d'un nom d'utilisateur pour identifier votre clé; le "
-"leprogramme le construit à partir du nom réel, d'un commentaire et d'une\n"
+"programme le construit à partir du nom réel, d'un commentaire et d'une\n"
 "adresse e-mail de cette manière:\n"
 "   \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de\"\n"
 "\n"
@ -895,6 +902,11 @@ msgstr "NnCcEeOoQq"
 #: g10/keygen.c:638
 msgid "keygen.userid.cmd"
 msgstr ""
 "N pour changer le nom.\n"
 "C pour changer le commentaire.\n"
 "E pour changer l'adresse e-mail.\n"
 "O pour continuer à générer la clé.\n"
 "Q pour arrêter de générer de clé."
 #: g10/keygen.c:639
 msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
@ -931,9 +943,9 @@ msgid ""
 "network and the disks) during the prime generation; this gives the random\n"
 "number generator a better chance to gain enough entropy.\n"
 msgstr ""
-"On doit générer beaucoup d'octets aléatoires. C'est une bonne idée de\n"
+"Beaucoup d'octets aléatoires doivent être générés. Vous devriez\n"
 "faire autre chose (travailler dans une autre fenêtre, bouger la souris,\n"
-"utiliser le réseau et les disques) pendant la géneration de nombres\n"
+"utiliser le réseau et les disques) pendant la génération de nombres\n"
 "premiers; cela permet au générateur de nombres aléatoires de gagner assez\n"
 "d'entropie plus facilement.\n"
@ -943,7 +955,7 @@ msgstr "La g
 #: g10/keygen.c:796
 msgid "DSA keypair will have 1024 bits.\n"
-msgstr "La paire de clés DSA aura 1024 bits.\n"
+msgstr "La paire de clés DSA fera 1024 bits.\n"
 #: g10/keygen.c:802
 msgid "Key generation cancelled.\n"
@ -979,7 +991,7 @@ msgstr "La g
 #: g10/keygen.c:967
 msgid "keygen.sub.okay"
-msgstr ""
+msgstr "Répondez \"oui\" (ou simplement \"o\") pour générer la sous-clé"
 #: g10/keygen.c:968
 msgid "Really create? "
@ -1315,7 +1327,7 @@ msgid ""
 "You don't want a passphrase - this is probably a *bad* idea!\n"
 "\n"
 msgstr ""
-"Vous ne voulez pas de mot de passa - cela est certainement une *mauvaise* "
+"Vous ne voulez pas de mot de passe - cela est certainement une *mauvaise* "
 "idée\n"
 #: g10/keyedit.c:385
@ -1499,7 +1511,7 @@ msgstr "La cl
 #: g10/keyedit.c:522
 msgid "keyedit.cmd"
-msgstr ""
+msgstr "Entrez \"aide\" s'il vous plaît."
 #: g10/keyedit.c:522
 msgid "Command> "
@ -1642,11 +1654,13 @@ msgstr ""
 #: g10/passphrase.c:126
 #, c-format
 msgid "(%u-bit %s key, ID %08lX, created %s)\n"
-msgstr "(clé de %u bits, ID %08lX, créée le %s)\n"
+msgstr "(clé de %u bits %s, ID %08lX, créée le %s)\n"
 #: g10/passphrase.c:167
 msgid "passphrase.enter"
 msgstr ""
 "Entrez le mot de passe; c'est une phrase secrète \n"
 "  Blurb, blurb,.... "
 #: g10/passphrase.c:167
 msgid "Enter pass phrase: "
@ -1655,6 +1669,7 @@ msgstr "Entrez le mot de passe: "
 #: g10/passphrase.c:170
 msgid "passphrase.repeat"
 msgstr ""
 "Répétez le dernier mot de passe, pour être sûr de ce que vous avez tapé."
 #: g10/passphrase.c:171
 msgid "Repeat pass phrase: "
@ -1684,7 +1699,7 @@ msgstr "Mot de passe invalide; r
 #: g10/seckey-cert.c:215
 msgid "Warning: Weak key detected - please change passphrase again.\n"
-msgstr ""
+msgstr "Attention: Mauvaise clé détectée - changez encore le mot de passe.\n"
 #: g10/sig-check.c:165
 msgid "public key created in future (time warp or clock problem)\n"
@ -1772,11 +1787,11 @@ msgstr "Pas d'aide disponible pour '%s'"
 #: g10/pubkey-enc.c:78
 #, c-format
 msgid "anonymous receiver; trying secret key %08lX ...\n"
-msgstr ""
+msgstr "destinataire anonyme; essai de la clé secrète %08lX ...\n"
 #: g10/pubkey-enc.c:84
 msgid "okay, we are the anonymous receiver.\n"
-msgstr ""
+msgstr "d'accord, nous sommes le destinataire anonyme.\n"
 #: g10/pubkey-enc.c:183
 #, c-format
@ -1796,33 +1811,22 @@ msgstr ""
 #: g10/openfile.c:60
 msgid "Overwrite (y/N)? "
-msgstr "Réécrire (y/N)? "
+msgstr "Réécrire (o/N)? "
 #: g10/encr-data.c:74
 msgid ""
 "Warning: Message was encrypted with a weak key in the symmetric cipher.\n"
 msgstr ""
 "Attention: Le message a été crypté avec une mauvaise clé pendant le\n"
 "chiffrement symétrique.\n"
 #: g10/seskey.c:52
 msgid "weak key created - retrying\n"
-msgstr ""
+msgstr "mauvais clé générée - nouvel essai\n"
 #: g10/seskey.c:57
 #, c-format
 msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
 msgstr ""
-
+"ne peut éviter une mauvaise clé pour le chiffrement symétrique: \n"
-#~ msgid "there is a secret key for this public key!\n"
+"%d essais ont eu lieu!\n"
 #~ msgstr "il y a une clé secrète pour cette clé publique!\n"
 #~ msgid "use option \"--delete-secret-key\" to delete it first.\n"
 #~ msgstr "utilisez l'option \"--delete-secret-key\" pour l'effacer d'abort.\n"
 #~ msgid "can't do that in batchmode without \"--yes\"\n"
 #~ msgstr "ne peut faire cela en mode automatique sans \"--yes\"\n"
 #~ msgid "Delete this key from the keyring? "
 #~ msgstr "Effacer cette clé du porte-clés? "
 #~ msgid "This is a secret key! - really delete? "
 #~ msgstr "C'est une clé secrète! - effacer réellement? "
--- a/po/it.po
+++ b/po/it.po
@ -1,12 +1,16 @@
 # SOME DESCRIPTIVE TITLE.
 # Copyright (C) YEAR Free Software Foundation, Inc.
 # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
 #
 msgid ""
 msgstr ""
-"POT-Creation-Date: 1998-09-18 17:16+0200\n"
+"Project-Id-Version: gnupg-0.4.0\n"
 "PO-Revision-Date: 1998-09-20 16:15+02:00\n"
 "Last-Translator: Marco d'Itri <md@linux.it>\n"
 "Language-Team: Italian <it@li.org>\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=iso-8859-1\n"
-"Date: 1998-03-07 12:16:14+0100\n"
+"Content-Transfer-Encoding: 8bit\n"
 "From: Marco d'Itri <md@linux.it>\n"
 "Xgettext-Options: --default-domain=gnupg --directory=.. --add-comments "
 "--keyword=_ --keyword=N_ --files-from=./POTFILES.in\n"
 "Files: util/secmem.c cipher/random.c g10/g10.c g10/pkclist.c g10/keygen.c\n"
 #: util/secmem.c:226
 msgid "Warning: using insecure memory!\n"
@ -277,7 +281,7 @@ msgstr "|N|usa l'algoritmo di compressione N"
 #: g10/g10.c:219
 msgid "throw keyid field of encrypted packets"
-msgstr ""
+msgstr "elimina il campo keyid dei pacchetti crittografati"
 #: g10/g10.c:227
 msgid ""
@ -285,19 +289,19 @@ msgid ""
 "Examples:\n"
 "\n"
 " -se -r Bob [file]          sign and encrypt for user Bob\n"
-" -sat [file]                make a clear text signature\n"
+" --clearsign [file]         make a clear text signature\n"
-" -sb  [file]                make a detached signature\n"
+" --detach-sign [file]       make a detached signature\n"
-" -k   [userid]              show keys\n"
+" --list-keys [names]        show keys\n"
-" -kc  [userid]              show fingerprint\n"
+" --fingerprint [names]      show fingerprint\n"
 msgstr ""
 "@\n"
 "Esempi:\n"
 "\n"
 " -se -r Bob [file]          firma e cifra per l'utente Bob\n"
-" -sat [file]                fai una firma mantenendo il testo in chiaro\n"
+" --clearsign [file]         fai una firma mantenendo il testo in chiaro\n"
-" -sb  [file]                fai una firma separata\n"
+" --detach-sign [file]       fai una firma separata\n"
-" -k   [userid]              mostra le chiavi\n"
+" --list-keys [names]        mostra le chiavi\n"
-" -kc  [userid]              mostra le impronte digitali\n"
+" --fingerprint [names]      mostra le impronte digitali\n"
 #: g10/g10.c:302
 msgid "Please report bugs to <gnupg-bugs@gnu.org>.\n"
@ -333,7 +337,7 @@ msgstr ""
 msgid ""
 "\n"
 "Supported algorithms:\n"
-msgstr ""
+msgstr "\nAlgoritmi gestiti:\n"
 #: g10/g10.c:398
 msgid "usage: gpgm [options] "
@ -347,19 +351,16 @@ msgstr "uso: gpg [options] "
 msgid "conflicting commands\n"
 msgstr "comandi in conflitto\n"
 # , c-format
 #: g10/g10.c:547
 #, c-format
 msgid "note: no default option file '%s'\n"
 msgstr "nota: nessun file con opzioni predefinite '%s'\n"
 # , c-format
 #: g10/g10.c:551
 #, c-format
 msgid "option file '%s': %s\n"
 msgstr "file con opzioni predefinite '%s': %s\n"
 # , c-format
 #: g10/g10.c:558
 #, c-format
 msgid "reading options from '%s'\n"
@ -373,7 +374,6 @@ msgstr "l'algoritmo di cifratura selezionato non
 msgid "selected digest algorithm is invalid\n"
 msgstr "l'algoritmo di digest selezionato non è valido\n"
 # , c-format
 #: g10/g10.c:746
 #, c-format
 msgid "compress algorithm must be in range %d..%d\n"
@ -387,7 +387,6 @@ msgstr "completes-needed deve essere maggiore di 0\n"
 msgid "marginals-needed must be greater than 1\n"
 msgstr "marginals-needed deve essere maggiore di 1\n"
 # , c-format
 #: g10/g10.c:833
 #, c-format
 msgid "failed to initialize the TrustDB: %s\n"
@ -433,7 +432,6 @@ msgstr "--delete-secret-key nomeutente"
 msgid "--delete-key username"
 msgstr "--delete-key nomeutente"
 # , c-format
 #: g10/encode.c:211 g10/g10.c:950 g10/keylist.c:79
 #, c-format
 msgid "can't open %s: %s\n"
@ -443,19 +441,16 @@ msgstr "impossibile aprire '%s': %s\n"
 msgid "-k[v][v][v][c] [userid] [keyring]"
 msgstr "-k[v][v][v][c] [userid] [portachiavi]"
 # , c-format
 #: g10/g10.c:1016
 #, c-format
 msgid "dearmoring failed: %s\n"
 msgstr "rimozione dell'armatura fallita: %s\n"
 # , c-format
 #: g10/g10.c:1024
 #, c-format
 msgid "enarmoring failed: %s\n"
 msgstr "creazione dell'armatura fallita: %s\n"
 # , c-format
 #: g10/g10.c:1085
 #, c-format
 msgid "invalid hash algorithm '%s'\n"
@ -465,7 +460,6 @@ msgstr "algoritmo di hash non valido '%s'\n"
 msgid "[filename]"
 msgstr "[nomefile]"
 # , c-format
 #: g10/decrypt.c:59 g10/g10.c:1157 g10/verify.c:66
 #, c-format
 msgid "can't open '%s'\n"
@ -479,7 +473,6 @@ msgstr ""
 "L'uso di chiavi RSA è deprecato; per favore in futuro considera di creare e\n"
 "usare una nuova chiave.\n"
 # , c-format
 #: g10/pkclist.c:71
 #, c-format
 msgid ""
@ -513,7 +506,7 @@ msgstr ""
 #: g10/pkclist.c:90
 msgid " m = back to the main menu\n"
-msgstr ""
+msgstr " m = ritorna al menù principale\n"
 # valid user replies (not including 1..4)
 # [Marco, you can change 'm' and 's' to whatever letters you like]
@ -666,31 +659,26 @@ msgstr "scrittura della autofirma\n"
 msgid "Please select what kind of key you want:\n"
 msgstr "Per favore scegli che tipo di chiave vuoi:\n"
 # , c-format
 #: g10/keygen.c:385
 #, c-format
 msgid "   (%d) DSA and ElGamal (default)\n"
 msgstr "   (%d) DSA e ElGamal (default)\n"
 # , c-format
 #: g10/keygen.c:386
 #, c-format
 msgid "   (%d) ElGamal (sign and encrypt)\n"
 msgstr "   (%d) ElGamal (firma e crittografa)\n"
 # , c-format
 #: g10/keygen.c:387
 #, c-format
 msgid "   (%d) ElGamal (encrypt only)\n"
 msgstr "   (%d) ElGamal (crittografa solo)\n"
 # , c-format
 #: g10/keygen.c:388
 #, c-format
 msgid "   (%d) DSA (sign only)\n"
 msgstr "   (%d) DSA (firma solo)\n"
 # , c-format
 #: g10/keygen.c:389
 #, c-format
 msgid "   (%d) ElGamal in a v3 packet\n"
@ -708,7 +696,6 @@ msgstr "Cosa scegli? "
 msgid "Invalid selection.\n"
 msgstr "Scelta non valida.\n"
 # , c-format
 #: g10/keygen.c:431
 #, c-format
 msgid ""
@ -751,9 +738,8 @@ msgid "keygen.size.huge.okay"
 msgstr ""
 #: g10/keygen.c:451
 #, fuzzy
 msgid "Are you sure that you want this keysize? "
-msgstr "Sei sicuro che vuoi una chiave di queste dimensioni? "
+msgstr "Sei sicuro di volere una chiave di queste dimensioni? "
 #: g10/keygen.c:452
 msgid ""
@ -771,13 +757,11 @@ msgstr ""
 msgid "Do you really need such a large keysize? "
 msgstr "Ti serve davvero una chiave così lunga? "
 # , c-format
 #: g10/keygen.c:466
 #, c-format
 msgid "Requested keysize is %u bits\n"
 msgstr "Le dimensioni della chiave richieste sono %u bit\n"
 # , c-format
 #: g10/keygen.c:469 g10/keygen.c:473
 #, c-format
 msgid "rounded up to %u bits\n"
@ -814,7 +798,6 @@ msgstr "valore non valido\n"
 msgid "Key does not expire at all\n"
 msgstr "La chiave non scade\n"
 # , c-format
 #. print the date when the key expires
 #: g10/keygen.c:519
 #, c-format
@ -889,7 +872,6 @@ msgstr "Commento: "
 msgid "Invalid character in comment\n"
 msgstr "Carattere non valido nel commento\n"
 # , c-format
 #: g10/keygen.c:626
 #, c-format
 msgid ""
@ -910,7 +892,6 @@ msgid "keygen.userid.cmd"
 msgstr ""
 #: g10/keygen.c:639
 #, fuzzy
 msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
 msgstr "Modifica (N)ome, (C)ommento, (E)mail oppure (O)kay/(Q)uit? "
@ -964,13 +945,11 @@ msgstr "La coppia DSA avr
 msgid "Key generation cancelled.\n"
 msgstr "Generazione della chiave annullata.\n"
 # , c-format
 #: g10/keygen.c:812
 #, c-format
 msgid "writing public certificate to '%s'\n"
 msgstr "scrittura del certificato pubblico in '%s'\n"
 # , c-format
 #: g10/keygen.c:813
 #, c-format
 msgid "writing secret certificate to '%s'\n"
@ -989,7 +968,6 @@ msgstr ""
 "vorrai usare il comando \"--add-key\" per generare una chiave secondaria\n"
 "per questo scopo.\n"
 # , c-format
 #: g10/keygen.c:906 g10/keygen.c:990
 #, c-format
 msgid "Key generation failed: %s\n"
@ -1003,7 +981,6 @@ msgstr ""
 msgid "Really create? "
 msgstr "Crea davvero? "
 # , c-format
 #: g10/encode.c:87
 #, c-format
 msgid "%s: can't open: %s\n"
@ -1019,7 +996,6 @@ msgstr "errore nella creazione della passhprase: %s\n"
 msgid "%s: warning: empty file\n"
 msgstr "%s: attenzione: file vuoto\n"
 # , c-format
 #: g10/encode.c:217
 #, c-format
 msgid "reading from '%s'\n"
@ -1030,7 +1006,6 @@ msgstr "lettura da '%s'\n"
 msgid "%s encrypted for: %s\n"
 msgstr "%s crittografato per: %s\n"
 # , c-format
 #: g10/import.c:105 g10/trustdb.c:1342
 #, c-format
 msgid "can't open file: %s\n"
@ -1058,7 +1033,7 @@ msgstr "chiave %08lX: nessun user id valido\n"
 #: g10/import.c:283
 msgid "this may be caused by a missing self-signature\n"
-msgstr ""
+msgstr "questo può essere causato da una autofirma mancante\n"
 #: g10/import.c:291 g10/import.c:508
 #, c-format
@ -1069,19 +1044,16 @@ msgstr "chiave %08lX: chiave pubblica non trovata: %s\n"
 msgid "no default public keyring\n"
 msgstr "nessun portachiavi pubblico predefinito\n"
 # , c-format
 #: g10/import.c:301
 #, c-format
 msgid "writing to '%s'\n"
 msgstr "scrittura in '%s'\n"
 # , c-format
 #: g10/import.c:305 g10/import.c:359 g10/import.c:562
 #, c-format
 msgid "can't lock public keyring: %s\n"
 msgstr "impossibile bloccare il portachiavi pubblico: %s\n"
 # , c-format
 #: g10/import.c:308
 #, c-format
 msgid "can't write to keyring: %s\n"
@ -1112,7 +1084,6 @@ msgstr "chiave %08lX: impossibile leggere il keyblock originale: %s\n"
 msgid "writing keyblock\n"
 msgstr "scrittura del keyblock\n"
 # , c-format
 #: g10/import.c:362 g10/import.c:565
 #, c-format
 msgid "can't write keyblock: %s\n"
@ -1308,7 +1279,6 @@ msgstr ""
 msgid "Really sign? "
 msgstr "Firmo davvero? "
 # , c-format
 #: g10/keyedit.c:295
 #, c-format
 msgid "signing failed: %s\n"
@ -1322,7 +1292,6 @@ msgstr "Questa chiave non
 msgid "Key is protected.\n"
 msgstr "La chiave è protetta.\n"
 # , c-format
 #: g10/keyedit.c:366
 #, c-format
 msgid "Can't edit this key: %s\n"
@ -1510,7 +1479,7 @@ msgstr ""
 #: g10/keyedit.c:465
 msgid "change the ownertrust"
-msgstr ""
+msgstr "cambia il valore di fiducia"
 #: g10/keyedit.c:483
 msgid "can't do that in batchmode\n"
@ -1550,13 +1519,11 @@ msgstr ""
 msgid "Quit without saving? "
 msgstr "Esco senza salvare? "
 # , c-format
 #: g10/keyedit.c:580
 #, c-format
 msgid "update failed: %s\n"
 msgstr "aggiornamento fallito: %s\n"
 # , c-format
 #: g10/keyedit.c:587
 #, c-format
 msgid "update secret failed: %s\n"
@ -1628,13 +1595,11 @@ msgstr "Nessun user id con l'indice %d\n"
 msgid "No secondary key with index %d\n"
 msgstr "Nessuna chiave secondaria con l'indice %d\n"
 # , c-format
 #: g10/mainproc.c:198
 #, c-format
 msgid "public key decryption failed: %s\n"
 msgstr "Decifratura della chiave pubblica fallita: %s\n"
 # , c-format
 #: g10/mainproc.c:228
 #, c-format
 msgid "decryption failed: %s\n"
@ -1659,20 +1624,19 @@ msgid "Can't check signature: %s\n"
 msgstr "Impossibile controllare la firma: %s\n"
 #: g10/passphrase.c:117
 #, fuzzy
 msgid ""
 "\n"
 "You need a passphrase to unlock the secret key for\n"
 "user: \""
 msgstr ""
 "Ti serve una passphrase per proteggere la tua chiave segreta.\n"
 "\n"
 "Ti serve una passphrase per sbloccare la chiave segreta\n"
 "dell'utente: \""
 #  "(chiave %s di %u-bit, ID %08lX, creata il %s)\n"
 #: g10/passphrase.c:126
 #, c-format
 msgid "(%u-bit %s key, ID %08lX, created %s)\n"
-msgstr "(%u-bit, chiave %s, ID %08lX, creata il %s)\n"
+msgstr "(chiave %2$s di %1$u-bit, ID %3$08lX, creata il %4$s)\n"
 #: g10/passphrase.c:167
 msgid "passphrase.enter"
@ -1698,16 +1662,15 @@ msgstr ""
 msgid "Please enter name of data file: "
 msgstr "Inserisci il nome del file di dati: "
 # , c-format
 #: g10/plaintext.c:295
 #, c-format
 msgid "can't open signed data '%s'\n"
 msgstr "impossibile aprire i dati firmati '%s'\n"
 #: g10/seckey-cert.c:56
-#, fuzzy, c-format
+#, c-format
 msgid "protection algorithm %d is not supported\n"
-msgstr "nota: algoritmo di cifratura %d non trovato nelle impostazioni\n"
+msgstr "l'algoritmo di protezione %d non è gestito\n"
 #: g10/seckey-cert.c:169
 msgid "Invalid passphrase; please try again ...\n"
@ -1716,6 +1679,8 @@ msgstr "Passphrase non valida; riprova...\n"
 #: g10/seckey-cert.c:215
 msgid "Warning: Weak key detected - please change passphrase again.\n"
 msgstr ""
 "Attenzione: individuata una chiave debole - per favore cambia ancora la\n"
 "passphrase.\n"
 #: g10/sig-check.c:165
 msgid "public key created in future (time warp or clock problem)\n"
@ -1728,43 +1693,41 @@ msgstr ""
 msgid "warning: signature key expired %s\n"
 msgstr "attenzione: firma della chiave scaduta il %s\n"
 # , c-format
 #: g10/trustdb.c:316
 #, c-format
 msgid "error reading sigrec: %s\n"
-msgstr ""
+msgstr "errore leggendo la sigrec: %s\n"
 #: g10/trustdb.c:321
 #, c-format
 msgid "chained sigrec %lu has a wrong owner\n"
-msgstr ""
+msgstr "la chained sigrec %lu ha il proprietario sbagliato\n"
 #: g10/trustdb.c:364
 #, c-format
 msgid "key %08lX: secret key without public key\n"
-msgstr "key %08lX: chiave segreta senza chiave pubblica\n"
+msgstr "chiave %08lX: chiave segreta senza chiave pubblica\n"
 #: g10/trustdb.c:369
 #, c-format
 msgid "key %08lX: secret and public key don't match\n"
-msgstr "key %08lX: le chiavi segreta e pubblica non corrispondono\n"
+msgstr "chiave %08lX: le chiavi segreta e pubblica non corrispondono\n"
 #: g10/trustdb.c:380
 #, c-format
 msgid "key %08lX: can't put it into the trustdb\n"
-msgstr "key %08lX: impossibile metterla nel trustdb\n"
+msgstr "chiave %08lX: impossibile metterla nel trustdb\n"
 #: g10/trustdb.c:386
 #, c-format
 msgid "key %08lX: query record failed\n"
-msgstr "key %08lX: richiesta del record fallita\n"
+msgstr "chiave %08lX: richiesta del record fallita\n"
 #: g10/trustdb.c:395
 #, c-format
 msgid "key %08lX: already in ultikey_table\n"
-msgstr "key %08lX: già in ultikey_table\n"
+msgstr "chiave %08lX: già in ultikey_table\n"
 # , c-format
 #: g10/trustdb.c:402
 #, c-format
 msgid "enum_secret_keys failed: %s\n"
@ -1773,30 +1736,29 @@ msgstr "enum_secret_keys fallito: %s\n"
 #: g10/trustdb.c:1614
 #, c-format
 msgid "key %08lX: insert trust record failed: %s\n"
-msgstr "key %08lX: inserimento del record della fiducia fallito: %s\n"
+msgstr "chiave %08lX: inserimento del record della fiducia fallito: %s\n"
 #: g10/trustdb.c:1618
 #, c-format
 msgid "key %08lX.%lu: inserted into trustdb\n"
-msgstr "key %08lX.%lu: inserita nel trustdb\n"
+msgstr "chiave %08lX.%lu: inserita nel trustdb\n"
 #: g10/trustdb.c:1629
 #, c-format
 msgid "key %08lX.%lu: created in future (time warp or clock problem)\n"
 msgstr ""
-"key %08lX.%lu: creata nel futuro (salto nel tempo o problema\n"
+"chiave %08lX.%lu: creata nel futuro (salto nel tempo o problema\n"
 "con l'orologio)\n"
 # , c-format
 #: g10/trustdb.c:1637
 #, c-format
 msgid "key %08lX.%lu: expired at %s\n"
-msgstr "key %08lX.%lu: scaduta il %s\n"
+msgstr "chiave %08lX.%lu: scaduta il %s\n"
 #: g10/trustdb.c:1646
 #, c-format
 msgid "key %08lX.%lu: trust check failed: %s\n"
-msgstr "key %08lX.%lu: controllo della fiducia fallito: %s\n"
+msgstr "chiave %08lX.%lu: controllo della fiducia fallito: %s\n"
 #: g10/status.c:233
 msgid "No help available"
@ -1810,11 +1772,11 @@ msgstr "Nessun aiuto disponibile per '%s'"
 #: g10/pubkey-enc.c:78
 #, c-format
 msgid "anonymous receiver; trying secret key %08lX ...\n"
-msgstr ""
+msgstr "ricevente anonimo; provo la chiave segreta %08lX ...\n"
 #: g10/pubkey-enc.c:84
 msgid "okay, we are the anonymous receiver.\n"
-msgstr ""
+msgstr "Bene, siamo il ricevente anonimo.\n"
 #: g10/pubkey-enc.c:183
 #, c-format
@ -1825,7 +1787,7 @@ msgstr "nota: algoritmo di cifratura %d non trovato nelle impostazioni\n"
 #: g10/openfile.c:58
 #, c-format
 msgid "File '%s' exists. "
-msgstr ""
+msgstr "Il file '%s' esiste. "
 #: g10/openfile.c:59
 msgid "openfile.overwrite.okay"
@ -1833,36 +1795,22 @@ msgstr ""
 #: g10/openfile.c:60
 msgid "Overwrite (y/N)? "
-msgstr ""
+msgstr "Sovrascrivo (y/N)? "
 #: g10/encr-data.c:74
 msgid ""
 "Warning: Message was encrypted with a weak key in the symmetric cipher.\n"
 msgstr ""
 "Attenzione: il messaggio era stato crittografato usando una chiave debole\n"
 "per il cifrario simmetrico\n"
 #: g10/seskey.c:52
 msgid "weak key created - retrying\n"
-msgstr ""
+msgstr "creata una chiave debole - riprovo\n"
 #: g10/seskey.c:57
 #, c-format
 msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
 msgstr ""
-
+"Impossibile evitare una chiave debole per il cifrario simmetrico;\n"
-#~ msgid "do not make any changes"
+"ho provato %d volte!\n"
 #~ msgstr "non fare cambiamenti"
 #~ msgid "there is a secret key for this public key!\n"
 #~ msgstr "c'è una chiave segreta per questa chiave pubblica!\n"
 #~ msgid "use option \"--delete-secret-key\" to delete it first.\n"
 #~ msgstr "prima usa l'opzione \"--delete-secret-key\" per cancellarla.\n"
 #~ msgid "can't do that in batchmode without \"--yes\"\n"
 #~ msgstr "impossibile fare questo in batch mode senza \"--yes\"\n"
 #~ msgid "Delete this key from the keyring? "
 #~ msgstr "Cancello questa chiave dal portachiavi? "
 #~ msgid "This is a secret key! - really delete? "
 #~ msgstr "Questa è una chiave segreta! - la cancello davvero? "
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@ -1,6 +1,6 @@
 ## Process this file with automake to produce Makefile.in
-INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl -I../intl
+INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl
 needed_libs = ../cipher/libcipher.a  ../util/libutil.a \
 	      ../mpi/libmpi.a ../util/libutil.a
@ -20,5 +20,5 @@ bftest_LDADD = @INTLLIBS@  $(needed_libs)
 shmtest_LDADD = @INTLLIBS@ $(needed_libs)
-mpicalc bftest: $(needed_libs)
+mpicalc bftest shmtest: $(needed_libs)
--- a/util/ChangeLog
+++ b/util/ChangeLog
@ -1,3 +1,7 @@
 Mon Sep 21 19:45:01 1998  Werner Koch  (wk@(none))
 	* secmem.c: New flags to allow suspend/resume of warnings.
 Fri Sep 18 16:25:47 1998  Werner Koch  (wk@(none))
 	* secmem.c (lock_pool): Kludge for broken mlock on HPUX 10.20
--- a/util/secmem.c
+++ b/util/secmem.c
@ -67,6 +67,16 @@ static unsigned cur_blocks;
 static int disable_secmem;
 static int show_warning;
 static int no_warning;
 static int suspend_warning;
 static void
 print_warn()
 {
    if( !no_warning )
 	log_info(_("Warning: using insecure memory!\n"));
 }
 static void
 lock_pool( void *p, size_t n )
@ -78,8 +88,10 @@ lock_pool( void *p, size_t n )
    uid = getuid();
  #ifdef HAVE_BROKEN_MLOCK
-    if( uid )
+    if( uid ) {
-	err = EPERM;
+	errno = EPERM;
 	err = errno;
    }
    else {
 	err = mlock( p, n );
 	if( err && errno )
@ -179,13 +191,26 @@ compress_pool(void)
 void
 secmem_set_flags( unsigned flags )
 {
    int was_susp = suspend_warning;
    no_warning = flags & 1;
    suspend_warning = flags & 2;
    /* and now issue the warning if it is not longer suspended */
    if( was_susp && !suspend_warning && show_warning ) {
 	show_warning = 0;
 	print_warn();
    }
 }
 unsigned
 secmem_get_flags(void)
 {
-    return no_warning ? 1:0;
+    unsigned flags;
    flags  = no_warning      ? 1:0;
    flags |= suspend_warning ? 2:0;
    return flags;
 }
 void
@ -220,10 +245,9 @@ secmem_malloc( size_t size )
    if( !pool_okay )
 	log_bug("secmem not initialized\n");
-    if( show_warning ) {
+    if( show_warning && !suspend_warning ) {
 	show_warning = 0;
-	if( !no_warning )
+	print_warn();
 	    log_info(_("Warning: using insecure memory!\n"));
    }
    /* blocks are always a multiple of 32 */
--- a/zlib/Makefile
+++ b/zlib/Makefile
@ -66,33 +66,33 @@ host_alias = i586-pc-linux-gnu
 host_triplet = i586-pc-linux-gnu
 target_alias = i586-pc-linux-gnu
 target_triplet = i586-pc-linux-gnu
-CATALOGS =  en.gmo de.gmo it.gmo fr.gmo
+CATALOGS = 
-CATOBJEXT = .gmo
+CATOBJEXT = 
 CC = gcc
 CPP = gcc -E
 DATADIRNAME = share
 DYNLINK_LDFLAGS = -rdynamic
-G10_LOCALEDIR = /usr/local/share/locale
+G10_LOCALEDIR = /usr/local//locale
 GENCAT = 
 GMOFILES =  en.gmo de.gmo it.gmo fr.gmo
-GMSGFMT = /usr/local/bin/msgfmt
+GMSGFMT = 
 GT_NO = 
 GT_YES = #YES#
 INCLUDE_LOCALE_H = #include <locale.h>
-INSTOBJEXT = .mo
+INSTOBJEXT = 
-INTLDEPS = $(top_builddir)/intl/libintl.a
+INTLDEPS = 
-INTLLIBS = $(top_builddir)/intl/libintl.a
+INTLLIBS = 
-INTLOBJS = $(GETTOBJS)
+INTLOBJS = 
 MKINSTALLDIRS = scripts/mkinstalldirs
 MPI_EXTRA_ASM_OBJS = 
-MSGFMT = /usr/local/bin/msgfmt
+MSGFMT = 
 PACKAGE = gnupg
 POFILES =  en.po de.po it.po fr.po
-POSUB = po
+POSUB = 
 RANLIB = ranlib
-USE_INCLUDED_LIBINTL = yes
+USE_INCLUDED_LIBINTL = no
-USE_NLS = yes
+USE_NLS = no
-VERSION = 0.4.0
+VERSION = 0.4.0a
 ZLIBS = 
 l = 
@ -122,7 +122,7 @@ LIBRARIES =  $(noinst_LIBRARIES)
 DEFS = -DHAVE_CONFIG_H -I. -I$(srcdir) -I..
 CPPFLAGS = 
 LDFLAGS = 
-LIBS = -ldl -lz
+LIBS = -ldl  -lz
 libzlib_a_LIBADD = 
 libzlib_a_OBJECTS =  adler32.o compress.o crc32.o gzio.o uncompr.o \
 deflate.o trees.o zutil.o inflate.o infblock.o inftrees.o infcodes.o \