textual changes

2025-04-12 22:11:29 +02:00 · 1998-06-29 12:30:57 +00:00 · 1998-06-29 12:30:57 +00:00 · 77a6af76d0
commit 77a6af76d0
parent 5911e300ff
38 changed files with 1540 additions and 1560 deletions
--- a/2
+++ b/2
@ -18,10 +18,12 @@ James Troup		J.J.Troup@scm.brad.ac.uk
 Jean-loup Gailly	gzip@prep.ai.mit.edu
 Jens Bachem		bachem@rrz.uni-koeln.de
 Jörg Schilling		schilling@fokus.gmd.de
 Lars Kellogg-Stedman	lars@bu.edu
 Marco d'Itri            md@linux.it
 Mark Adler		madler@alumni.caltech.edu
 Martin Schulte		schulte@thp.uni-koeln.de
 Matthew Skala		mskala@ansuz.sooke.bc.ca
 Nicolas Graner		Nicolas.Graner@cri.u-psud.fr
 Peter Gutmann		pgut001@cs.auckland.ac.nz
 Ralph Gillen		gillen@theochem.uni-duesseldorf.de
 Thomas Roessler 	roessler@guug.de
--- a/5
+++ b/5
@ -1,4 +1,6 @@
    * add options: --default-signature-user, --default-encryption-user
    * make preferences work
    * rewrite --list-packets or put it into another tool.
@ -37,9 +39,6 @@
      flag that we may have a cached signature for this (and use the address
      of PKC to lookup the hash).
    * change the misleading usage of "public key certificate" to
      "public key data" or something like this.
    * replace getkey.c#enum_secret_keys
--- a/2
+++ b/2
@ -1 +1 @@
-0.3.0a
+0.3.0b
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,3 +1,22 @@
 Mon Jun 29 12:54:45 1998  Werner Koch  (wk@isil.d.shuttle.de)
 	* packet.h: changed all "_cert" to "_key", "subcert" to "subkey".
 	* free-packet.c (free_packet): Removed memory leak for subkeys.
 Sun Jun 28 18:32:27 1998  Werner Koch  (wk@isil.d.shuttle.de)
 	* import.c (import_keys): Renamed from import_pubkeys.
 	(import_secret_one): New.
 	* g10.c (aExportSecret): New.
 	* export.c (export_seckeys): New.
 	* parse-packet.c (parse_certificate): Cleaned up.
 	(parse_packet): Trust packets are now considered as unknown.
 	(parse_pubkey_warning): New.
 Fri Jun 26 10:37:35 1998  Werner Koch  (wk@isil.d.shuttle.de)
 	* keygen.c (has_invalid_email_chars): New.
--- a/g10/OPTIONS
+++ b/g10/OPTIONS
@ -41,6 +41,8 @@ store
 list-secret-keys
 #
 export-secret-keys
 # export secret keys (which may be usefuil in some cases)
 #-----------------------------------------------
 #--- options
--- a/g10/armor.c
+++ b/g10/armor.c
@ -88,6 +88,7 @@ static char *head_strings[] = {
    "BEGIN PGP SIGNATURE",
    "BEGIN PGP SIGNED MESSAGE",
    "BEGIN PGP ARMORED FILE",
    "BEGIN PGP SECRET KEY BLOCK",
    NULL
 };
 static char *tail_strings[] = {
@ -96,6 +97,7 @@ static char *tail_strings[] = {
    "END PGP SIGNATURE",
    "END dummy",
    "END PGP ARMORED FILE",
    "END PGP SECRET KEY BLOCK",
    NULL
 };
@ -153,8 +155,8 @@ is_armored( byte *buf )
    pkttype =  ctb & 0x40 ? (ctb & 0x3f) : ((ctb>>2)&0xf);
    switch( pkttype ) {
      case PKT_MARKER:
-      case PKT_PUBLIC_CERT:
+      case PKT_PUBLIC_KEY:
-      case PKT_SECRET_CERT:
+      case PKT_SECRET_KEY:
      case PKT_PUBKEY_ENC:
      case PKT_SIGNATURE:
      case PKT_COMMENT:
--- a/g10/build-packet.c
+++ b/g10/build-packet.c
@ -36,8 +36,8 @@
 static int do_comment( IOBUF out, int ctb, PKT_comment *rem );
 static int do_user_id( IOBUF out, int ctb, PKT_user_id *uid );
-static int do_public_cert( IOBUF out, int ctb, PKT_public_cert *pk );
+static int do_public_key( IOBUF out, int ctb, PKT_public_key *pk );
-static int do_secret_cert( IOBUF out, int ctb, PKT_secret_cert *pk );
+static int do_secret_key( IOBUF out, int ctb, PKT_secret_key *pk );
 static int do_symkey_enc( IOBUF out, int ctb, PKT_symkey_enc *enc );
 static int do_pubkey_enc( IOBUF out, int ctb, PKT_pubkey_enc *enc );
 static u32 calc_plaintext( PKT_plaintext *pt );
@ -82,13 +82,13 @@ build_packet( IOBUF out, PACKET *pkt )
      case PKT_COMMENT:
 	rc = do_comment( out, ctb, pkt->pkt.comment );
 	break;
-      case PKT_PUBKEY_SUBCERT:
+      case PKT_PUBLIC_SUBKEY:
-      case PKT_PUBLIC_CERT:
+      case PKT_PUBLIC_KEY:
-	rc = do_public_cert( out, ctb, pkt->pkt.public_cert );
+	rc = do_public_key( out, ctb, pkt->pkt.public_key );
 	break;
-      case PKT_SECKEY_SUBCERT:
+      case PKT_SECRET_SUBKEY:
-      case PKT_SECRET_CERT:
+      case PKT_SECRET_KEY:
-	rc = do_secret_cert( out, ctb, pkt->pkt.secret_cert );
+	rc = do_secret_key( out, ctb, pkt->pkt.secret_key );
 	break;
      case PKT_SYMKEY_ENC:
 	rc = do_symkey_enc( out, ctb, pkt->pkt.symkey_enc );
@ -135,8 +135,8 @@ calc_packet_length( PACKET *pkt )
 	break;
      case PKT_USER_ID:
      case PKT_COMMENT:
-      case PKT_PUBLIC_CERT:
+      case PKT_PUBLIC_KEY:
-      case PKT_SECRET_CERT:
+      case PKT_SECRET_KEY:
      case PKT_SYMKEY_ENC:
      case PKT_PUBKEY_ENC:
      case PKT_ENCRYPTED:
@ -174,25 +174,25 @@ do_user_id( IOBUF out, int ctb, PKT_user_id *uid )
 }
 static int
-do_public_cert( IOBUF out, int ctb, PKT_public_cert *pkc )
+do_public_key( IOBUF out, int ctb, PKT_public_key *pk )
 {
    int rc = 0;
    int n, i;
    IOBUF a = iobuf_temp();
-    if( !pkc->version )
+    if( !pk->version )
 	iobuf_put( a, 3 );
    else
-	iobuf_put( a, pkc->version );
+	iobuf_put( a, pk->version );
-    write_32(a, pkc->timestamp );
+    write_32(a, pk->timestamp );
-    if( pkc->version < 4 )
+    if( pk->version < 4 )
-	write_16(a, pkc->valid_days );
+	write_16(a, pk->valid_days );
-    iobuf_put(a, pkc->pubkey_algo );
+    iobuf_put(a, pk->pubkey_algo );
-    n = pubkey_get_npkey( pkc->pubkey_algo );
+    n = pubkey_get_npkey( pk->pubkey_algo );
    for(i=0; i < n; i++ )
-	mpi_write(a, pkc->pkey[i] );
+	mpi_write(a, pk->pkey[i] );
-    write_header2(out, ctb, iobuf_get_temp_length(a), pkc->hdrbytes, 1 );
+    write_header2(out, ctb, iobuf_get_temp_length(a), pk->hdrbytes, 1 );
    if( iobuf_write_temp( out, a ) )
 	rc = G10ERR_WRITE_FILE;
@ -205,25 +205,25 @@ do_public_cert( IOBUF out, int ctb, PKT_public_cert *pkc )
 * Make a hash value from the public key certificate
 */
 void
-hash_public_cert( MD_HANDLE md, PKT_public_cert *pkc )
+hash_public_key( MD_HANDLE md, PKT_public_key *pk )
 {
    PACKET pkt;
    int rc = 0;
    int c;
    IOBUF a = iobuf_temp();
  #if 0
-    FILE *fp = fopen("dump.pkc", "a");
+    FILE *fp = fopen("dump.pk", "a");
    int i=0;
-    fprintf(fp, "\nHashing PKC (v%d):\n", pkc->version);
+    fprintf(fp, "\nHashing PK (v%d):\n", pk->version);
  #endif
    /* build the packet */
    init_packet(&pkt);
-    pkt.pkttype = PKT_PUBLIC_CERT;
+    pkt.pkttype = PKT_PUBLIC_KEY;
-    pkt.pkt.public_cert = pkc;
+    pkt.pkt.public_key = pk;
    if( (rc = build_packet( a, &pkt )) )
-	log_fatal("build public_cert for hashing failed: %s\n", g10_errstr(rc));
+	log_fatal("build public_key for hashing failed: %s\n", g10_errstr(rc));
    while( (c=iobuf_get(a)) != -1 ) {
      #if 0
 	fprintf( fp," %02x", c );
@ -243,51 +243,51 @@ hash_public_cert( MD_HANDLE md, PKT_public_cert *pkc )
 static int
-do_secret_cert( IOBUF out, int ctb, PKT_secret_cert *skc )
+do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk )
 {
    int rc = 0;
    int i, nskey, npkey;
    IOBUF a = iobuf_temp();
-    if( !skc->version )
+    if( !sk->version )
 	iobuf_put( a, 3 );
    else
-	iobuf_put( a, skc->version );
+	iobuf_put( a, sk->version );
-    write_32(a, skc->timestamp );
+    write_32(a, sk->timestamp );
-    if( skc->version < 4 )
+    if( sk->version < 4 )
-	write_16(a, skc->valid_days );
+	write_16(a, sk->valid_days );
-    iobuf_put(a, skc->pubkey_algo );
+    iobuf_put(a, sk->pubkey_algo );
-    nskey = pubkey_get_nskey( skc->pubkey_algo );
+    nskey = pubkey_get_nskey( sk->pubkey_algo );
-    npkey = pubkey_get_npkey( skc->pubkey_algo );
+    npkey = pubkey_get_npkey( sk->pubkey_algo );
    assert( npkey < nskey );
    for(i=0; i < npkey; i++ )
-	mpi_write(a, skc->skey[i] );
+	mpi_write(a, sk->skey[i] );
-    if( skc->is_protected ) {
+    if( sk->is_protected ) {
-	if( is_RSA(skc->pubkey_algo) && skc->version < 4 ) {
+	if( is_RSA(sk->pubkey_algo) && sk->version < 4 ) {
-	    iobuf_put(a, skc->protect.algo );
+	    iobuf_put(a, sk->protect.algo );
-	    iobuf_write(a, skc->protect.iv, 8 );
+	    iobuf_write(a, sk->protect.iv, 8 );
 	}
 	else {
 	    iobuf_put(a, 0xff );
-	    iobuf_put(a, skc->protect.algo );
+	    iobuf_put(a, sk->protect.algo );
-	    iobuf_put(a, skc->protect.s2k.mode );
+	    iobuf_put(a, sk->protect.s2k.mode );
-	    iobuf_put(a, skc->protect.s2k.hash_algo );
+	    iobuf_put(a, sk->protect.s2k.hash_algo );
-	    if( skc->protect.s2k.mode == 1
+	    if( sk->protect.s2k.mode == 1
-		|| skc->protect.s2k.mode == 4 )
+		|| sk->protect.s2k.mode == 4 )
-		iobuf_write(a, skc->protect.s2k.salt, 8 );
+		iobuf_write(a, sk->protect.s2k.salt, 8 );
-	    if( skc->protect.s2k.mode == 4 )
+	    if( sk->protect.s2k.mode == 4 )
-		write_32(a, skc->protect.s2k.count );
+		write_32(a, sk->protect.s2k.count );
-	    iobuf_write(a, skc->protect.iv, 8 );
+	    iobuf_write(a, sk->protect.iv, 8 );
 	}
    }
    else
 	iobuf_put(a, 0 );
    for(   ; i < nskey; i++ )
-	mpi_write(a, skc->skey[i] );
+	mpi_write(a, sk->skey[i] );
-    write_16(a, skc->csum );
+    write_16(a, sk->csum );
-    write_header2(out, ctb, iobuf_get_temp_length(a), skc->hdrbytes, 1 );
+    write_header2(out, ctb, iobuf_get_temp_length(a), sk->hdrbytes, 1 );
    if( iobuf_write_temp( out, a ) )
 	rc = G10ERR_WRITE_FILE;
--- a/g10/encode.c
+++ b/g10/encode.c
@ -37,7 +37,7 @@
 static int encode_simple( const char *filename, int mode );
-static int write_pubkey_enc_from_list( PKC_LIST pkc_list, DEK *dek, IOBUF out );
+static int write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out );
@ -185,13 +185,13 @@ encode_crypt( const char *filename, STRLIST remusr )
    cipher_filter_context_t cfx;
    armor_filter_context_t afx;
    compress_filter_context_t zfx;
-    PKC_LIST pkc_list;
+    PK_LIST pk_list;
    memset( &cfx, 0, sizeof cfx);
    memset( &afx, 0, sizeof afx);
    memset( &zfx, 0, sizeof zfx);
-    if( (rc=build_pkc_list( remusr, &pkc_list, 2)) )
+    if( (rc=build_pk_list( remusr, &pk_list, 2)) )
 	return rc;
    /* prepare iobufs */
@ -222,7 +222,7 @@ encode_crypt( const char *filename, STRLIST remusr )
    if( DBG_CIPHER )
 	log_hexdump("DEK is: ", cfx.dek->key, cfx.dek->keylen );
-    rc = write_pubkey_enc_from_list( pkc_list, cfx.dek, out );
+    rc = write_pubkey_enc_from_list( pk_list, cfx.dek, out );
    if( rc  )
 	goto leave;
@ -269,7 +269,7 @@ encode_crypt( const char *filename, STRLIST remusr )
 	pt->buf = NULL;
    free_packet(&pkt);
    m_free(cfx.dek);
-    release_pkc_list( pkc_list );
+    release_pk_list( pk_list );
    return rc;
 }
@ -297,7 +297,7 @@ encrypt_filter( void *opaque, int control,
 		log_hexdump("DEK is: ",
 			     efx->cfx.dek->key, efx->cfx.dek->keylen );
-	    rc = write_pubkey_enc_from_list( efx->pkc_list, efx->cfx.dek, a );
+	    rc = write_pubkey_enc_from_list( efx->pk_list, efx->cfx.dek, a );
 	    if( rc )
 		return rc;
@ -318,26 +318,26 @@ encrypt_filter( void *opaque, int control,
 /****************
- * Write pubkey-enc packets from the list of PKCs to OUT.
+ * Write pubkey-enc packets from the list of PKs to OUT.
 */
 static int
-write_pubkey_enc_from_list( PKC_LIST pkc_list, DEK *dek, IOBUF out )
+write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out )
 {
    PACKET pkt;
-    PKT_public_cert *pkc;
+    PKT_public_key *pk;
    PKT_pubkey_enc  *enc;
    int rc;
-    for( ; pkc_list; pkc_list = pkc_list->next ) {
+    for( ; pk_list; pk_list = pk_list->next ) {
 	MPI frame;
-	pkc = pkc_list->pkc;
+	pk = pk_list->pk;
 	enc = m_alloc_clear( sizeof *enc );
-	enc->pubkey_algo = pkc->pubkey_algo;
+	enc->pubkey_algo = pk->pubkey_algo;
-	keyid_from_pkc( pkc, enc->keyid );
+	keyid_from_pk( pk, enc->keyid );
-	frame = encode_session_key( dek, pubkey_nbits( pkc->pubkey_algo,
+	frame = encode_session_key( dek, pubkey_nbits( pk->pubkey_algo,
-							  pkc->pkey ) );
+							  pk->pkey ) );
-	rc = pubkey_encrypt( pkc->pubkey_algo, enc->data, frame, pkc->pkey );
+	rc = pubkey_encrypt( pk->pubkey_algo, enc->data, frame, pk->pkey );
 	mpi_free( frame );
 	if( rc )
 	    log_error("pubkey_encrypt failed: %s\n", g10_errstr(rc) );
--- a/g10/export.c
+++ b/g10/export.c
@ -33,6 +33,7 @@
 #include "util.h"
 #include "main.h"
 static int do_export( STRLIST users, int secret );
 /****************
 * Export the public keys (to standard out or --output).
@ -41,6 +42,18 @@
 */
 int
 export_pubkeys( STRLIST users )
 {
    return do_export( users, 0 );
 }
 int
 export_seckeys( STRLIST users )
 {
    return do_export( users, 1 );
 }
 static int
 do_export( STRLIST users, int secret )
 {
    int rc = 0;
    armor_filter_context_t afx;
@ -64,14 +77,14 @@ export_pubkeys( STRLIST users )
    }
    if( opt.armor ) {
-	afx.what = 1;
+	afx.what = secret?5:1;
 	iobuf_push_filter( out, armor_filter, &afx );
    }
    if( opt.compress_keys && opt.compress )
 	iobuf_push_filter( out, compress_filter, &zfx );
    if( all ) {
-	rc = enum_keyblocks( 0, &kbpos, &keyblock );
+	rc = enum_keyblocks( secret?5:0, &kbpos, &keyblock );
 	if( rc ) {
 	    if( rc != -1 )
 		log_error("enum_keyblocks(open) failed: %s\n", g10_errstr(rc) );
@ -94,7 +107,8 @@ export_pubkeys( STRLIST users )
 	}
 	else {
 	    /* search the userid */
-	    rc = find_keyblock_byname( &kbpos, sl->d );
+	    rc = secret? find_secret_keyblock_byname( &kbpos, sl->d )
 		       : find_keyblock_byname( &kbpos, sl->d );
 	    if( rc ) {
 		log_error("%s: user not found: %s\n", sl->d, g10_errstr(rc) );
 		rc = 0;
--- a/g10/free-packet.c
+++ b/g10/free-packet.c
@ -62,26 +62,26 @@ free_seckey_enc( PKT_signature *sig )
 void
-release_public_cert_parts( PKT_public_cert *cert )
+release_public_key_parts( PKT_public_key *pk )
 {
    int n, i;
-    n = pubkey_get_npkey( cert->pubkey_algo );
+    n = pubkey_get_npkey( pk->pubkey_algo );
    for(i=0; i < n; i++ ) {
-	mpi_free( cert->pkey[i] );
+	mpi_free( pk->pkey[i] );
-	cert->pkey[i] = NULL;
+	pk->pkey[i] = NULL;
    }
 }
 void
-free_public_cert( PKT_public_cert *cert )
+free_public_key( PKT_public_key *pk )
 {
-    release_public_cert_parts( cert );
+    release_public_key_parts( pk );
-    m_free(cert);
+    m_free(pk);
 }
-PKT_public_cert *
+PKT_public_key *
-copy_public_cert( PKT_public_cert *d, PKT_public_cert *s )
+copy_public_key( PKT_public_key *d, PKT_public_key *s )
 {
    int n, i;
@ -95,26 +95,26 @@ copy_public_cert( PKT_public_cert *d, PKT_public_cert *s )
 }
 void
-release_secret_cert_parts( PKT_secret_cert *cert )
+release_secret_key_parts( PKT_secret_key *sk )
 {
    int n, i;
-    n = pubkey_get_nskey( cert->pubkey_algo );
+    n = pubkey_get_nskey( sk->pubkey_algo );
    for(i=0; i < n; i++ ) {
-	mpi_free( cert->skey[i] );
+	mpi_free( sk->skey[i] );
-	cert->skey[i] = NULL;
+	sk->skey[i] = NULL;
    }
 }
 void
-free_secret_cert( PKT_secret_cert *cert )
+free_secret_key( PKT_secret_key *sk )
 {
-    release_secret_cert_parts( cert );
+    release_secret_key_parts( sk );
-    m_free(cert);
+    m_free(sk);
 }
-PKT_secret_cert *
+PKT_secret_key *
-copy_secret_cert( PKT_secret_cert *d, PKT_secret_cert *s )
+copy_secret_key( PKT_secret_key *d, PKT_secret_key *s )
 {
    int n, i;
@ -208,11 +208,13 @@ free_packet( PACKET *pkt )
      case PKT_SYMKEY_ENC:
 	free_symkey_enc( pkt->pkt.symkey_enc );
 	break;
-      case PKT_PUBLIC_CERT:
+      case PKT_PUBLIC_KEY:
-	free_public_cert( pkt->pkt.public_cert );
+      case PKT_PUBLIC_SUBKEY:
 	free_public_key( pkt->pkt.public_key );
 	break;
-      case PKT_SECRET_CERT:
+      case PKT_SECRET_KEY:
-	free_secret_cert( pkt->pkt.secret_cert );
+      case PKT_SECRET_SUBKEY:
 	free_secret_key( pkt->pkt.secret_key );
 	break;
      case PKT_COMMENT:
 	free_comment( pkt->pkt.comment );
@ -240,7 +242,7 @@ free_packet( PACKET *pkt )
 * Returns 0 if they match.
 */
 int
-cmp_public_certs( PKT_public_cert *a, PKT_public_cert *b )
+cmp_public_keys( PKT_public_key *a, PKT_public_key *b )
 {
    int n, i;
@ -264,20 +266,20 @@ cmp_public_certs( PKT_public_cert *a, PKT_public_cert *b )
 * Returns 0 if they match.
 */
 int
-cmp_public_secret_cert( PKT_public_cert *pkc, PKT_secret_cert *skc )
+cmp_public_secret_key( PKT_public_key *pk, PKT_secret_key *sk )
 {
    int n, i;
-    if( pkc->timestamp != skc->timestamp )
+    if( pk->timestamp != sk->timestamp )
 	return -1;
-    if( pkc->valid_days != skc->valid_days )
+    if( pk->valid_days != sk->valid_days )
 	return -1;
-    if( pkc->pubkey_algo != skc->pubkey_algo )
+    if( pk->pubkey_algo != sk->pubkey_algo )
 	return -1;
-    n = pubkey_get_npkey( pkc->pubkey_algo );
+    n = pubkey_get_npkey( pk->pubkey_algo );
    for(i=0; i < n; i++ ) {
-	if( mpi_cmp( pkc->pkey[i] , skc->skey[i] ) )
+	if( mpi_cmp( pk->pkey[i] , sk->skey[i] ) )
 	    return -1;
    }
    return 0;
--- a/g10/g10.c
+++ b/g10/g10.c
@ -75,6 +75,7 @@ static ARGPARSE_OPTS opts[] = {
    { 542, "gen-revoke",0, N_("generate a revocation certificate")},
  #endif
    { 537, "export"          , 0, N_("export keys") },
    { 563, "export-secret-keys" , 0, "@" },
    { 530, "import",      0     , N_("import/merge keys")},
    { 521, "list-packets",0,N_("list only the sequence of packets")},
  #ifdef IS_G10MAINT
@ -176,7 +177,8 @@ enum cmd_values { aNull = 0,
    aSignKey, aClearsign, aListPackets, aEditSig, aDeleteKey, aDeleteSecretKey,
    aKMode, aKModeC, aChangePass, aImport, aVerify, aDecrypt, aListKeys,
    aListSigs, aKeyadd, aListSecretKeys,
-    aExport, aCheckKeys, aGenRevoke, aPrimegen, aPrintMD, aPrintMDs,
+    aExport, aExportSecret,
    aCheckKeys, aGenRevoke, aPrimegen, aPrintMD, aPrintMDs,
    aListTrustDB, aListTrustPath, aDeArmor, aEnArmor, aGenRandom, aTest,
 aNOP };
@ -595,6 +597,7 @@ main( int argc, char **argv )
 	  case 560: register_cipher_extension(pargs.r.ret_str); break;
 	  case 561: opt.rfc1991 = 1; break;
 	  case 562: opt.emulate_bugs |= 1; break;
 	  case 563: set_cmd( &cmd, aExportSecret); break;
 	  default : errors++; pargs.err = configfp? 1:2; break;
 	}
    }
@ -855,12 +858,12 @@ main( int argc, char **argv )
      case aImport:
 	if( !argc  ) {
-	    rc = import_pubkeys( NULL );
+	    rc = import_keys( NULL );
 	    if( rc )
 		log_error("import failed: %s\n", g10_errstr(rc) );
 	}
 	for( ; argc; argc--, argv++ ) {
-	    rc = import_pubkeys( *argv );
+	    rc = import_keys( *argv );
 	    if( rc )
 		log_error("import from '%s' failed: %s\n",
 						*argv, g10_errstr(rc) );
@ -875,6 +878,14 @@ main( int argc, char **argv )
 	free_strlist(sl);
 	break;
      case aExportSecret:
 	sl = NULL;
 	for( ; argc; argc--, argv++ )
 	    add_to_strlist( &sl, *argv );
 	export_seckeys( sl );
 	free_strlist(sl);
 	break;
    #ifdef IS_G10
      case aGenRevoke:
 	if( argc != 1 )
--- a/g10/getkey.c
+++ b/g10/getkey.c
@ -32,7 +32,7 @@
 #include "options.h"
 #include "main.h"
-#define MAX_PKC_CACHE_ENTRIES 500
+#define MAX_PK_CACHE_ENTRIES 500
 typedef struct keyid_list {
@ -47,11 +47,11 @@ typedef struct user_id_db {
    char name[1];
 } *user_id_db_t;
-typedef struct pkc_cache_entry {
+typedef struct pk_cache_entry {
-    struct pkc_cache_entry *next;
+    struct pk_cache_entry *next;
    u32 keyid[2];
-    PKT_public_cert *pkc;
+    PKT_public_key *pk;
-} *pkc_cache_entry_t;
+} *pk_cache_entry_t;
 typedef struct enum_seckey_context {
    int eof;
@ -65,14 +65,14 @@ static STRLIST secret_keyrings;
 static keyid_list_t unknown_keyids;
 static user_id_db_t user_id_db;
-static pkc_cache_entry_t pkc_cache;
+static pk_cache_entry_t pk_cache;
-static int pkc_cache_entries;	/* number of entries in pkc cache */
+static int pk_cache_entries;   /* number of entries in pk cache */
-static int lookup( PKT_public_cert *pkc,
+static int lookup( PKT_public_key *pk,
 		   int mode,  u32 *keyid, const char *name,
 		   KBNODE *ret_keyblock  );
-static int lookup_skc( PKT_secret_cert *skc,
+static int lookup_sk( PKT_secret_key *sk,
 		   int mode,  u32 *keyid, const char *name );
 /* note this function may be called before secure memory is
@ -170,42 +170,42 @@ add_secret_keyring( const char *name )
 static void
-cache_public_cert( PKT_public_cert *pkc )
+cache_public_key( PKT_public_key *pk )
 {
-    pkc_cache_entry_t ce;
+    pk_cache_entry_t ce;
    u32 keyid[2];
-    if( is_ELGAMAL(pkc->pubkey_algo)
+    if( is_ELGAMAL(pk->pubkey_algo)
-	|| pkc->pubkey_algo == PUBKEY_ALGO_DSA
+	|| pk->pubkey_algo == PUBKEY_ALGO_DSA
-	|| is_RSA(pkc->pubkey_algo) ) {
+	|| is_RSA(pk->pubkey_algo) ) {
-	keyid_from_pkc( pkc, keyid );
+	keyid_from_pk( pk, keyid );
    }
    else
 	return; /* don't know how to get the keyid */
-    for( ce = pkc_cache; ce; ce = ce->next )
+    for( ce = pk_cache; ce; ce = ce->next )
 	if( ce->keyid[0] == keyid[0] && ce->keyid[1] == keyid[1] ) {
 	    if( DBG_CACHE )
-		log_debug("cache_public_cert: already in cache\n");
+		log_debug("cache_public_key: already in cache\n");
 	    return;
 	}
-    if( pkc_cache_entries > MAX_PKC_CACHE_ENTRIES ) {
+    if( pk_cache_entries > MAX_PK_CACHE_ENTRIES ) {
 	/* FIMXE: use another algorithm to free some cache slots */
-	if( pkc_cache_entries == MAX_PKC_CACHE_ENTRIES )  {
+	if( pk_cache_entries == MAX_PK_CACHE_ENTRIES )	{
-	    pkc_cache_entries++;
+	    pk_cache_entries++;
-	    log_info("too many entries in pkc cache - disabled\n");
+	    log_info("too many entries in pk cache - disabled\n");
 	}
-	ce = pkc_cache;
+	ce = pk_cache;
-	free_public_cert( ce->pkc );
+	free_public_key( ce->pk );
    }
    else {
-	pkc_cache_entries++;
+	pk_cache_entries++;
 	ce = m_alloc( sizeof *ce );
-	ce->next = pkc_cache;
+	ce->next = pk_cache;
-	pkc_cache = ce;
+	pk_cache = ce;
    }
-    ce->pkc = copy_public_cert( NULL, pkc );
+    ce->pk = copy_public_key( NULL, pk );
    ce->keyid[0] = keyid[0];
    ce->keyid[1] = keyid[1];
 }
@ -238,17 +238,17 @@ cache_user_id( PKT_user_id *uid, u32 *keyid )
 /****************
- * Get a public key and store it into the allocated pkc
+ * Get a public key and store it into the allocated pk
- * can be called with PKC set to NULL to just read it into some
+ * can be called with PK set to NULL to just read it into some
 * internal structures.
 */
 int
-get_pubkey( PKT_public_cert *pkc, u32 *keyid )
+get_pubkey( PKT_public_key *pk, u32 *keyid )
 {
    keyid_list_t kl;
    int internal = 0;
    int rc = 0;
-    pkc_cache_entry_t ce;
+    pk_cache_entry_t ce;
    /* let's see whether we checked the keyid already */
    for( kl = unknown_keyids; kl; kl = kl->next )
@ -256,21 +256,21 @@ get_pubkey( PKT_public_cert *pkc, u32 *keyid )
 	    return G10ERR_NO_PUBKEY; /* already checked and not found */
    /* Try to get it from our cache */
-    for( ce = pkc_cache; ce; ce = ce->next )
+    for( ce = pk_cache; ce; ce = ce->next )
 	if( ce->keyid[0] == keyid[0] && ce->keyid[1] == keyid[1] ) {
-	    if( pkc )
+	    if( pk )
-		copy_public_cert( pkc, ce->pkc );
+		copy_public_key( pk, ce->pk );
 	    return 0;
 	}
    /* more init stuff */
-    if( !pkc ) {
+    if( !pk ) {
-	pkc = m_alloc_clear( sizeof *pkc );
+	pk = m_alloc_clear( sizeof *pk );
 	internal++;
    }
    /* do a lookup */
-    rc = lookup( pkc, 11, keyid, NULL, NULL );
+    rc = lookup( pk, 11, keyid, NULL, NULL );
    if( !rc )
 	goto leave;
@ -284,9 +284,9 @@ get_pubkey( PKT_public_cert *pkc, u32 *keyid )
  leave:
    if( !rc )
-	cache_public_cert( pkc );
+	cache_public_key( pk );
    if( internal )
-	m_free(pkc);
+	m_free(pk);
    return rc;
 }
@ -320,7 +320,7 @@ hextobyte( const byte *s )
 /****************
 * Try to get the pubkey by the userid. This function looks for the
 * first pubkey certificate which has the given name in a user_id.
- * if pkc has the pubkey algo set, the function will only return
+ * if pk has the pubkey algo set, the function will only return
 * a pubkey with that algo.
 *
 * - If the username starts with 8,9,16 or 17 hex-digits (the first one
@ -344,7 +344,7 @@ hextobyte( const byte *s )
 static int
 key_byname( int secret,
-	    PKT_public_cert *pkc, PKT_secret_cert *skc, const char *name )
+	    PKT_public_key *pk, PKT_secret_key *sk, const char *name )
 {
    int internal = 0;
    int rc = 0;
@ -439,35 +439,35 @@ key_byname( int secret,
 	goto leave;
    if( secret ) {
-	if( !skc ) {
+	if( !sk ) {
-	    skc = m_alloc_clear( sizeof *skc );
+	    sk = m_alloc_clear( sizeof *sk );
 	    internal++;
 	}
-	rc = mode < 16? lookup_skc( skc, mode, keyid, name )
+	rc = mode < 16? lookup_sk( sk, mode, keyid, name )
-		      : lookup_skc( skc, mode, keyid, fprint );
+		      : lookup_sk( sk, mode, keyid, fprint );
    }
    else {
-	if( !pkc ) {
+	if( !pk ) {
-	    pkc = m_alloc_clear( sizeof *pkc );
+	    pk = m_alloc_clear( sizeof *pk );
 	    internal++;
 	}
-	rc = mode < 16? lookup( pkc, mode, keyid, name, NULL )
+	rc = mode < 16? lookup( pk, mode, keyid, name, NULL )
-		      : lookup( pkc, mode, keyid, fprint, NULL );
+		      : lookup( pk, mode, keyid, fprint, NULL );
    }
  leave:
    if( internal && secret )
-	m_free( skc );
+	m_free( sk );
    else if( internal )
-	m_free( pkc );
+	m_free( pk );
    return rc;
 }
 int
-get_pubkey_byname( PKT_public_cert *pkc, const char *name )
+get_pubkey_byname( PKT_public_key *pk, const char *name )
 {
-    return key_byname( 0, pkc, NULL, name );
+    return key_byname( 0, pk, NULL, name );
 }
@ -481,31 +481,31 @@ get_keyblock_byfprint( KBNODE *ret_keyblock, const byte *fprint,
 						size_t fprint_len )
 {
    int rc;
-    PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc );
+    PKT_public_key *pk = m_alloc_clear( sizeof *pk );
    if( fprint_len == 20 || fprint_len == 16 )
-	rc = lookup( pkc, fprint_len, NULL, fprint, ret_keyblock );
+	rc = lookup( pk, fprint_len, NULL, fprint, ret_keyblock );
    else
 	rc = G10ERR_GENERAL; /* Oops */
-    free_public_cert( pkc );
+    free_public_key( pk );
    return rc;
 }
 /****************
- * Get a secret key and store it into skc
+ * Get a secret key and store it into sk
 */
 int
-get_seckey( PKT_secret_cert *skc, u32 *keyid )
+get_seckey( PKT_secret_key *sk, u32 *keyid )
 {
    int rc;
-    rc = lookup_skc( skc, 11, keyid, NULL );
+    rc = lookup_sk( sk, 11, keyid, NULL );
    if( !rc ) {
 	/* check the secret key (this may prompt for a passprase to
 	 * unlock the secret key
 	 */
-	rc = check_secret_key( skc );
+	rc = check_secret_key( sk );
    }
    return rc;
@ -519,30 +519,30 @@ get_seckey( PKT_secret_cert *skc, u32 *keyid )
 int
 seckey_available( u32 *keyid )
 {
-    PKT_secret_cert *skc;
+    PKT_secret_key *sk;
    int rc;
-    skc = m_alloc_clear( sizeof *skc );
+    sk = m_alloc_clear( sizeof *sk );
-    rc = lookup_skc( skc, 11, keyid, NULL );
+    rc = lookup_sk( sk, 11, keyid, NULL );
-    free_secret_cert( skc );
+    free_secret_key( sk );
    return rc;
 }
 /****************
- * Get a secret key by name and store it into skc
+ * Get a secret key by name and store it into sk
- * If NAME is NULL use the default certificate
+ * If NAME is NULL use the default key
 */
 int
-get_seckey_byname( PKT_secret_cert *skc, const char *name, int unprotect )
+get_seckey_byname( PKT_secret_key *sk, const char *name, int unprotect )
 {
    int rc;
-    rc = name ? key_byname( 1, NULL, skc, name )
+    rc = name ? key_byname( 1, NULL, sk, name )
-	      : lookup_skc( skc, 15, NULL, NULL );
+	      : lookup_sk( sk, 15, NULL, NULL );
    if( !rc && unprotect )
-	rc = check_secret_key( skc );
+	rc = check_secret_key( sk );
    return rc;
 }
@ -606,26 +606,26 @@ compare_name( const char *uid, size_t uidlen, const char *name, int mode )
 static void
 add_stuff_from_selfsig( KBNODE keyblock, KBNODE knode )
 {
-    PKT_public_cert *pkc = knode->pkt->pkt.public_cert;
+    PKT_public_key *pk = knode->pkt->pkt.public_key;
    PKT_signature *sig;
    KBNODE k;
    u32 kid[2];
-    assert(    knode->pkt->pkttype == PKT_PUBLIC_CERT
+    assert(    knode->pkt->pkttype == PKT_PUBLIC_KEY
-	    || knode->pkt->pkttype == PKT_PUBKEY_SUBCERT );
+	    || knode->pkt->pkttype == PKT_PUBLIC_SUBKEY );
-    if( pkc->version < 4 )
+    if( pk->version < 4 )
 	return; /* this is only needed for version >=4 packets */
    /* find the selfsignature */
-    if( knode->pkt->pkttype == PKT_PUBKEY_SUBCERT ) {
+    if( knode->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
-	k = find_kbnode( keyblock, PKT_PUBLIC_CERT );
+	k = find_kbnode( keyblock, PKT_PUBLIC_KEY );
 	if( !k )
 	   BUG(); /* keyblock without primary key!!! */
-	keyid_from_pkc( knode->pkt->pkt.public_cert, kid );
+	keyid_from_pk( knode->pkt->pkt.public_key, kid );
    }
    else
-	keyid_from_pkc( pkc, kid );
+	keyid_from_pk( pk, kid );
    for(k=keyblock; k; k = k->next ) {
 	if( k->pkt->pkttype == PKT_SIGNATURE
 	    && (sig=k->pkt->pkt.signature)->sig_class >= 0x10
@ -641,8 +641,8 @@ add_stuff_from_selfsig( KBNODE keyblock, KBNODE knode )
 	     */
 	    const byte *p;
 	    p = parse_sig_subpkt( sig->hashed_data, SIGSUBPKT_KEY_EXPIRE, NULL );
-	    pkc->valid_days = p? ((buffer_to_u32(p)+86399L)/86400L):0;
+	    pk->valid_days = p? ((buffer_to_u32(p)+86399L)/86400L):0;
-	    /* fixme: add usage etc. to pkc */
+	    /* fixme: add usage etc. to pk */
 	    break;
 	}
    }
@ -660,13 +660,13 @@ add_stuff_from_selfsig( KBNODE keyblock, KBNODE knode )
 *	 15 = Get the first key.
 *	 16 = lookup by 16 byte fingerprint which is stored in NAME
 *	 20 = lookup by 20 byte fingerprint which is stored in NAME
- * Caller must provide an empty PKC, if the pubkey_algo is filled in, only
+ * Caller must provide an empty PK, if the pubkey_algo is filled in, only
 * a key of this algo will be returned.
 * If ret_keyblock is not NULL, the complete keyblock is returned also
 * and the caller must release it.
 */
 static int
-lookup( PKT_public_cert *pkc, int mode,  u32 *keyid,
+lookup( PKT_public_key *pk, int mode,  u32 *keyid,
 	const char *name, KBNODE *ret_keyblock )
 {
    int rc;
@ -692,15 +692,15 @@ lookup( PKT_public_cert *pkc, int mode,  u32 *keyid,
 				      k->pkt->pkt.user_id->len, name, mode)) {
 		    /* we found a matching name, look for the key */
 		    for(kk=keyblock; kk; kk = kk->next )
-			if( (	 kk->pkt->pkttype == PKT_PUBLIC_CERT
+			if( (	 kk->pkt->pkttype == PKT_PUBLIC_KEY
-			      || kk->pkt->pkttype == PKT_PUBKEY_SUBCERT )
+			      || kk->pkt->pkttype == PKT_PUBLIC_SUBKEY )
-			    && ( !pkc->pubkey_algo
+			    && ( !pk->pubkey_algo
-				 || pkc->pubkey_algo
+				 || pk->pubkey_algo
-				    == kk->pkt->pkt.public_cert->pubkey_algo))
+				    == kk->pkt->pkt.public_key->pubkey_algo))
 			break;
 		    if( kk ) {
 			u32 aki[2];
-			keyid_from_pkc( kk->pkt->pkt.public_cert, aki );
+			keyid_from_pk( kk->pkt->pkt.public_key, aki );
 			cache_user_id( k->pkt->pkt.user_id, aki );
 			k = kk;
 			break;
@ -714,24 +714,24 @@ lookup( PKT_public_cert *pkc, int mode,  u32 *keyid,
 	    if( DBG_CACHE && (mode== 10 || mode==11) ) {
 		log_debug("lookup keyid=%08lx%08lx req_algo=%d mode=%d\n",
 				(ulong)keyid[0], (ulong)keyid[1],
-				 pkc->pubkey_algo, mode );
+				 pk->pubkey_algo, mode );
 	    }
 	    for(k=keyblock; k; k = k->next ) {
-		if(    k->pkt->pkttype == PKT_PUBLIC_CERT
+		if(    k->pkt->pkttype == PKT_PUBLIC_KEY
-		    || k->pkt->pkttype == PKT_PUBKEY_SUBCERT ) {
+		    || k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
 		    if( mode == 10 || mode == 11 ) {
 			u32 aki[2];
-			keyid_from_pkc( k->pkt->pkt.public_cert, aki );
+			keyid_from_pk( k->pkt->pkt.public_key, aki );
 			if( DBG_CACHE ) {
 			    log_debug("         aki=%08lx%08lx algo=%d\n",
 					    (ulong)aki[0], (ulong)aki[1],
-				    k->pkt->pkt.public_cert->pubkey_algo    );
+				    k->pkt->pkt.public_key->pubkey_algo    );
 			}
 			if( aki[1] == keyid[1]
 			    && ( mode == 10 || aki[0] == keyid[0] )
-			    && ( !pkc->pubkey_algo
+			    && ( !pk->pubkey_algo
-				 || pkc->pubkey_algo
+				 || pk->pubkey_algo
-				    == k->pkt->pkt.public_cert->pubkey_algo) ){
+				    == k->pkt->pkt.public_key->pubkey_algo) ){
 			    /* cache the userid */
 			    for(kk=keyblock; kk; kk = kk->next )
 				if( kk->pkt->pkttype == PKT_USER_ID )
@ -744,19 +744,19 @@ lookup( PKT_public_cert *pkc, int mode,  u32 *keyid,
 			}
 		    }
 		    else if( mode == 15 ) { /* get the first key */
-			if( !pkc->pubkey_algo
+			if( !pk->pubkey_algo
-			    || pkc->pubkey_algo
+			    || pk->pubkey_algo
-				  == k->pkt->pkt.public_cert->pubkey_algo )
+				  == k->pkt->pkt.public_key->pubkey_algo )
 			    break;
 		    }
 		    else if( mode == 16 || mode == 20 ) {
 			size_t an;
-			byte *afp = fingerprint_from_pkc(
+			byte *afp = fingerprint_from_pk(
-					k->pkt->pkt.public_cert, &an );
+					k->pkt->pkt.public_key, &an );
 			if( an == mode && !memcmp( afp, name, an)
-			    && ( !pkc->pubkey_algo
+			    && ( !pk->pubkey_algo
-				 || pkc->pubkey_algo
+				 || pk->pubkey_algo
-				    == k->pkt->pkt.public_cert->pubkey_algo) ) {
+				    == k->pkt->pkt.public_key->pubkey_algo) ) {
 			    m_free(afp);
 			    break;
 			}
@ -768,9 +768,9 @@ lookup( PKT_public_cert *pkc, int mode,  u32 *keyid,
 	    }
 	}
 	if( k ) { /* found */
-	    assert(    k->pkt->pkttype == PKT_PUBLIC_CERT
+	    assert(    k->pkt->pkttype == PKT_PUBLIC_KEY
-		    || k->pkt->pkttype == PKT_PUBKEY_SUBCERT );
+		    || k->pkt->pkttype == PKT_PUBLIC_SUBKEY );
-	    copy_public_cert( pkc, k->pkt->pkt.public_cert );
+	    copy_public_key( pk, k->pkt->pkt.public_key );
 	    add_stuff_from_selfsig( keyblock, k );
 	    if( ret_keyblock ) {
 		*ret_keyblock = keyblock;
@ -797,7 +797,7 @@ lookup( PKT_public_cert *pkc, int mode,  u32 *keyid,
 * Ditto for secret keys
 */
 static int
-lookup_skc( PKT_secret_cert *skc, int mode,  u32 *keyid, const char *name )
+lookup_sk( PKT_secret_key *sk, int mode,  u32 *keyid, const char *name )
 {
    int rc;
    KBNODE keyblock = NULL;
@ -822,46 +822,46 @@ lookup_skc( PKT_secret_cert *skc, int mode,  u32 *keyid, const char *name )
 				      k->pkt->pkt.user_id->len, name, mode)) {
 		    /* we found a matching name, look for the key */
 		    for(kk=keyblock; kk; kk = kk->next )
-			if( (	 kk->pkt->pkttype == PKT_SECRET_CERT
+			if( (	 kk->pkt->pkttype == PKT_SECRET_KEY
-			      || kk->pkt->pkttype == PKT_SECKEY_SUBCERT )
+			      || kk->pkt->pkttype == PKT_SECRET_SUBKEY )
-			    && ( !skc->pubkey_algo
+			    && ( !sk->pubkey_algo
-				 || skc->pubkey_algo
+				 || sk->pubkey_algo
-				    == kk->pkt->pkt.secret_cert->pubkey_algo))
+				    == kk->pkt->pkt.secret_key->pubkey_algo))
 			break;
 		    if( kk ) {
 			u32 aki[2];
-			keyid_from_skc( kk->pkt->pkt.secret_cert, aki );
+			keyid_from_sk( kk->pkt->pkt.secret_key, aki );
 			cache_user_id( k->pkt->pkt.user_id, aki );
 			k = kk;
 			break;
 		    }
 		    else
-			log_error("No key for userid (in skc)\n");
+			log_error("No key for userid (in sk)\n");
 		}
 	    }
 	}
 	else { /* keyid or fingerprint lookup */
 	    if( DBG_CACHE && (mode== 10 || mode==11) ) {
-		log_debug("lookup_skc keyid=%08lx%08lx req_algo=%d mode=%d\n",
+		log_debug("lookup_sk keyid=%08lx%08lx req_algo=%d mode=%d\n",
 				(ulong)keyid[0], (ulong)keyid[1],
-				 skc->pubkey_algo, mode );
+				 sk->pubkey_algo, mode );
 	    }
 	    for(k=keyblock; k; k = k->next ) {
-		if(    k->pkt->pkttype == PKT_SECRET_CERT
+		if(    k->pkt->pkttype == PKT_SECRET_KEY
-		    || k->pkt->pkttype == PKT_SECKEY_SUBCERT ) {
+		    || k->pkt->pkttype == PKT_SECRET_SUBKEY ) {
 		    if( mode == 10 || mode == 11 ) {
 			u32 aki[2];
-			keyid_from_skc( k->pkt->pkt.secret_cert, aki );
+			keyid_from_sk( k->pkt->pkt.secret_key, aki );
 			if( DBG_CACHE ) {
 			    log_debug("             aki=%08lx%08lx algo=%d\n",
 					    (ulong)aki[0], (ulong)aki[1],
-				    k->pkt->pkt.secret_cert->pubkey_algo    );
+				    k->pkt->pkt.secret_key->pubkey_algo    );
 			}
 			if( aki[1] == keyid[1]
 			    && ( mode == 10 || aki[0] == keyid[0] )
-			    && ( !skc->pubkey_algo
+			    && ( !sk->pubkey_algo
-				 || skc->pubkey_algo
+				 || sk->pubkey_algo
-				    == k->pkt->pkt.secret_cert->pubkey_algo) ){
+				    == k->pkt->pkt.secret_key->pubkey_algo) ){
 			    /* cache the userid */
 			    for(kk=keyblock; kk; kk = kk->next )
 				if( kk->pkt->pkttype == PKT_USER_ID )
@ -874,19 +874,19 @@ lookup_skc( PKT_secret_cert *skc, int mode,  u32 *keyid, const char *name )
 			}
 		    }
 		    else if( mode == 15 ) { /* get the first key */
-			if( !skc->pubkey_algo
+			if( !sk->pubkey_algo
-			    || skc->pubkey_algo
+			    || sk->pubkey_algo
-				  == k->pkt->pkt.secret_cert->pubkey_algo )
+				  == k->pkt->pkt.secret_key->pubkey_algo )
 			    break;
 		    }
 		    else if( mode == 16 || mode == 20 ) {
 			size_t an;
-			byte *afp = fingerprint_from_skc(
+			byte *afp = fingerprint_from_sk(
-					k->pkt->pkt.secret_cert, &an );
+					k->pkt->pkt.secret_key, &an );
 			if( an == mode && !memcmp( afp, name, an)
-			    && ( !skc->pubkey_algo
+			    && ( !sk->pubkey_algo
-				 || skc->pubkey_algo
+				 || sk->pubkey_algo
-				    == k->pkt->pkt.secret_cert->pubkey_algo) ) {
+				    == k->pkt->pkt.secret_key->pubkey_algo) ) {
 			    m_free(afp);
 			    break;
 			}
@ -898,9 +898,9 @@ lookup_skc( PKT_secret_cert *skc, int mode,  u32 *keyid, const char *name )
 	    }
 	}
 	if( k ) { /* found */
-	    assert(    k->pkt->pkttype == PKT_SECRET_CERT
+	    assert(    k->pkt->pkttype == PKT_SECRET_KEY
-		    || k->pkt->pkttype == PKT_SECKEY_SUBCERT );
+		    || k->pkt->pkttype == PKT_SECRET_SUBKEY );
-	    copy_secret_cert( skc, k->pkt->pkt.secret_cert );
+	    copy_secret_key( sk, k->pkt->pkt.secret_key );
 	    break; /* enumeration */
 	}
 	release_kbnode( keyblock );
@ -924,16 +924,16 @@ lookup_skc( PKT_secret_cert *skc, int mode,  u32 *keyid, const char *name )
 * Enumerate all secret keys.  Caller must use these procedure:
 *  1) create a void pointer and initialize it to NULL
 *  2) pass this void pointer by reference to this function
- *     and provide space for the secret key (pass a buffer for skc)
+ *     and provide space for the secret key (pass a buffer for sk)
 *  3) call this function as long as it does not return -1
 *     to indicate EOF.
- *  4) Always call this function a last time with SKC set to NULL,
+ *  4) Always call this function a last time with SK set to NULL,
 *     so that can free it's context.
 *
 * Return
 */
 int
-enum_secret_keys( void **context, PKT_secret_cert *skc )
+enum_secret_keys( void **context, PKT_secret_key *sk )
 {
    int rc=0;
    PACKET pkt;
@ -946,7 +946,7 @@ enum_secret_keys( void **context, PKT_secret_cert *skc )
 	c->sl = secret_keyrings;
    }
-    if( !skc ) { /* free the context */
+    if( !sk ) { /* free the context */
 	m_free( c );
 	*context = NULL;
 	return 0;
@ -968,9 +968,9 @@ enum_secret_keys( void **context, PKT_secret_cert *skc )
 	while( (rc=parse_packet(c->iobuf, &pkt)) != -1 ) {
 	    if( rc )
 		; /* e.g. unknown packet */
-	    else if( pkt.pkttype == PKT_SECRET_CERT
+	    else if( pkt.pkttype == PKT_SECRET_KEY
-		    || pkt.pkttype == PKT_SECKEY_SUBCERT ) {
+		    || pkt.pkttype == PKT_SECRET_SUBKEY ) {
-		copy_secret_cert( skc, pkt.pkt.secret_cert );
+		copy_secret_key( sk, pkt.pkt.secret_key );
 		set_packet_list_mode(save_mode);
 		return 0; /* found */
 	    }
--- a/g10/import.c
+++ b/g10/import.c
@ -38,9 +38,10 @@
 static int read_block( IOBUF a, compress_filter_context_t *cfx,
 			     PACKET **pending_pkt, KBNODE *ret_root );
 static int import_one( const char *fname, KBNODE keyblock );
 static int import_secret_one( const char *fname, KBNODE keyblock );
 static int import_revoke_cert( const char *fname, KBNODE node );
 static int chk_self_sigs( const char *fname, KBNODE keyblock,
-			  PKT_public_cert *pkc, u32 *keyid );
+			  PKT_public_key *pk, u32 *keyid );
 static int delete_inv_parts( const char *fname, KBNODE keyblock, u32 *keyid );
 static int merge_blocks( const char *fname, KBNODE keyblock_orig,
 			 KBNODE keyblock, u32 *keyid,
@ -83,7 +84,7 @@ static int merge_sigs( KBNODE dst, KBNODE src, int *n_sigs,
 *
 */
 int
-import_pubkeys( const char *fname )
+import_keys( const char *fname )
 {
    armor_filter_context_t afx;
    compress_filter_context_t cfx;
@ -108,8 +109,10 @@ import_pubkeys( const char *fname )
 	iobuf_push_filter( inp, armor_filter, &afx );
    while( !(rc = read_block( inp, &cfx, &pending_pkt, &keyblock) )) {
-	if( keyblock->pkt->pkttype == PKT_PUBLIC_CERT )
+	if( keyblock->pkt->pkttype == PKT_PUBLIC_KEY )
 	    rc = import_one( fname, keyblock );
 	else if( keyblock->pkt->pkttype == PKT_SECRET_KEY )
 	    rc = import_secret_one( fname, keyblock );
 	else if( keyblock->pkt->pkttype == PKT_SIGNATURE
 		 && keyblock->pkt->pkt.signature->sig_class == 0x20 )
 	    rc = import_revoke_cert( fname, keyblock );
@ -156,7 +159,9 @@ read_block( IOBUF a, compress_filter_context_t *cfx,
    init_packet(pkt);
    while( (rc=parse_packet(a, pkt)) != -1 ) {
 	if( rc ) {  /* ignore errors */
-	    if( rc != G10ERR_UNKNOWN_PACKET ) {
+	    if( rc == G10ERR_PUBKEY_ALGO )
 		parse_pubkey_warning( pkt );
 	    else if( rc != G10ERR_UNKNOWN_PACKET ) {
 		log_error("read_block: read error: %s\n", g10_errstr(rc) );
 		rc = G10ERR_INV_KEYRING;
 		goto ready;
@ -191,8 +196,8 @@ read_block( IOBUF a, compress_filter_context_t *cfx,
 	    break;
-	  case PKT_PUBLIC_CERT:
+	  case PKT_PUBLIC_KEY:
-	  case PKT_SECRET_CERT:
+	  case PKT_SECRET_KEY:
 	    if( in_cert ) { /* store this packet */
 		*pending_pkt = pkt;
 		pkt = NULL;
@ -234,8 +239,8 @@ read_block( IOBUF a, compress_filter_context_t *cfx,
 static int
 import_one( const char *fname, KBNODE keyblock )
 {
-    PKT_public_cert *pkc;
+    PKT_public_key *pk;
-    PKT_public_cert *pkc_orig;
+    PKT_public_key *pk_orig;
    KBNODE node, uidnode;
    KBNODE keyblock_orig = NULL;
    KBPOS kbpos;
@ -243,21 +248,19 @@ import_one( const char *fname, KBNODE keyblock )
    int rc = 0;
    /* get the key and print some info about it */
-    node = find_kbnode( keyblock, PKT_PUBLIC_CERT );
+    node = find_kbnode( keyblock, PKT_PUBLIC_KEY );
-    if( !node ) {
+    if( !node )
-	log_error("%s: Oops; public key not found anymore!\n", fname);
+	BUG();
 	return G10ERR_GENERAL; /* really serious */
    }
-    pkc = node->pkt->pkt.public_cert;
+    pk = node->pkt->pkt.public_key;
-    keyid_from_pkc( pkc, keyid );
+    keyid_from_pk( pk, keyid );
    uidnode = find_next_kbnode( keyblock, PKT_USER_ID );
    if( opt.verbose ) {
 	log_info("%s: pub  %4u%c/%08lX %s   ", fname,
-		  nbits_from_pkc( pkc ),
+		  nbits_from_pk( pk ),
-		  pubkey_letter( pkc->pubkey_algo ),
+		  pubkey_letter( pk->pubkey_algo ),
-		  (ulong)keyid[1], datestr_from_pkc(pkc) );
+		  (ulong)keyid[1], datestr_from_pk(pk) );
 	if( uidnode )
 	    print_string( stderr, uidnode->pkt->pkt.user_id->name,
 				  uidnode->pkt->pkt.user_id->len, 0 );
@ -269,7 +272,7 @@ import_one( const char *fname, KBNODE keyblock )
    }
    clear_kbnode_flags( keyblock );
-    rc = chk_self_sigs( fname, keyblock , pkc, keyid );
+    rc = chk_self_sigs( fname, keyblock , pk, keyid );
    if( rc )
 	return rc== -1? 0:rc;
@ -280,8 +283,8 @@ import_one( const char *fname, KBNODE keyblock )
    }
    /* do we have this key already in one of our pubrings ? */
-    pkc_orig = m_alloc_clear( sizeof *pkc_orig );
+    pk_orig = m_alloc_clear( sizeof *pk_orig );
-    rc = get_pubkey( pkc_orig, keyid );
+    rc = get_pubkey( pk_orig, keyid );
    if( rc && rc != G10ERR_NO_PUBKEY ) {
 	log_error("%s: key %08lX, public key not found: %s\n",
 				fname, (ulong)keyid[1], g10_errstr(rc));
@ -310,7 +313,7 @@ import_one( const char *fname, KBNODE keyblock )
 	/* Compare the original against the new key; just to be sure nothing
 	 * weird is going on */
-	if( cmp_public_certs( pkc_orig, pkc ) ) {
+	if( cmp_public_keys( pk_orig, pk ) ) {
 	    log_error("%s: key %08lX, doesn't match our copy\n",
 						    fname, (ulong)keyid[1]);
 	    rc = G10ERR_GENERAL;
@ -321,7 +324,7 @@ import_one( const char *fname, KBNODE keyblock )
 	 * ask the user what to do. <--- fixme */
 	/* now read the original keyblock */
-	rc = find_keyblock_bypkc( &kbpos, pkc_orig );
+	rc = find_keyblock_bypk( &kbpos, pk_orig );
 	if( rc ) {
 	    log_error("%s: key %08lX, can't locate original keyblock: %s\n",
 				     fname, (ulong)keyid[1], g10_errstr(rc));
@ -379,7 +382,80 @@ import_one( const char *fname, KBNODE keyblock )
  leave:
    release_kbnode( keyblock_orig );
-    free_public_cert( pkc_orig );
+    free_public_key( pk_orig );
    return rc;
 }
 /****************
 * Ditto for secret keys.  Handling is simpler than for public keys.
 */
 static int
 import_secret_one( const char *fname, KBNODE keyblock )
 {
    PKT_secret_key *sk;
    KBNODE node, uidnode;
    KBNODE keyblock_orig = NULL;
    KBPOS kbpos;
    u32 keyid[2];
    int rc = 0;
    /* get the key and print some info about it */
    node = find_kbnode( keyblock, PKT_SECRET_KEY );
    if( !node )
 	BUG();
    sk = node->pkt->pkt.secret_key;
    keyid_from_sk( sk, keyid );
    uidnode = find_next_kbnode( keyblock, PKT_USER_ID );
    if( opt.verbose ) {
 	log_info("%s: sec  %4u%c/%08lX %s   ", fname,
 		  nbits_from_sk( sk ),
 		  pubkey_letter( sk->pubkey_algo ),
 		  (ulong)keyid[1], datestr_from_sk(sk) );
 	if( uidnode )
 	    print_string( stderr, uidnode->pkt->pkt.user_id->name,
 				  uidnode->pkt->pkt.user_id->len, 0 );
 	putc('\n', stderr);
    }
    if( !uidnode ) {
 	log_error("%s: No user id for key %08lX\n", fname, (ulong)keyid[1]);
 	return 0;
    }
    clear_kbnode_flags( keyblock );
    /* do we have this key already in one of our secrings ? */
    rc = seckey_available( keyid );
    if( rc == G10ERR_NO_SECKEY ) { /* simply insert this key */
 	/* get default resource */
 	if( get_keyblock_handle( NULL, 1, &kbpos ) ) {
 	    log_error("no default secret keyring\n");
 	    return G10ERR_GENERAL;
 	}
 	if( opt.verbose > 1 )
 	    log_info("%s: writing to '%s'\n",
 				fname, keyblock_resource_name(&kbpos) );
 	if( (rc=lock_keyblock( &kbpos )) )
 	    log_error("can't lock secret keyring '%s': %s\n",
 			     keyblock_resource_name(&kbpos), g10_errstr(rc) );
 	else if( (rc=insert_keyblock( &kbpos, keyblock )) )
 	    log_error("%s: can't write to '%s': %s\n", fname,
 			     keyblock_resource_name(&kbpos), g10_errstr(rc) );
 	unlock_keyblock( &kbpos );
 	/* we are ready */
 	log_info("%s: key %08lX imported\n", fname, (ulong)keyid[1]);
    }
    else if( !rc ) { /* we can't merge secret keys */
 	log_error("%s: key %08lX already in secret keyring\n",
 						fname, (ulong)keyid[1]);
    }
    else
 	log_error("%s: key %08lX, secret key not found: %s\n",
 				fname, (ulong)keyid[1], g10_errstr(rc));
    release_kbnode( keyblock_orig );
    return rc;
 }
@ -390,7 +466,7 @@ import_one( const char *fname, KBNODE keyblock )
 static int
 import_revoke_cert( const char *fname, KBNODE node )
 {
-    PKT_public_cert *pkc=NULL;
+    PKT_public_key *pk=NULL;
    KBNODE onode, keyblock = NULL;
    KBPOS kbpos;
    u32 keyid[2];
@ -403,8 +479,8 @@ import_revoke_cert( const char *fname, KBNODE node )
    keyid[0] = node->pkt->pkt.signature->keyid[0];
    keyid[1] = node->pkt->pkt.signature->keyid[1];
-    pkc = m_alloc_clear( sizeof *pkc );
+    pk = m_alloc_clear( sizeof *pk );
-    rc = get_pubkey( pkc, keyid );
+    rc = get_pubkey( pk, keyid );
    if( rc == G10ERR_NO_PUBKEY ) {
 	log_info("%s: key %08lX, no public key - "
 		 "can't apply revocation certificate\n",
@ -419,7 +495,7 @@ import_revoke_cert( const char *fname, KBNODE node )
    }
    /* read the original keyblock */
-    rc = find_keyblock_bypkc( &kbpos, pkc );
+    rc = find_keyblock_bypk( &kbpos, pk );
    if( rc ) {
 	log_error("%s: key %08lX, can't locate original keyblock: %s\n",
 				 fname, (ulong)keyid[1], g10_errstr(rc));
@ -478,7 +554,7 @@ import_revoke_cert( const char *fname, KBNODE node )
  leave:
    release_kbnode( keyblock );
-    free_public_cert( pkc );
+    free_public_key( pk );
    return rc;
 }
@ -490,7 +566,7 @@ import_revoke_cert( const char *fname, KBNODE node )
 */
 static int
 chk_self_sigs( const char *fname, KBNODE keyblock,
-	       PKT_public_cert *pkc, u32 *keyid )
+	       PKT_public_key *pk, u32 *keyid )
 {
    KBNODE n, unode;
    PKT_signature *sig;
--- a/g10/kbnode.c
+++ b/g10/kbnode.c
@ -150,13 +150,13 @@ find_next_kbnode( KBNODE node, int pkttype )
 	if( !pkttype )
 	    return node;
 	else if( pkttype == PKT_USER_ID
-		 && (	node->pkt->pkttype == PKT_PUBLIC_CERT
+		 && (	node->pkt->pkttype == PKT_PUBLIC_KEY
-		     || node->pkt->pkttype == PKT_SECRET_CERT ) )
+		     || node->pkt->pkttype == PKT_SECRET_KEY ) )
 	    return NULL;
 	else if( pkttype == PKT_SIGNATURE
 		 && (	node->pkt->pkttype == PKT_USER_ID
-		     || node->pkt->pkttype == PKT_PUBLIC_CERT
+		     || node->pkt->pkttype == PKT_PUBLIC_KEY
-		     || node->pkt->pkttype == PKT_SECRET_CERT ) )
+		     || node->pkt->pkttype == PKT_SECRET_KEY ) )
 	    return NULL;
 	else if( node->pkt->pkttype == pkttype )
 	    return node;
@ -248,14 +248,14 @@ dump_kbnode( KBNODE node )
 	const char *s;
 	switch( node->pkt->pkttype ) {
 	  case 0:		s="empty"; break;
-	  case PKT_PUBLIC_CERT: s="public-key"; break;
+	  case PKT_PUBLIC_KEY:	s="public-key"; break;
-	  case PKT_SECRET_CERT: s="secret-key"; break;
+	  case PKT_SECRET_KEY:	s="secret-key"; break;
-	  case PKT_SECKEY_SUBCERT:  s= "secret-subkey"; break;
+	  case PKT_SECRET_SUBKEY: s= "secret-subkey"; break;
 	  case PKT_PUBKEY_ENC:	s="public-enc"; break;
 	  case PKT_SIGNATURE:	s="signature"; break;
 	  case PKT_ONEPASS_SIG: s="onepass-sig"; break;
 	  case PKT_USER_ID:	s="user-id"; break;
-	  case PKT_PUBKEY_SUBCERT: s="public-subkey"; break;
+	  case PKT_PUBLIC_SUBKEY: s="public-subkey"; break;
 	  case PKT_COMMENT:	s="comment"; break;
 	  case PKT_RING_TRUST:	s="trust"; break;
 	  case PKT_PLAINTEXT:	s="plaintext"; break;
@ -275,10 +275,10 @@ dump_kbnode( KBNODE node )
 	    fprintf(stderr, "  keyid=%08lX\n",
 		   (ulong)node->pkt->pkt.signature->keyid[1] );
 	}
-	else if( node->pkt->pkttype == PKT_PUBLIC_CERT
+	else if( node->pkt->pkttype == PKT_PUBLIC_KEY
-		 || node->pkt->pkttype == PKT_PUBKEY_SUBCERT ) {
+		 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
 	    fprintf(stderr, "  keyid=%08lX\n", (ulong)
-		  keyid_from_pkc( node->pkt->pkt.public_cert, NULL ));
+		  keyid_from_pk( node->pkt->pkt.public_key, NULL ));
 	}
 	else
 	    fputs("\n", stderr);
--- a/g10/keydb.h
+++ b/g10/keydb.h
@ -58,18 +58,18 @@ struct keyblock_pos_struct {
 typedef struct keyblock_pos_struct KBPOS;
 /* structure to hold a couple of public key certificates */
-typedef struct pkc_list *PKC_LIST;
+typedef struct pk_list *PK_LIST;
-struct pkc_list {
+struct pk_list {
-    PKC_LIST next;
+    PK_LIST next;
-    PKT_public_cert *pkc;
+    PKT_public_key *pk;
    int mark;
 };
 /* structure to hold a couple of secret key certificates */
-typedef struct skc_list *SKC_LIST;
+typedef struct sk_list *SK_LIST;
-struct skc_list {
+struct sk_list {
-    SKC_LIST next;
+    SK_LIST next;
-    PKT_secret_cert *skc;
+    PKT_secret_key *sk;
    int mark;
 };
@ -86,12 +86,12 @@ struct pubkey_find_info {
 /*-- pkclist.c --*/
-void release_pkc_list( PKC_LIST pkc_list );
+void release_pk_list( PK_LIST pk_list );
-int  build_pkc_list( STRLIST remusr, PKC_LIST *ret_pkc_list, unsigned usage );
+int  build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned usage );
 /*-- skclist.c --*/
-void release_skc_list( SKC_LIST skc_list );
+void release_sk_list( SK_LIST sk_list );
-int  build_skc_list( STRLIST locusr, SKC_LIST *ret_skc_list,
+int  build_sk_list( STRLIST locusr, SK_LIST *ret_sk_list,
 					    int unlock, unsigned usage );
 /*-- passphrase.h --*/
@ -106,29 +106,29 @@ void add_keyring( const char *name );
 const char *get_keyring( int sequence );
 const char *get_secret_keyring( int sequence );
 void add_secret_keyring( const char *name );
-int get_pubkey( PKT_public_cert *pkc, u32 *keyid );
+int get_pubkey( PKT_public_key *pk, u32 *keyid );
-int get_pubkey_byname( PKT_public_cert *pkc, const char *name );
+int get_pubkey_byname( PKT_public_key *pk, const char *name );
-int get_seckey( PKT_secret_cert *skc, u32 *keyid );
+int get_seckey( PKT_secret_key *sk, u32 *keyid );
 int get_keyblock_byfprint( KBNODE *ret_keyblock, const byte *fprint,
 						 size_t fprint_len );
 int seckey_available( u32 *keyid );
-int get_seckey_byname( PKT_secret_cert *skc, const char *name, int unlock );
+int get_seckey_byname( PKT_secret_key *sk, const char *name, int unlock );
-int enum_secret_keys( void **context, PKT_secret_cert *skc );
+int enum_secret_keys( void **context, PKT_secret_key *sk );
 char*get_user_id_string( u32 *keyid );
 char*get_user_id( u32 *keyid, size_t *rn );
 /*-- keyid.c --*/
 int pubkey_letter( int algo );
-u32 keyid_from_skc( PKT_secret_cert *skc, u32 *keyid );
+u32 keyid_from_sk( PKT_secret_key *sk, u32 *keyid );
-u32 keyid_from_pkc( PKT_public_cert *pkc, u32 *keyid );
+u32 keyid_from_pk( PKT_public_key *pk, u32 *keyid );
 u32 keyid_from_sig( PKT_signature *sig, u32 *keyid );
-unsigned nbits_from_pkc( PKT_public_cert *pkc );
+unsigned nbits_from_pk( PKT_public_key *pk );
-unsigned nbits_from_skc( PKT_secret_cert *skc );
+unsigned nbits_from_sk( PKT_secret_key *sk );
-const char *datestr_from_pkc( PKT_public_cert *pkc );
+const char *datestr_from_pk( PKT_public_key *pk );
-const char *datestr_from_skc( PKT_secret_cert *skc );
+const char *datestr_from_sk( PKT_secret_key *sk );
 const char *datestr_from_sig( PKT_signature *sig );
-byte *fingerprint_from_skc( PKT_secret_cert *skc, size_t *ret_len );
+byte *fingerprint_from_sk( PKT_secret_key *sk, size_t *ret_len );
-byte *fingerprint_from_pkc( PKT_public_cert *pkc, size_t *ret_len );
+byte *fingerprint_from_pk( PKT_public_key *pk, size_t *ret_len );
 /*-- kbnode.c --*/
 KBNODE new_kbnode( PACKET *pkt );
@ -150,7 +150,7 @@ const char *keyblock_resource_name( KBPOS *kbpos );
 int get_keyblock_handle( const char *filename, int secret, KBPOS *kbpos );
 int find_keyblock( PUBKEY_FIND_INFO info, KBPOS *kbpos );
 int find_keyblock_byname( KBPOS *kbpos, const char *username );
-int find_keyblock_bypkc( KBPOS *kbpos, PKT_public_cert *pkc );
+int find_keyblock_bypk( KBPOS *kbpos, PKT_public_key *pk );
 int find_secret_keyblock_byname( KBPOS *kbpos, const char *username );
 int lock_keyblock( KBPOS *kbpos );
 void unlock_keyblock( KBPOS *kbpos );
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@ -40,12 +40,12 @@
 static void
-show_fingerprint( PKT_public_cert *pkc )
+show_fingerprint( PKT_public_key *pk )
 {
    byte *array, *p;
    size_t i, n;
-    p = array = fingerprint_from_pkc( pkc, &n );
+    p = array = fingerprint_from_pk( pk, &n );
    tty_printf("             Fingerprint:");
    if( n == 20 ) {
 	for(i=0; i < n ; i++, i++, p += 2 ) {
@ -70,20 +70,20 @@ show_fingerprint( PKT_public_cert *pkc )
 * Ask whether the user is willing to sign the key. Return true if so.
 */
 static int
-sign_it_p( PKT_public_cert *pkc, PKT_user_id *uid )
+sign_it_p( PKT_public_key *pk, PKT_user_id *uid )
 {
    char *answer;
    int yes;
    tty_printf("\nAre you really sure that you want to sign this key:\n\n"
 	       "%4u%c/%08lX %s ",
-	      nbits_from_pkc( pkc ),
+	      nbits_from_pk( pk ),
-	      pubkey_letter( pkc->pubkey_algo ),
+	      pubkey_letter( pk->pubkey_algo ),
-	      (ulong)keyid_from_pkc( pkc, NULL ),
+	      (ulong)keyid_from_pk( pk, NULL ),
-	      datestr_from_pkc( pkc )		    );
+	      datestr_from_pk( pk )		  );
    tty_print_string( uid->name, uid->len );
    tty_printf("\n");
-    show_fingerprint(pkc);
+    show_fingerprint(pk);
    tty_printf("\n");
    answer = tty_get("Sign this key? ");
    tty_kill_prompt();
@ -231,13 +231,13 @@ sign_key( const char *username, STRLIST locusr )
 {
    md_filter_context_t mfx;
    int rc = 0;
-    SKC_LIST skc_list = NULL;
+    SK_LIST sk_list = NULL;
-    SKC_LIST skc_rover = NULL;
+    SK_LIST sk_rover = NULL;
    KBNODE keyblock = NULL;
    KBNODE kbctx, node;
    KBPOS kbpos;
-    PKT_public_cert *pkc;
+    PKT_public_key *pk;
-    u32 pkc_keyid[2];
+    u32 pk_keyid[2];
    char *answer;
    memset( &mfx, 0, sizeof mfx);
@ -250,7 +250,7 @@ sign_key( const char *username, STRLIST locusr )
    }
    /* build a list of all signators */
-    rc=build_skc_list( locusr, &skc_list, 0, 1 );
+    rc=build_sk_list( locusr, &sk_list, 0, 1 );
    if( rc )
 	goto leave;
@ -263,23 +263,23 @@ sign_key( const char *username, STRLIST locusr )
    }
    /* get the keyid from the keyblock */
-    node = find_kbnode( keyblock, PKT_PUBLIC_CERT );
+    node = find_kbnode( keyblock, PKT_PUBLIC_KEY );
    if( !node ) {
 	log_error("Oops; public key not found anymore!\n");
 	rc = G10ERR_GENERAL;
 	goto leave;
    }
-    pkc = node->pkt->pkt.public_cert;
+    pk = node->pkt->pkt.public_key;
-    keyid_from_pkc( pkc, pkc_keyid );
+    keyid_from_pk( pk, pk_keyid );
    log_info("Checking signatures of this public key certificate:\n");
    tty_printf("pub  %4u%c/%08lX %s   ",
-	      nbits_from_pkc( pkc ),
+	      nbits_from_pk( pk ),
-	      pubkey_letter( pkc->pubkey_algo ),
+	      pubkey_letter( pk->pubkey_algo ),
-	      pkc_keyid[1], datestr_from_pkc(pkc) );
+	      pk_keyid[1], datestr_from_pk(pk) );
    {
 	size_t n;
-	char *p = get_user_id( pkc_keyid, &n );
+	char *p = get_user_id( pk_keyid, &n );
 	tty_print_string( p, n > 40? 40 : n );
 	m_free(p);
 	tty_printf("\n");
@ -292,35 +292,35 @@ sign_key( const char *username, STRLIST locusr )
 	    answer = tty_get("To you want to remove some of the invalid sigs? ");
 	    tty_kill_prompt();
 	    if( answer_is_yes(answer) )
-		remove_keysigs( keyblock, pkc_keyid, 0 );
+		remove_keysigs( keyblock, pk_keyid, 0 );
 	    m_free(answer);
 	}
    }
    /* check whether we it is possible to sign this key */
-    for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) {
+    for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
 	u32 akeyid[2];
-	keyid_from_skc( skc_rover->skc, akeyid );
+	keyid_from_sk( sk_rover->sk, akeyid );
 	for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) {
 	    if( node->pkt->pkttype == PKT_USER_ID )
-		skc_rover->mark = 1;
+		sk_rover->mark = 1;
 	    else if( node->pkt->pkttype == PKT_SIGNATURE
 		&& (node->pkt->pkt.signature->sig_class&~3) == 0x10 ) {
 		if( akeyid[0] == node->pkt->pkt.signature->keyid[0]
 		    && akeyid[1] == node->pkt->pkt.signature->keyid[1] ) {
 		    log_info("Already signed by keyid %08lX\n",
 							(ulong)akeyid[1] );
-		    skc_rover->mark = 0;
+		    sk_rover->mark = 0;
 		}
 	    }
 	}
    }
-    for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) {
+    for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
-	if( skc_rover->mark )
+	if( sk_rover->mark )
 	    break;
    }
-    if( !skc_rover ) {
+    if( !sk_rover ) {
 	log_info("Nothing to sign\n");
 	goto leave;
    }
@ -334,19 +334,19 @@ sign_key( const char *username, STRLIST locusr )
     * no, present each user-id in turn and ask which one should be signed
     * (only one) - if there is already a single-user-sig, do nothing.
     * (this is propably already out in the world) */
-    for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) {
+    for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
-	if( !skc_rover->mark )
+	if( !sk_rover->mark )
 	    continue;
 	for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) {
 	    if( node->pkt->pkttype == PKT_USER_ID ) {
-		if( sign_it_p( pkc, node->pkt->pkt.user_id ) ) {
+		if( sign_it_p( pk, node->pkt->pkt.user_id ) ) {
 		    PACKET *pkt;
 		    PKT_signature *sig;
-		    rc = make_keysig_packet( &sig, pkc,
+		    rc = make_keysig_packet( &sig, pk,
 						   node->pkt->pkt.user_id,
 						   NULL,
-						   skc_rover->skc,
+						   sk_rover->sk,
 						   0x10, 0, NULL, NULL );
 		    if( rc ) {
 			log_error("make_keysig_packet failed: %s\n", g10_errstr(rc));
@ -370,7 +370,7 @@ sign_key( const char *username, STRLIST locusr )
  leave:
    release_kbnode( keyblock );
-    release_skc_list( skc_list );
+    release_sk_list( sk_list );
    md_close( mfx.md );
    return rc;
 }
@ -384,8 +384,8 @@ edit_keysigs( const char *username )
    KBNODE keyblock = NULL;
    KBNODE node;
    KBPOS kbpos;
-    PKT_public_cert *pkc;
+    PKT_public_key *pk;
-    u32 pkc_keyid[2];
+    u32 pk_keyid[2];
    /* search the userid */
    rc = find_keyblock_byname( &kbpos, username );
@ -402,23 +402,23 @@ edit_keysigs( const char *username )
    }
    /* get the keyid from the keyblock */
-    node = find_kbnode( keyblock, PKT_PUBLIC_CERT );
+    node = find_kbnode( keyblock, PKT_PUBLIC_KEY );
    if( !node ) {
 	log_error("Oops; public key not found anymore!\n");
 	rc = G10ERR_GENERAL;
 	goto leave;
    }
-    pkc = node->pkt->pkt.public_cert;
+    pk = node->pkt->pkt.public_key;
-    keyid_from_pkc( pkc, pkc_keyid );
+    keyid_from_pk( pk, pk_keyid );
    log_info("Checking signatures of this public key certificate:\n");
    tty_printf("pub  %4u%c/%08lX %s   ",
-	      nbits_from_pkc( pkc ),
+	      nbits_from_pk( pk ),
-	      pubkey_letter( pkc->pubkey_algo ),
+	      pubkey_letter( pk->pubkey_algo ),
-	      pkc_keyid[1], datestr_from_pkc(pkc) );
+	      pk_keyid[1], datestr_from_pk(pk) );
    {
 	size_t n;
-	char *p = get_user_id( pkc_keyid, &n );
+	char *p = get_user_id( pk_keyid, &n );
 	tty_print_string( p, n > 40? 40 : n );
 	m_free(p);
 	tty_printf("\n");
@ -426,7 +426,7 @@ edit_keysigs( const char *username )
    clear_kbnode_flags( keyblock );
    check_all_keysigs( keyblock );
-    if( remove_keysigs( keyblock, pkc_keyid, 1 ) ) {
+    if( remove_keysigs( keyblock, pk_keyid, 1 ) ) {
 	rc = update_keyblock( &kbpos, keyblock );
 	if( rc ) {
 	    log_error("update_keyblock failed: %s\n", g10_errstr(rc) );
@ -450,8 +450,8 @@ delete_key( const char *username, int secret )
    KBNODE keyblock = NULL;
    KBNODE node;
    KBPOS kbpos;
-    PKT_public_cert *pkc = NULL;
+    PKT_public_key *pk = NULL;
-    PKT_secret_cert *skc = NULL;
+    PKT_secret_key *sk = NULL;
    u32 keyid[2];
    int okay=0;
@ -471,7 +471,7 @@ delete_key( const char *username, int secret )
    }
    /* get the keyid from the keyblock */
-    node = find_kbnode( keyblock, secret? PKT_SECRET_CERT:PKT_PUBLIC_CERT );
+    node = find_kbnode( keyblock, secret? PKT_SECRET_KEY:PKT_PUBLIC_KEY );
    if( !node ) {
 	log_error("Oops; key not found anymore!\n");
 	rc = G10ERR_GENERAL;
@ -479,12 +479,12 @@ delete_key( const char *username, int secret )
    }
    if( secret ) {
-	skc = node->pkt->pkt.secret_cert;
+	sk = node->pkt->pkt.secret_key;
-	keyid_from_skc( skc, keyid );
+	keyid_from_sk( sk, keyid );
    }
    else {
-	pkc = node->pkt->pkt.public_cert;
+	pk = node->pkt->pkt.public_key;
-	keyid_from_pkc( pkc, keyid );
+	keyid_from_pk( pk, keyid );
 	rc = seckey_available( keyid );
 	if( !rc ) {
 	    log_error(_(
@ -513,14 +513,14 @@ delete_key( const char *username, int secret )
 	if( secret )
 	    tty_printf("sec  %4u%c/%08lX %s   ",
-		      nbits_from_skc( skc ),
+		      nbits_from_sk( sk ),
-		      pubkey_letter( skc->pubkey_algo ),
+		      pubkey_letter( sk->pubkey_algo ),
-		      keyid[1], datestr_from_skc(skc) );
+		      keyid[1], datestr_from_sk(sk) );
 	else
 	    tty_printf("pub  %4u%c/%08lX %s   ",
-		      nbits_from_pkc( pkc ),
+		      nbits_from_pk( pk ),
-		      pubkey_letter( pkc->pubkey_algo ),
+		      pubkey_letter( pk->pubkey_algo ),
-		      keyid[1], datestr_from_pkc(pkc) );
+		      keyid[1], datestr_from_pk(pk) );
 	p = get_user_id( keyid, &n );
 	tty_print_string( p, n );
 	m_free(p);
@ -564,7 +564,7 @@ change_passphrase( const char *username )
    KBNODE keyblock = NULL;
    KBNODE node;
    KBPOS kbpos;
-    PKT_secret_cert *skc;
+    PKT_secret_key *sk;
    u32 keyid[2];
    char *answer;
    int changed=0;
@ -585,19 +585,19 @@ change_passphrase( const char *username )
    }
    /* get the keyid from the keyblock */
-    node = find_kbnode( keyblock, PKT_SECRET_CERT );
+    node = find_kbnode( keyblock, PKT_SECRET_KEY );
    if( !node ) {
 	log_error("Oops; secret key not found anymore!\n");
 	rc = G10ERR_GENERAL;
 	goto leave;
    }
-    skc = node->pkt->pkt.secret_cert;
+    sk = node->pkt->pkt.secret_key;
-    keyid_from_skc( skc, keyid );
+    keyid_from_sk( sk, keyid );
    tty_printf("sec  %4u%c/%08lX %s   ",
-	      nbits_from_skc( skc ),
+	      nbits_from_sk( sk ),
-	      pubkey_letter( skc->pubkey_algo ),
+	      pubkey_letter( sk->pubkey_algo ),
-	      keyid[1], datestr_from_skc(skc) );
+	      keyid[1], datestr_from_sk(sk) );
    {
 	size_t n;
 	char *p = get_user_id( keyid, &n );
@ -606,18 +606,18 @@ change_passphrase( const char *username )
 	tty_printf("\n");
    }
    for(node=keyblock; node; node = node->next ) {
-	if( node->pkt->pkttype == PKT_SECKEY_SUBCERT ) {
+	if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
-	    PKT_secret_cert *subskc = node->pkt->pkt.secret_cert;
+	    PKT_secret_key *subsk = node->pkt->pkt.secret_key;
-	    keyid_from_skc( subskc, keyid );
+	    keyid_from_sk( subsk, keyid );
 	    tty_printf("sub  %4u%c/%08lX %s\n",
-		      nbits_from_skc( subskc ),
+		      nbits_from_sk( subsk ),
-		      pubkey_letter( subskc->pubkey_algo ),
+		      pubkey_letter( subsk->pubkey_algo ),
-		      keyid[1], datestr_from_skc(subskc) );
+		      keyid[1], datestr_from_sk(subsk) );
 	}
    }
    clear_kbnode_flags( keyblock );
-    switch( is_secret_key_protected( skc ) ) {
+    switch( is_secret_key_protected( sk ) ) {
      case -1:
 	rc = G10ERR_PUBKEY_ALGO;
 	break;
@ -626,7 +626,7 @@ change_passphrase( const char *username )
 	break;
      default:
 	tty_printf("Key is protected.\n");
-	rc = check_secret_key( skc );
+	rc = check_secret_key( sk );
 	if( !rc )
 	    passphrase = get_last_passphrase();
 	break;
@ -634,10 +634,10 @@ change_passphrase( const char *username )
    /* unprotect all subkeys (use the supplied passphrase or ask)*/
    for(node=keyblock; node; node = node->next ) {
-	if( node->pkt->pkttype == PKT_SECKEY_SUBCERT ) {
+	if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
-	    PKT_secret_cert *subskc = node->pkt->pkt.secret_cert;
+	    PKT_secret_key *subsk = node->pkt->pkt.secret_key;
 	    set_next_passphrase( passphrase );
-	    rc = check_secret_key( subskc );
+	    rc = check_secret_key( subsk );
 	    if( rc )
 		break;
 	}
@ -671,15 +671,15 @@ change_passphrase( const char *username )
 		break;
 	    }
 	    else { /* okay */
-		skc->protect.algo = dek->algo;
+		sk->protect.algo = dek->algo;
-		skc->protect.s2k = *s2k;
+		sk->protect.s2k = *s2k;
-		rc = protect_secret_key( skc, dek );
+		rc = protect_secret_key( sk, dek );
 		for(node=keyblock; !rc && node; node = node->next ) {
-		    if( node->pkt->pkttype == PKT_SECKEY_SUBCERT ) {
+		    if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
-			PKT_secret_cert *subskc = node->pkt->pkt.secret_cert;
+			PKT_secret_key *subsk = node->pkt->pkt.secret_key;
-			subskc->protect.algo = dek->algo;
+			subsk->protect.algo = dek->algo;
-			subskc->protect.s2k = *s2k;
+			subsk->protect.s2k = *s2k;
-			rc = protect_secret_key( subskc, dek );
+			rc = protect_secret_key( subsk, dek );
 		    }
 		}
 		if( rc )
@ -717,9 +717,9 @@ change_passphrase( const char *username )
 * If digest_algo is 0 the function selects an appropriate one.
 */
 int
-make_keysig_packet( PKT_signature **ret_sig, PKT_public_cert *pkc,
+make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
-		    PKT_user_id *uid, PKT_public_cert *subpkc,
+		    PKT_user_id *uid, PKT_public_key *subpk,
-		    PKT_secret_cert *skc,
+		    PKT_secret_key *sk,
 		    int sigclass, int digest_algo,
 		    int (*mksubpkt)(PKT_signature *, void *), void *opaque
 		   )
@ -731,7 +731,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_cert *pkc,
    assert( (sigclass >= 0x10 && sigclass <= 0x13)
 	    || sigclass == 0x20 || sigclass == 0x18 );
    if( !digest_algo ) {
-	switch( skc->pubkey_algo ) {
+	switch( sk->pubkey_algo ) {
 	  case PUBKEY_ALGO_DSA: digest_algo = DIGEST_ALGO_SHA1; break;
 	  case PUBKEY_ALGO_RSA_S:
 	  case PUBKEY_ALGO_RSA: digest_algo = DIGEST_ALGO_MD5; break;
@ -741,12 +741,12 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_cert *pkc,
    md = md_open( digest_algo, 0 );
    /* hash the public key certificate and the user id */
-    hash_public_cert( md, pkc );
+    hash_public_key( md, pk );
    if( sigclass == 0x18 ) { /* subkey binding */
-	hash_public_cert( md, subpkc );
+	hash_public_key( md, subpk );
    }
    else if( sigclass != 0x20 ) {
-	if( skc->version >=4 ) {
+	if( sk->version >=4 ) {
 	    byte buf[5];
 	    buf[0] = 0xb4;	      /* indicates a userid packet */
 	    buf[1] = uid->len >> 24;  /* always use 4 length bytes */
@ -759,9 +759,9 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_cert *pkc,
    }
    /* and make the signature packet */
    sig = m_alloc_clear( sizeof *sig );
-    sig->version = skc->version;
+    sig->version = sk->version;
-    keyid_from_skc( skc, sig->keyid );
+    keyid_from_sk( sk, sig->keyid );
-    sig->pubkey_algo = skc->pubkey_algo;
+    sig->pubkey_algo = sk->pubkey_algo;
    sig->digest_algo = digest_algo;
    sig->timestamp = make_timestamp();
    sig->sig_class = sigclass;
@ -807,7 +807,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_cert *pkc,
 	}
 	md_final(md);
-	rc = complete_sig( sig, skc, md );
+	rc = complete_sig( sig, sk, md );
    }
    md_close( md );
--- a/g10/keygen.c
+++ b/g10/keygen.c
@ -53,12 +53,12 @@ write_uid( KBNODE root, const char *s )
 static int
 add_key_expire( PKT_signature *sig, void *opaque )
 {
-    PKT_secret_cert *skc = opaque;
+    PKT_secret_key *sk = opaque;
    byte buf[8];
    u32  u;
-    if( skc->valid_days ) {
+    if( sk->valid_days ) {
-	u = skc->valid_days * 86400L;
+	u = sk->valid_days * 86400L;
 	buf[0] = (u >> 24) & 0xff;
 	buf[1] = (u >> 16) & 0xff;
 	buf[2] = (u >>	8) & 0xff;
@ -109,14 +109,14 @@ add_prefs( PKT_signature *sig, void *opaque )
 static int
-write_selfsig( KBNODE root, KBNODE pub_root, PKT_secret_cert *skc )
+write_selfsig( KBNODE root, KBNODE pub_root, PKT_secret_key *sk )
 {
    PACKET *pkt;
    PKT_signature *sig;
    PKT_user_id *uid;
    int rc=0;
    KBNODE node;
-    PKT_public_cert *pkc;
+    PKT_public_key *pk;
    if( opt.verbose )
 	log_info(_("writing self signature\n"));
@ -126,15 +126,15 @@ write_selfsig( KBNODE root, KBNODE pub_root, PKT_secret_cert *skc )
    if( !node )
 	BUG(); /* no user id packet in tree */
    uid = node->pkt->pkt.user_id;
-    /* get the pkc packet from the pub_tree */
+    /* get the pk packet from the pub_tree */
-    node = find_kbnode( pub_root, PKT_PUBLIC_CERT );
+    node = find_kbnode( pub_root, PKT_PUBLIC_KEY );
    if( !node )
 	BUG();
-    pkc = node->pkt->pkt.public_cert;
+    pk = node->pkt->pkt.public_key;
    /* and make the signature */
-    rc = make_keysig_packet( &sig, pkc, uid, NULL, skc, 0x13, 0,
+    rc = make_keysig_packet( &sig, pk, uid, NULL, sk, 0x13, 0,
-			     add_prefs, skc );
+			     add_prefs, sk );
    if( rc ) {
 	log_error("make_keysig_packet failed: %s\n", g10_errstr(rc) );
 	return rc;
@ -148,34 +148,34 @@ write_selfsig( KBNODE root, KBNODE pub_root, PKT_secret_cert *skc )
 }
 static int
-write_keybinding( KBNODE root, KBNODE pub_root, PKT_secret_cert *skc )
+write_keybinding( KBNODE root, KBNODE pub_root, PKT_secret_key *sk )
 {
    PACKET *pkt;
    PKT_signature *sig;
    int rc=0;
    KBNODE node;
-    PKT_public_cert *pkc, *subpkc;
+    PKT_public_key *pk, *subpk;
    if( opt.verbose )
 	log_info(_("writing key binding signature\n"));
-    /* get the pkc packet from the pub_tree */
+    /* get the pk packet from the pub_tree */
-    node = find_kbnode( pub_root, PKT_PUBLIC_CERT );
+    node = find_kbnode( pub_root, PKT_PUBLIC_KEY );
    if( !node )
 	BUG();
-    pkc = node->pkt->pkt.public_cert;
+    pk = node->pkt->pkt.public_key;
    /* find the last subkey */
-    subpkc = NULL;
+    subpk = NULL;
    for(node=pub_root; node; node = node->next ) {
-	if( node->pkt->pkttype == PKT_PUBKEY_SUBCERT )
+	if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
-	    subpkc = node->pkt->pkt.public_cert;
+	    subpk = node->pkt->pkt.public_key;
    }
-    if( !subpkc )
+    if( !subpk )
 	BUG();
    /* and make the signature */
-    rc = make_keysig_packet( &sig, pkc, NULL, subpkc, skc, 0x18, 0,
+    rc = make_keysig_packet( &sig, pk, NULL, subpk, sk, 0x18, 0,
-				    add_key_expire, skc );
+				    add_key_expire, sk );
    if( rc ) {
 	log_error("make_keysig_packet failed: %s\n", g10_errstr(rc) );
 	return rc;
@ -191,14 +191,14 @@ write_keybinding( KBNODE root, KBNODE pub_root, PKT_secret_cert *skc )
 static int
 gen_elg(int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
-	STRING2KEY *s2k, PKT_secret_cert **ret_skc, u16 valid_days,
+	STRING2KEY *s2k, PKT_secret_key **ret_sk, u16 valid_days,
 							int version )
 {
    int rc;
    int i;
    PACKET *pkt;
-    PKT_secret_cert *skc;
+    PKT_secret_key *sk;
-    PKT_public_cert *pkc;
+    PKT_public_key *pk;
    MPI skey[4];
    MPI *factors;
@ -209,48 +209,48 @@ gen_elg(int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
 	return rc;
    }
-    skc = m_alloc_clear( sizeof *skc );
+    sk = m_alloc_clear( sizeof *sk );
-    pkc = m_alloc_clear( sizeof *pkc );
+    pk = m_alloc_clear( sizeof *pk );
-    skc->timestamp = pkc->timestamp = make_timestamp();
+    sk->timestamp = pk->timestamp = make_timestamp();
-    skc->version = pkc->version = version;
+    sk->version = pk->version = version;
-    skc->valid_days = pkc->valid_days = valid_days;
+    sk->valid_days = pk->valid_days = valid_days;
-    skc->pubkey_algo = pkc->pubkey_algo = algo;
+    sk->pubkey_algo = pk->pubkey_algo = algo;
-		       pkc->pkey[0] = mpi_copy( skey[0] );
+		       pk->pkey[0] = mpi_copy( skey[0] );
-		       pkc->pkey[1] = mpi_copy( skey[1] );
+		       pk->pkey[1] = mpi_copy( skey[1] );
-		       pkc->pkey[2] = mpi_copy( skey[2] );
+		       pk->pkey[2] = mpi_copy( skey[2] );
-    skc->skey[0] = skey[0];
+    sk->skey[0] = skey[0];
-    skc->skey[1] = skey[1];
+    sk->skey[1] = skey[1];
-    skc->skey[2] = skey[2];
+    sk->skey[2] = skey[2];
-    skc->skey[3] = skey[3];
+    sk->skey[3] = skey[3];
-    skc->is_protected = 0;
+    sk->is_protected = 0;
-    skc->protect.algo = 0;
+    sk->protect.algo = 0;
-    skc->csum = checksum_mpi_counted_nbits( skc->skey[3] );
+    sk->csum = checksum_mpi_counted_nbits( sk->skey[3] );
-    if( ret_skc ) /* not a subkey: return an unprotected version of the skc */
+    if( ret_sk ) /* not a subkey: return an unprotected version of the sk */
-	*ret_skc = copy_secret_cert( NULL, skc );
+	*ret_sk = copy_secret_key( NULL, sk );
    if( dek ) {
-	skc->protect.algo = dek->algo;
+	sk->protect.algo = dek->algo;
-	skc->protect.s2k = *s2k;
+	sk->protect.s2k = *s2k;
-	rc = protect_secret_key( skc, dek );
+	rc = protect_secret_key( sk, dek );
 	if( rc ) {
 	    log_error("protect_secret_key failed: %s\n", g10_errstr(rc) );
-	    free_public_cert(pkc);
+	    free_public_key(pk);
-	    free_secret_cert(skc);
+	    free_secret_key(sk);
 	    return rc;
 	}
    }
    pkt = m_alloc_clear(sizeof *pkt);
-    pkt->pkttype = ret_skc ? PKT_PUBLIC_CERT : PKT_PUBKEY_SUBCERT;
+    pkt->pkttype = ret_sk ? PKT_PUBLIC_KEY : PKT_PUBLIC_SUBKEY;
-    pkt->pkt.public_cert = pkc;
+    pkt->pkt.public_key = pk;
    add_kbnode(pub_root, new_kbnode( pkt ));
    /* don't know whether it makes sense to have the factors, so for now
     * we store them in the secret keyring (but they are not secret) */
    pkt = m_alloc_clear(sizeof *pkt);
-    pkt->pkttype = ret_skc ? PKT_SECRET_CERT : PKT_SECKEY_SUBCERT;
+    pkt->pkttype = ret_sk ? PKT_SECRET_KEY : PKT_SECRET_SUBKEY;
-    pkt->pkt.secret_cert = skc;
+    pkt->pkt.secret_key = sk;
    add_kbnode(sec_root, new_kbnode( pkt ));
    for(i=0; factors[i]; i++ )
 	add_kbnode( sec_root,
@ -265,13 +265,13 @@ gen_elg(int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
 */
 static int
 gen_dsa(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
-	    STRING2KEY *s2k, PKT_secret_cert **ret_skc, u16 valid_days )
+	    STRING2KEY *s2k, PKT_secret_key **ret_sk, u16 valid_days )
 {
    int rc;
    int i;
    PACKET *pkt;
-    PKT_secret_cert *skc;
+    PKT_secret_key *sk;
-    PKT_public_cert *pkc;
+    PKT_public_key *pk;
    MPI skey[5];
    MPI *factors;
@ -284,43 +284,43 @@ gen_dsa(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
 	return rc;
    }
-    skc = m_alloc_clear( sizeof *skc );
+    sk = m_alloc_clear( sizeof *sk );
-    pkc = m_alloc_clear( sizeof *pkc );
+    pk = m_alloc_clear( sizeof *pk );
-    skc->timestamp = pkc->timestamp = make_timestamp();
+    sk->timestamp = pk->timestamp = make_timestamp();
-    skc->version = pkc->version = 4;
+    sk->version = pk->version = 4;
-    skc->valid_days = pkc->valid_days = valid_days;
+    sk->valid_days = pk->valid_days = valid_days;
-    skc->pubkey_algo = pkc->pubkey_algo = PUBKEY_ALGO_DSA;
+    sk->pubkey_algo = pk->pubkey_algo = PUBKEY_ALGO_DSA;
-		       pkc->pkey[0] = mpi_copy( skey[0] );
+		       pk->pkey[0] = mpi_copy( skey[0] );
-		       pkc->pkey[1] = mpi_copy( skey[1] );
+		       pk->pkey[1] = mpi_copy( skey[1] );
-		       pkc->pkey[2] = mpi_copy( skey[2] );
+		       pk->pkey[2] = mpi_copy( skey[2] );
-		       pkc->pkey[3] = mpi_copy( skey[3] );
+		       pk->pkey[3] = mpi_copy( skey[3] );
-    skc->skey[0] = skey[0];
+    sk->skey[0] = skey[0];
-    skc->skey[1] = skey[1];
+    sk->skey[1] = skey[1];
-    skc->skey[2] = skey[2];
+    sk->skey[2] = skey[2];
-    skc->skey[3] = skey[3];
+    sk->skey[3] = skey[3];
-    skc->skey[4] = skey[4];
+    sk->skey[4] = skey[4];
-    skc->is_protected = 0;
+    sk->is_protected = 0;
-    skc->protect.algo = 0;
+    sk->protect.algo = 0;
-    skc->csum = checksum_mpi_counted_nbits( skc->skey[4] );
+    sk->csum = checksum_mpi_counted_nbits( sk->skey[4] );
-    if( ret_skc ) /* not a subkey: return an unprotected version of the skc */
+    if( ret_sk ) /* not a subkey: return an unprotected version of the sk */
-	*ret_skc = copy_secret_cert( NULL, skc );
+	*ret_sk = copy_secret_key( NULL, sk );
    if( dek ) {
-	skc->protect.algo = dek->algo;
+	sk->protect.algo = dek->algo;
-	skc->protect.s2k = *s2k;
+	sk->protect.s2k = *s2k;
-	rc = protect_secret_key( skc, dek );
+	rc = protect_secret_key( sk, dek );
 	if( rc ) {
 	    log_error("protect_secret_key failed: %s\n", g10_errstr(rc) );
-	    free_public_cert(pkc);
+	    free_public_key(pk);
-	    free_secret_cert(skc);
+	    free_secret_key(sk);
 	    return rc;
 	}
    }
    pkt = m_alloc_clear(sizeof *pkt);
-    pkt->pkttype = ret_skc ? PKT_PUBLIC_CERT : PKT_PUBKEY_SUBCERT;
+    pkt->pkttype = ret_sk ? PKT_PUBLIC_KEY : PKT_PUBLIC_SUBKEY;
-    pkt->pkt.public_cert = pkc;
+    pkt->pkt.public_key = pk;
    add_kbnode(pub_root, new_kbnode( pkt ));
    /* don't know whether it makes sense to have the factors, so for now
@ -330,8 +330,8 @@ gen_dsa(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
     * are known.
     */
    pkt = m_alloc_clear(sizeof *pkt);
-    pkt->pkttype = ret_skc ? PKT_SECRET_CERT : PKT_SECKEY_SUBCERT;
+    pkt->pkttype = ret_sk ? PKT_SECRET_KEY : PKT_SECRET_SUBKEY;
-    pkt->pkt.secret_cert = skc;
+    pkt->pkt.secret_key = sk;
    add_kbnode(sec_root, new_kbnode( pkt ));
    for(i=1; factors[i]; i++ )	/* the first one is q */
 	add_kbnode( sec_root,
@ -698,7 +698,7 @@ ask_passphrase( STRING2KEY **ret_s2k )
 static int
 do_create( int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root,
-	   DEK *dek, STRING2KEY *s2k, PKT_secret_cert **skc, int valid_days,
+	   DEK *dek, STRING2KEY *s2k, PKT_secret_key **sk, int valid_days,
 							     int v4_packet )
 {
    int rc=0;
@ -711,9 +711,9 @@ do_create( int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root,
    if( algo == PUBKEY_ALGO_ELGAMAL || algo == PUBKEY_ALGO_ELGAMAL_E )
 	rc = gen_elg(algo, nbits, pub_root, sec_root, dek, s2k,
-			   skc, valid_days, v4_packet? 4:3 );
+			   sk, valid_days, v4_packet? 4:3 );
    else if( algo == PUBKEY_ALGO_DSA )
-	rc = gen_dsa(nbits, pub_root, sec_root, dek, s2k, skc, valid_days);
+	rc = gen_dsa(nbits, pub_root, sec_root, dek, s2k, sk, valid_days);
    else
 	BUG();
    if( !rc ) {
@ -740,7 +740,7 @@ generate_keypair()
    char *uid = NULL;
    KBNODE pub_root = NULL;
    KBNODE sec_root = NULL;
-    PKT_secret_cert *skc = NULL;
+    PKT_secret_key *sk = NULL;
    DEK *dek;
    STRING2KEY *s2k;
    int rc;
@ -777,33 +777,33 @@ generate_keypair()
    /* we create the packets as a tree of kbnodes. Because the structure
     * we create is known in advance we simply generate a linked list
     * The first packet is a dummy comment packet which we flag
-     * as deleted.  The very first packet must always be a CERT packet.
+     * as deleted.  The very first packet must always be a KEY packet.
     */
    pub_root = make_comment_node("#"); delete_kbnode(pub_root);
    sec_root = make_comment_node("#"); delete_kbnode(sec_root);
    if( both )
 	rc = do_create( PUBKEY_ALGO_DSA, 1024, pub_root, sec_root,
-					       dek, s2k, &skc, ndays, 1);
+					       dek, s2k, &sk, ndays, 1);
    else
 	rc = do_create( algo,		nbits, pub_root, sec_root,
-					       dek, s2k, &skc, ndays, v4);
+					       dek, s2k, &sk, ndays, v4);
    if( !rc )
 	write_uid(pub_root, uid );
    if( !rc )
 	write_uid(sec_root, uid );
    if( !rc )
-	rc = write_selfsig(pub_root, pub_root, skc);
+	rc = write_selfsig(pub_root, pub_root, sk);
    if( !rc )
-	rc = write_selfsig(sec_root, pub_root, skc);
+	rc = write_selfsig(sec_root, pub_root, sk);
    if( both ) {
 	rc = do_create( algo, nbits, pub_root, sec_root,
 					  dek, s2k, NULL, ndays, 1 );
 	if( !rc )
-	    rc = write_keybinding(pub_root, pub_root, skc);
+	    rc = write_keybinding(pub_root, pub_root, sk);
 	if( !rc )
-	    rc = write_keybinding(sec_root, pub_root, skc);
+	    rc = write_keybinding(sec_root, pub_root, sk);
    }
@ -814,7 +814,6 @@ generate_keypair()
 	int rc2 = -1;
 	/* we can now write the certificates */
 	if( get_keyblock_handle( pub_fname, 0, &pub_kbpos ) ) {
 	    if( add_keyblock_resource( pub_fname, 1, 0 ) ) {
 		log_error("can add keyblock file '%s'\n", pub_fname );
@ -868,8 +867,8 @@ generate_keypair()
 	tty_printf(_("Key generation failed: %s\n"), g10_errstr(rc) );
    release_kbnode( pub_root );
    release_kbnode( sec_root );
-    if( skc ) /* the unprotected  secret certificate */
+    if( sk ) /* the unprotected  secret key */
-	free_secret_cert(skc);
+	free_secret_key(sk);
    m_free(uid);
    m_free(dek);
    m_free(s2k);
@ -889,7 +888,7 @@ generate_subkeypair( const char *username )
    KBNODE pub_keyblock = NULL;
    KBNODE sec_keyblock = NULL;
    KBNODE node;
-    PKT_secret_cert *skc = NULL; /* this is the primary skc */
+    PKT_secret_key *sk = NULL; /* this is the primary sk */
    u32 keyid[2];
    int v4, algo, ndays;
    unsigned nbits;
@ -926,21 +925,21 @@ generate_subkeypair( const char *username )
    }
    /* break out the primary key */
-    node = find_kbnode( sec_keyblock, PKT_SECRET_CERT );
+    node = find_kbnode( sec_keyblock, PKT_SECRET_KEY );
    if( !node ) {
 	log_error("Oops; secret key not found anymore!\n");
 	rc = G10ERR_GENERAL;
 	goto leave;
    }
-    /* make a copy of the skc to keep the protected one in the keyblock */
+    /* make a copy of the sk to keep the protected one in the keyblock */
-    skc = copy_secret_cert( NULL, node->pkt->pkt.secret_cert );
+    sk = copy_secret_key( NULL, node->pkt->pkt.secret_key );
-    keyid_from_skc( skc, keyid );
+    keyid_from_sk( sk, keyid );
    /* display primary and all secondary keys */
    tty_printf("sec  %4u%c/%08lX %s   ",
-	      nbits_from_skc( skc ),
+	      nbits_from_sk( sk ),
-	      pubkey_letter( skc->pubkey_algo ),
+	      pubkey_letter( sk->pubkey_algo ),
-	      keyid[1], datestr_from_skc(skc) );
+	      keyid[1], datestr_from_sk(sk) );
    {
 	size_t n;
 	char *p = get_user_id( keyid, &n );
@ -949,13 +948,13 @@ generate_subkeypair( const char *username )
 	tty_printf("\n");
    }
    for(node=sec_keyblock; node; node = node->next ) {
-	if( node->pkt->pkttype == PKT_SECKEY_SUBCERT ) {
+	if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
-	    PKT_secret_cert *subskc = node->pkt->pkt.secret_cert;
+	    PKT_secret_key *subsk = node->pkt->pkt.secret_key;
-	    keyid_from_skc( subskc, keyid );
+	    keyid_from_sk( subsk, keyid );
 	    tty_printf("sub  %4u%c/%08lX %s\n",
-		      nbits_from_skc( subskc ),
+		      nbits_from_sk( subsk ),
-		      pubkey_letter( subskc->pubkey_algo ),
+		      pubkey_letter( subsk->pubkey_algo ),
-		      keyid[1], datestr_from_skc(subskc) );
+		      keyid[1], datestr_from_sk(subsk) );
 	}
    }
    tty_printf("\n");
@ -963,7 +962,7 @@ generate_subkeypair( const char *username )
    /* unprotect to get the passphrase */
-    switch( is_secret_key_protected( skc ) ) {
+    switch( is_secret_key_protected( sk ) ) {
      case -1:
 	rc = G10ERR_PUBKEY_ALGO;
 	break;
@ -972,7 +971,7 @@ generate_subkeypair( const char *username )
 	break;
      default:
 	tty_printf("Key is protected.\n");
-	rc = check_secret_key( skc );
+	rc = check_secret_key( sk );
 	if( !rc )
 	    passphrase = get_last_passphrase();
 	break;
@ -997,9 +996,9 @@ generate_subkeypair( const char *username )
    rc = do_create( algo, nbits, pub_keyblock, sec_keyblock,
 				      dek, s2k, NULL, ndays, v4 );
    if( !rc )
-	rc = write_keybinding(pub_keyblock, pub_keyblock, skc);
+	rc = write_keybinding(pub_keyblock, pub_keyblock, sk);
    if( !rc )
-	rc = write_keybinding(sec_keyblock, pub_keyblock, skc);
+	rc = write_keybinding(sec_keyblock, pub_keyblock, sk);
    /* write back */
    if( !rc ) {
 	rc = update_keyblock( &pub_kbpos, pub_keyblock );
@ -1021,8 +1020,8 @@ generate_subkeypair( const char *username )
    m_free( passphrase );
    m_free( dek );
    m_free( s2k );
-    if( skc ) /* release the copy of the (now unprotected) secret key */
+    if( sk ) /* release the copy of the (now unprotected) secret key */
-	free_secret_cert(skc);
+	free_secret_key(sk);
    release_kbnode( sec_keyblock );
    release_kbnode( pub_keyblock );
    set_next_passphrase( NULL );
--- a/g10/keyid.c
+++ b/g10/keyid.c
@ -49,7 +49,7 @@ pubkey_letter( int algo )
 static MD_HANDLE
-do_fingerprint_md( PKT_public_cert *pkc )
+do_fingerprint_md( PKT_public_key *pk )
 {
    MD_HANDLE md;
    unsigned n;
@ -57,36 +57,36 @@ do_fingerprint_md( PKT_public_cert *pkc )
    unsigned nn[PUBKEY_MAX_NPKEY];
    byte *pp[PUBKEY_MAX_NPKEY];
    int i;
-    int npkey = pubkey_get_npkey( pkc->pubkey_algo );
+    int npkey = pubkey_get_npkey( pk->pubkey_algo );
-    md = md_open( pkc->version < 4 ? DIGEST_ALGO_RMD160 : DIGEST_ALGO_SHA1, 0);
+    md = md_open( pk->version < 4 ? DIGEST_ALGO_RMD160 : DIGEST_ALGO_SHA1, 0);
-    n = pkc->version < 4 ? 8 : 6;
+    n = pk->version < 4 ? 8 : 6;
    for(i=0; i < npkey; i++ ) {
-	nb[i] = mpi_get_nbits(pkc->pkey[i]);
+	nb[i] = mpi_get_nbits(pk->pkey[i]);
-	pp[i] = mpi_get_buffer( pkc->pkey[i], nn+i, NULL );
+	pp[i] = mpi_get_buffer( pk->pkey[i], nn+i, NULL );
 	n += 2 + nn[i];
    }
    md_putc( md, 0x99 );     /* ctb */
    md_putc( md, n >> 8 );   /* 2 byte length header */
    md_putc( md, n );
-    if( pkc->version < 4 )
+    if( pk->version < 4 )
 	md_putc( md, 3 );
    else
 	md_putc( md, 4 );
-    {	u32 a = pkc->timestamp;
+    {	u32 a = pk->timestamp;
 	md_putc( md, a >> 24 );
 	md_putc( md, a >> 16 );
 	md_putc( md, a >>  8 );
 	md_putc( md, a	     );
    }
-    if( pkc->version < 4 ) {
+    if( pk->version < 4 ) {
-	u16 a = pkc->valid_days;
+	u16 a = pk->valid_days;
 	md_putc( md, a >> 8 );
 	md_putc( md, a	    );
    }
-    md_putc( md, pkc->pubkey_algo );
+    md_putc( md, pk->pubkey_algo );
    for(i=0; i < npkey; i++ ) {
 	md_putc( md, nb[i]>>8);
 	md_putc( md, nb[i] );
@ -99,29 +99,29 @@ do_fingerprint_md( PKT_public_cert *pkc )
 }
 static MD_HANDLE
-do_fingerprint_md_skc( PKT_secret_cert *skc )
+do_fingerprint_md_sk( PKT_secret_key *sk )
 {
-    PKT_public_cert pkc;
+    PKT_public_key pk;
-    int npkey = pubkey_get_npkey( skc->pubkey_algo ); /* npkey is correct! */
+    int npkey = pubkey_get_npkey( sk->pubkey_algo ); /* npkey is correct! */
    int i;
-    pkc.pubkey_algo = skc->pubkey_algo;
+    pk.pubkey_algo = sk->pubkey_algo;
-    pkc.version     = skc->version;
+    pk.version	   = sk->version;
-    pkc.timestamp = skc->timestamp;
+    pk.timestamp = sk->timestamp;
-    pkc.valid_days = skc->valid_days;
+    pk.valid_days = sk->valid_days;
-    pkc.pubkey_algo = skc->pubkey_algo;
+    pk.pubkey_algo = sk->pubkey_algo;
    for( i=0; i < npkey; i++ )
-	pkc.pkey[i] = skc->skey[i];
+	pk.pkey[i] = sk->skey[i];
-    return do_fingerprint_md( &pkc );
+    return do_fingerprint_md( &pk );
 }
 /****************
- * Get the keyid from the secret key certificate and put it into keyid
+ * Get the keyid from the secret key and put it into keyid
 * if this is not NULL. Return the 32 low bits of the keyid.
 */
 u32
-keyid_from_skc( PKT_secret_cert *skc, u32 *keyid )
+keyid_from_sk( PKT_secret_key *sk, u32 *keyid )
 {
    u32 lowbits;
    u32 dummy_keyid[2];
@ -129,13 +129,13 @@ keyid_from_skc( PKT_secret_cert *skc, u32 *keyid )
    if( !keyid )
 	keyid = dummy_keyid;
-    if( skc->version < 4 && is_RSA(skc->pubkey_algo) ) {
+    if( sk->version < 4 && is_RSA(sk->pubkey_algo) ) {
-	lowbits = mpi_get_keyid( skc->skey[0], keyid ); /* take n */
+	lowbits = mpi_get_keyid( sk->skey[0], keyid ); /* take n */
    }
    else {
 	const byte *dp;
 	MD_HANDLE md;
-	md = do_fingerprint_md_skc(skc);
+	md = do_fingerprint_md_sk(sk);
 	dp = md_read( md, 0 );
 	keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ;
 	keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ;
@ -148,11 +148,11 @@ keyid_from_skc( PKT_secret_cert *skc, u32 *keyid )
 /****************
- * Get the keyid from the public key certificate and put it into keyid
+ * Get the keyid from the public key and put it into keyid
 * if this is not NULL. Return the 32 low bits of the keyid.
 */
 u32
-keyid_from_pkc( PKT_public_cert *pkc, u32 *keyid )
+keyid_from_pk( PKT_public_key *pk, u32 *keyid )
 {
    u32 lowbits;
    u32 dummy_keyid[2];
@ -160,13 +160,13 @@ keyid_from_pkc( PKT_public_cert *pkc, u32 *keyid )
    if( !keyid )
 	keyid = dummy_keyid;
-    if( pkc->version < 4 && is_RSA(pkc->pubkey_algo) ) {
+    if( pk->version < 4 && is_RSA(pk->pubkey_algo) ) {
-	lowbits = mpi_get_keyid( pkc->pkey[0], keyid ); /* from n */
+	lowbits = mpi_get_keyid( pk->pkey[0], keyid ); /* from n */
    }
    else {
 	const byte *dp;
 	MD_HANDLE md;
-	md = do_fingerprint_md(pkc);
+	md = do_fingerprint_md(pk);
 	dp = md_read( md, 0 );
 	keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ;
 	keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ;
@ -189,34 +189,34 @@ keyid_from_sig( PKT_signature *sig, u32 *keyid )
 }
 /****************
- * return the number of bits used in the pkc
+ * return the number of bits used in the pk
 */
 unsigned
-nbits_from_pkc( PKT_public_cert *pkc )
+nbits_from_pk( PKT_public_key *pk )
 {
-    return pubkey_nbits( pkc->pubkey_algo, pkc->pkey );
+    return pubkey_nbits( pk->pubkey_algo, pk->pkey );
 }
 /****************
- * return the number of bits used in the skc
+ * return the number of bits used in the sk
 */
 unsigned
-nbits_from_skc( PKT_secret_cert *skc )
+nbits_from_sk( PKT_secret_key *sk )
 {
-    return pubkey_nbits( skc->pubkey_algo, skc->skey );
+    return pubkey_nbits( sk->pubkey_algo, sk->skey );
 }
 /****************
- * return a string with the creation date of the pkc
+ * return a string with the creation date of the pk
 * Note: this is alloced in a static buffer.
 *    Format is: yyyy-mm-dd
 */
 const char *
-datestr_from_pkc( PKT_public_cert *pkc )
+datestr_from_pk( PKT_public_key *pk )
 {
    static char buffer[11+5];
    struct tm *tp;
-    time_t atime = pkc->timestamp;
+    time_t atime = pk->timestamp;
    tp = gmtime( &atime );
    sprintf(buffer,"%04d-%02d-%02d", 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday );
@ -224,11 +224,11 @@ datestr_from_pkc( PKT_public_cert *pkc )
 }
 const char *
-datestr_from_skc( PKT_secret_cert *skc )
+datestr_from_sk( PKT_secret_key *sk )
 {
    static char buffer[11+5];
    struct tm *tp;
-    time_t atime = skc->timestamp;
+    time_t atime = sk->timestamp;
    tp = gmtime( &atime );
    sprintf(buffer,"%04d-%02d-%02d", 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday );
@ -249,30 +249,28 @@ datestr_from_sig( PKT_signature *sig )
 /**************** .
- * Return a byte array with the fingerprint for the given PKC/SKC
+ * Return a byte array with the fingerprint for the given PK/SK
 * The length of the array is returned in ret_len. Caller must free
 * the array.
 */
 byte *
-fingerprint_from_pkc( PKT_public_cert *pkc, size_t *ret_len )
+fingerprint_from_pk( PKT_public_key *pk, size_t *ret_len )
 {
    byte *p, *buf, *array;
    const char *dp;
    size_t len;
    unsigned n;
-    if( pkc->version < 4 && is_RSA(pkc->pubkey_algo) ) {
+    if( pk->version < 4 && is_RSA(pk->pubkey_algo) ) {
 	/* RSA in version 3 packets is special */
 	MD_HANDLE md;
 	md = md_open( DIGEST_ALGO_MD5, 0);
-	p = buf = mpi_get_buffer( pkc->pkey[0], &n, NULL );
+	p = buf = mpi_get_buffer( pk->pkey[0], &n, NULL );
 	md_write( md, p, n );
 	m_free(buf);
-	p = buf = mpi_get_buffer( pkc->pkey[1], &n, NULL );
+	p = buf = mpi_get_buffer( pk->pkey[1], &n, NULL );
 	md_write( md, p, n );
 	m_free(buf);
 	md_final(md);
@ -283,7 +281,7 @@ fingerprint_from_pkc( PKT_public_cert *pkc, size_t *ret_len )
    }
    else {
 	MD_HANDLE md;
-	md = do_fingerprint_md(pkc);
+	md = do_fingerprint_md(pk);
 	dp = md_read( md, 0 );
 	len = md_digest_length( md_get_algo( md ) );
 	array = m_alloc( len );
@ -296,22 +294,22 @@ fingerprint_from_pkc( PKT_public_cert *pkc, size_t *ret_len )
 }
 byte *
-fingerprint_from_skc( PKT_secret_cert *skc, size_t *ret_len )
+fingerprint_from_sk( PKT_secret_key *sk, size_t *ret_len )
 {
    byte *p, *buf, *array;
    const char *dp;
    size_t len;
    unsigned n;
-    if( skc->version < 4 && is_RSA(skc->pubkey_algo) ) {
+    if( sk->version < 4 && is_RSA(sk->pubkey_algo) ) {
 	/* RSA in version 3 packets is special */
 	MD_HANDLE md;
 	md = md_open( DIGEST_ALGO_MD5, 0);
-	p = buf = mpi_get_buffer( skc->skey[1], &n, NULL );
+	p = buf = mpi_get_buffer( sk->skey[1], &n, NULL );
 	md_write( md, p, n );
 	m_free(buf);
-	p = buf = mpi_get_buffer( skc->skey[0], &n, NULL );
+	p = buf = mpi_get_buffer( sk->skey[0], &n, NULL );
 	md_write( md, p, n );
 	m_free(buf);
 	md_final(md);
@ -322,7 +320,7 @@ fingerprint_from_skc( PKT_secret_cert *skc, size_t *ret_len )
    }
    else {
 	MD_HANDLE md;
-	md = do_fingerprint_md_skc(skc);
+	md = do_fingerprint_md_sk(sk);
 	dp = md_read( md, 0 );
 	len = md_digest_length( md_get_algo( md ) );
 	array = m_alloc( len );
--- a/g10/keylist.c
+++ b/g10/keylist.c
@ -37,7 +37,7 @@
 static void list_all(int);
 static void list_one(const char *name, int secret);
-static void fingerprint( PKT_public_cert *pkc, PKT_secret_cert *skc );
+static void fingerprint( PKT_public_key *pk, PKT_secret_key *sk );
 /****************
@ -99,8 +99,8 @@ list_one( const char *name, int secret )
    KBNODE kbctx;
    KBNODE node;
    KBPOS kbpos;
-    PKT_public_cert *pkc;
+    PKT_public_key *pk;
-    PKT_secret_cert *skc;
+    PKT_secret_key *sk;
    u32 keyid[2];
    int any=0;
    int trustletter = 0;
@ -122,54 +122,54 @@ list_one( const char *name, int secret )
    /* get the keyid from the keyblock */
-    node = find_kbnode( keyblock, secret? PKT_SECRET_CERT : PKT_PUBLIC_CERT );
+    node = find_kbnode( keyblock, secret? PKT_SECRET_KEY : PKT_PUBLIC_KEY );
    if( !node ) {
 	log_error("Oops; key lost!\n");
 	goto leave;
    }
    if( secret ) {
-	pkc = NULL;
+	pk = NULL;
-	skc = node->pkt->pkt.secret_cert;
+	sk = node->pkt->pkt.secret_key;
-	keyid_from_skc( skc, keyid );
+	keyid_from_sk( sk, keyid );
 	if( opt.with_colons )
 	    printf("sec::%u:%d:%08lX%08lX:%s:%u:::",
-		    nbits_from_skc( skc ),
+		    nbits_from_sk( sk ),
-		    skc->pubkey_algo,
+		    sk->pubkey_algo,
 		    (ulong)keyid[0],(ulong)keyid[1],
-		    datestr_from_skc( skc ),
+		    datestr_from_sk( sk ),
-		    (unsigned)skc->valid_days
+		    (unsigned)sk->valid_days
 		    /* fixme: add LID here */ );
 	else
-	    printf("sec  %4u%c/%08lX %s ", nbits_from_skc( skc ),
+	    printf("sec  %4u%c/%08lX %s ", nbits_from_sk( sk ),
-				       pubkey_letter( skc->pubkey_algo ),
+				       pubkey_letter( sk->pubkey_algo ),
 				       (ulong)keyid[1],
-				       datestr_from_skc( skc ) );
+				       datestr_from_sk( sk ) );
    }
    else {
-	pkc = node->pkt->pkt.public_cert;
+	pk = node->pkt->pkt.public_key;
-	skc = NULL;
+	sk = NULL;
-	keyid_from_pkc( pkc, keyid );
+	keyid_from_pk( pk, keyid );
 	if( opt.with_colons ) {
-	    trustletter = query_trust_info( pkc );
+	    trustletter = query_trust_info( pk );
 	    printf("pub:%c:%u:%d:%08lX%08lX:%s:%u:",
 		    trustletter,
-		    nbits_from_pkc( pkc ),
+		    nbits_from_pk( pk ),
-		    pkc->pubkey_algo,
+		    pk->pubkey_algo,
 		    (ulong)keyid[0],(ulong)keyid[1],
-		    datestr_from_pkc( pkc ),
+		    datestr_from_pk( pk ),
-		    (unsigned)pkc->valid_days );
+		    (unsigned)pk->valid_days );
-	    if( pkc->local_id )
+	    if( pk->local_id )
-		printf("%lu", pkc->local_id );
+		printf("%lu", pk->local_id );
 	    putchar(':');
 	    /* fixme: add ownertrust here */
 	    putchar(':');
 	}
 	else
-	    printf("pub  %4u%c/%08lX %s ", nbits_from_pkc( pkc ),
+	    printf("pub  %4u%c/%08lX %s ", nbits_from_pk( pk ),
-				       pubkey_letter( pkc->pubkey_algo ),
+				       pubkey_letter( pk->pubkey_algo ),
 				       (ulong)keyid[1],
-				       datestr_from_pkc( pkc ) );
+				       datestr_from_pk( pk ) );
    }
    for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) {
@ -187,70 +187,70 @@ list_one( const char *name, int secret )
 	    putchar('\n');
 	    if( !any ) {
 		if( opt.fingerprint )
-		    fingerprint( pkc, skc );
+		    fingerprint( pk, sk );
 		any = 1;
 	    }
 	}
-	else if( node->pkt->pkttype == PKT_PUBKEY_SUBCERT ) {
+	else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
 	    u32 keyid2[2];
-	    PKT_public_cert *pkc2 = node->pkt->pkt.public_cert;
+	    PKT_public_key *pk2 = node->pkt->pkt.public_key;
 	    if( !any ) {
 		putchar('\n');
 		if( opt.fingerprint )
-		    fingerprint( pkc, skc ); /* of the main key */
+		    fingerprint( pk, sk ); /* of the main key */
 		any = 1;
 	    }
-	    keyid_from_pkc( pkc2, keyid2 );
+	    keyid_from_pk( pk2, keyid2 );
 	    if( opt.with_colons ) {
 		printf("sub:%c:%u:%d:%08lX%08lX:%s:%u:",
 			trustletter,
-			nbits_from_pkc( pkc2 ),
+			nbits_from_pk( pk2 ),
-			pkc2->pubkey_algo,
+			pk2->pubkey_algo,
 			(ulong)keyid2[0],(ulong)keyid2[1],
-			datestr_from_pkc( pkc2 ),
+			datestr_from_pk( pk2 ),
-			(unsigned)pkc2->valid_days
+			(unsigned)pk2->valid_days
 			/* fixme: add LID and ownertrust here */
 						);
-		if( pkc->local_id ) /* use the local_id of the main key??? */
+		if( pk->local_id ) /* use the local_id of the main key??? */
-		    printf("%lu", pkc->local_id );
+		    printf("%lu", pk->local_id );
 		putchar(':');
 		putchar(':');
 		putchar('\n');
 	    }
 	    else
-		printf("sub  %4u%c/%08lX %s\n", nbits_from_pkc( pkc2 ),
+		printf("sub  %4u%c/%08lX %s\n", nbits_from_pk( pk2 ),
-					   pubkey_letter( pkc2->pubkey_algo ),
+					   pubkey_letter( pk2->pubkey_algo ),
 					   (ulong)keyid2[1],
-					   datestr_from_pkc( pkc2 ) );
+					   datestr_from_pk( pk2 ) );
 	}
-	else if( node->pkt->pkttype == PKT_SECKEY_SUBCERT ) {
+	else if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
 	    u32 keyid2[2];
-	    PKT_secret_cert *skc2 = node->pkt->pkt.secret_cert;
+	    PKT_secret_key *sk2 = node->pkt->pkt.secret_key;
 	    if( !any ) {
 		putchar('\n');
 		if( opt.fingerprint )
-		    fingerprint( pkc, skc ); /* of the main key */
+		    fingerprint( pk, sk ); /* of the main key */
 		any = 1;
 	    }
-	    keyid_from_skc( skc2, keyid2 );
+	    keyid_from_sk( sk2, keyid2 );
 	    if( opt.with_colons )
 		printf("ssb::%u:%d:%08lX%08lX:%s:%u:::\n",
-			nbits_from_skc( skc2 ),
+			nbits_from_sk( sk2 ),
-			skc2->pubkey_algo,
+			sk2->pubkey_algo,
 			(ulong)keyid2[0],(ulong)keyid2[1],
-			datestr_from_skc( skc2 ),
+			datestr_from_sk( sk2 ),
-			(unsigned)skc2->valid_days
+			(unsigned)sk2->valid_days
 			/* fixme: add LID */
 						);
 	    else
-		printf("ssb  %4u%c/%08lX %s\n", nbits_from_skc( skc2 ),
+		printf("ssb  %4u%c/%08lX %s\n", nbits_from_sk( sk2 ),
-					   pubkey_letter( skc2->pubkey_algo ),
+					   pubkey_letter( sk2->pubkey_algo ),
 					   (ulong)keyid2[1],
-					   datestr_from_skc( skc2 ) );
+					   datestr_from_sk( sk2 ) );
 	}
 	else if( opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE ) {
 	    PKT_signature *sig = node->pkt->pkt.signature;
@ -264,7 +264,7 @@ list_one( const char *name, int secret )
 		else
 		    putchar('\n');
 		if( opt.fingerprint )
-		    fingerprint( pkc, skc );
+		    fingerprint( pk, sk );
 		any=1;
 	    }
@ -334,13 +334,13 @@ list_one( const char *name, int secret )
 }
 static void
-fingerprint( PKT_public_cert *pkc, PKT_secret_cert *skc )
+fingerprint( PKT_public_key *pk, PKT_secret_key *sk )
 {
    byte *array, *p;
    size_t i, n;
-    p = array = pkc? fingerprint_from_pkc( pkc, &n )
+    p = array = pk? fingerprint_from_pk( pk, &n )
-		   : fingerprint_from_skc( skc, &n );
+		   : fingerprint_from_sk( sk, &n );
    if( opt.with_colons ) {
 	printf("fpr:::::::::");
 	for(i=0; i < n ; i++, p++ )
--- a/g10/main.h
+++ b/g10/main.h
@ -32,7 +32,7 @@
 typedef struct {
    int header_okay;
-    PKC_LIST pkc_list;
+    PK_LIST pk_list;
    cipher_filter_context_t cfx;
 } encrypt_filter_context_t;
@ -61,7 +61,7 @@ int encrypt_filter( void *opaque, int control,
 /*-- sign.c --*/
-int complete_sig( PKT_signature *sig, PKT_secret_cert *skc, MD_HANDLE md );
+int complete_sig( PKT_signature *sig, PKT_secret_key *sk, MD_HANDLE md );
 int sign_file( STRLIST filenames, int detached, STRLIST locusr,
 	       int encrypt, STRLIST remusr, const char *outfile );
 int clearsign_file( const char *fname, STRLIST locusr, const char *outfile );
@ -95,9 +95,11 @@ KBNODE make_comment_node( const char *s );
 KBNODE make_mpi_comment_node( const char *s, MPI a );
 /*-- import.c --*/
-int import_pubkeys( const char *filename );
+int import_keys( const char *filename );
 /*-- export.c --*/
 int export_pubkeys( STRLIST users );
 int export_seckeys( STRLIST users );
 /* dearmor.c --*/
 int dearmor_file( const char *fname );
 int enarmor_file( const char *fname );
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@ -44,8 +44,8 @@
 */
 typedef struct {
-    PKT_public_cert *last_pubkey;
+    PKT_public_key *last_pubkey;
-    PKT_secret_cert *last_seckey;
+    PKT_secret_key *last_seckey;
    PKT_user_id     *last_user_id;
    md_filter_context_t mfx;
    int sigs_only;   /* process only signatures and reject all other stuff */
@ -353,8 +353,8 @@ do_check_sig( CTX c, KBNODE node, int *is_selfsig )
 	     || sig->sig_class == 0x18
 	     || sig->sig_class == 0x20
 	     || sig->sig_class == 0x30	) { /* classes 0x10..0x17,0x20,0x30 */
-	if( c->list->pkt->pkttype == PKT_PUBLIC_CERT
+	if( c->list->pkt->pkttype == PKT_PUBLIC_KEY
-	    || c->list->pkt->pkttype == PKT_PUBKEY_SUBCERT ) {
+	    || c->list->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
 	    return check_key_signature( c->list, node, is_selfsig );
 	}
 	else {
@ -388,13 +388,13 @@ print_userid( PACKET *pkt )
 static void
-print_fingerprint( PKT_public_cert *pkc, PKT_secret_cert *skc )
+print_fingerprint( PKT_public_key *pk, PKT_secret_key *sk )
 {
    byte *array, *p;
    size_t i, n;
-    p = array = skc? fingerprint_from_skc( skc, &n )
+    p = array = sk? fingerprint_from_sk( sk, &n )
-		   : fingerprint_from_pkc( pkc, &n );
+		   : fingerprint_from_pk( pk, &n );
    if( opt.with_colons ) {
 	printf("fpr:::::::::");
 	for(i=0; i < n ; i++, p++ )
@ -435,25 +435,25 @@ list_node( CTX c, KBNODE node )
    if( !node )
 	;
-    else if( (mainkey = (node->pkt->pkttype == PKT_PUBLIC_CERT) )
+    else if( (mainkey = (node->pkt->pkttype == PKT_PUBLIC_KEY) )
-	     || node->pkt->pkttype == PKT_PUBKEY_SUBCERT ) {
+	     || node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
-	PKT_public_cert *pkc = node->pkt->pkt.public_cert;
+	PKT_public_key *pk = node->pkt->pkt.public_key;
 	if( opt.with_colons ) {
 	    u32 keyid[2];
-	    keyid_from_pkc( pkc, keyid );
+	    keyid_from_pk( pk, keyid );
 	    if( mainkey ) {
-		c->local_id = pkc->local_id;
+		c->local_id = pk->local_id;
-		c->trustletter = query_trust_info( pkc );
+		c->trustletter = query_trust_info( pk );
 	    }
 	    printf("%s:%c:%u:%d:%08lX%08lX:%s:%u:",
 		    mainkey? "pub":"sub",
 		    c->trustletter,
-		    nbits_from_pkc( pkc ),
+		    nbits_from_pk( pk ),
-		    pkc->pubkey_algo,
+		    pk->pubkey_algo,
 		    (ulong)keyid[0],(ulong)keyid[1],
-		    datestr_from_pkc( pkc ),
+		    datestr_from_pk( pk ),
-		    (unsigned)pkc->valid_days );
+		    (unsigned)pk->valid_days );
 	    if( c->local_id )
 		printf("%lu", c->local_id );
 	    putchar(':');
@ -463,10 +463,10 @@ list_node( CTX c, KBNODE node )
 	else
 	    printf("%s  %4u%c/%08lX %s ",
 				      mainkey? "pub":"sub",
-				      nbits_from_pkc( pkc ),
+				      nbits_from_pk( pk ),
-				      pubkey_letter( pkc->pubkey_algo ),
+				      pubkey_letter( pk->pubkey_algo ),
-				      (ulong)keyid_from_pkc( pkc, NULL ),
+				      (ulong)keyid_from_pk( pk, NULL ),
-				      datestr_from_pkc( pkc )	  );
+				      datestr_from_pk( pk )	);
 	if( mainkey ) {
 	    /* and now list all userids with their signatures */
 	    for( node = node->next; node; node = node->next ) {
@ -492,10 +492,10 @@ list_node( CTX c, KBNODE node )
 			putchar(':');
 		    putchar('\n');
 		    if( opt.fingerprint && !any )
-			print_fingerprint( pkc, NULL );
+			print_fingerprint( pk, NULL );
 		    any=1;
 		}
-		else if( node->pkt->pkttype == PKT_PUBKEY_SUBCERT ) {
+		else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
 		    if( !any ) {
 			putchar('\n');
 			any = 1;
@ -507,29 +507,29 @@ list_node( CTX c, KBNODE node )
 	if( !any )
 	    putchar('\n');
    }
-    else if( (mainkey = (node->pkt->pkttype == PKT_SECRET_CERT) )
+    else if( (mainkey = (node->pkt->pkttype == PKT_SECRET_KEY) )
-	     || node->pkt->pkttype == PKT_SECKEY_SUBCERT ) {
+	     || node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
-	PKT_secret_cert *skc = node->pkt->pkt.secret_cert;
+	PKT_secret_key *sk = node->pkt->pkt.secret_key;
 	if( opt.with_colons ) {
 	    u32 keyid[2];
-	    keyid_from_skc( skc, keyid );
+	    keyid_from_sk( sk, keyid );
 	    printf("%s::%u:%d:%08lX%08lX:%s:%u:::",
 		    mainkey? "sec":"ssb",
-		    nbits_from_skc( skc ),
+		    nbits_from_sk( sk ),
-		    skc->pubkey_algo,
+		    sk->pubkey_algo,
 		    (ulong)keyid[0],(ulong)keyid[1],
-		    datestr_from_skc( skc ),
+		    datestr_from_sk( sk ),
-		    (unsigned)skc->valid_days
+		    (unsigned)sk->valid_days
 		    /* fixme: add LID */ );
 	}
 	else
 	    printf("%s  %4u%c/%08lX %s ",
 				      mainkey? "sec":"ssb",
-				      nbits_from_skc( skc ),
+				      nbits_from_sk( sk ),
-				      pubkey_letter( skc->pubkey_algo ),
+				      pubkey_letter( sk->pubkey_algo ),
-				      (ulong)keyid_from_skc( skc, NULL ),
+				      (ulong)keyid_from_sk( sk, NULL ),
-				      datestr_from_skc( skc )	);
+				      datestr_from_sk( sk )   );
 	if( mainkey ) {
 	    /* and now list all userids with their signatures */
 	    for( node = node->next; node; node = node->next ) {
@ -555,10 +555,10 @@ list_node( CTX c, KBNODE node )
 			putchar(':');
 		    putchar('\n');
 		    if( opt.fingerprint && !any )
-			print_fingerprint( NULL, skc );
+			print_fingerprint( NULL, sk );
 		    any=1;
 		}
-		else if( node->pkt->pkttype == PKT_SECKEY_SUBCERT ) {
+		else if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
 		    if( !any ) {
 			putchar('\n');
 			any = 1;
@ -597,12 +597,12 @@ list_node( CTX c, KBNODE node )
 	else {	/* check whether this is a self signature */
 	    u32 keyid[2];
-	    if( c->list->pkt->pkttype == PKT_PUBLIC_CERT
+	    if( c->list->pkt->pkttype == PKT_PUBLIC_KEY
-		|| c->list->pkt->pkttype == PKT_SECRET_CERT ) {
+		|| c->list->pkt->pkttype == PKT_SECRET_KEY ) {
-		if( c->list->pkt->pkttype == PKT_PUBLIC_CERT )
+		if( c->list->pkt->pkttype == PKT_PUBLIC_KEY )
-		    keyid_from_pkc( c->list->pkt->pkt.public_cert, keyid );
+		    keyid_from_pk( c->list->pkt->pkt.public_key, keyid );
 		else
-		    keyid_from_skc( c->list->pkt->pkt.secret_cert, keyid );
+		    keyid_from_sk( c->list->pkt->pkt.secret_key, keyid );
 		if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] )
 		    is_selfsig = 1;
@ -709,8 +709,8 @@ do_proc_packets( CTX c, IOBUF a )
 	}
 	else if( c->sigs_only ) {
 	    switch( pkt->pkttype ) {
-	      case PKT_PUBLIC_CERT:
+	      case PKT_PUBLIC_KEY:
-	      case PKT_SECRET_CERT:
+	      case PKT_SECRET_KEY:
 	      case PKT_USER_ID:
 	      case PKT_SYMKEY_ENC:
 	      case PKT_PUBKEY_ENC:
@ -726,8 +726,8 @@ do_proc_packets( CTX c, IOBUF a )
 	}
 	else if( c->encrypt_only ) {
 	    switch( pkt->pkttype ) {
-	      case PKT_PUBLIC_CERT:
+	      case PKT_PUBLIC_KEY:
-	      case PKT_SECRET_CERT:
+	      case PKT_SECRET_KEY:
 	      case PKT_USER_ID:
 		rc = G10ERR_UNEXPECTED;
 		goto leave;
@ -743,14 +743,14 @@ do_proc_packets( CTX c, IOBUF a )
 	}
 	else {
 	    switch( pkt->pkttype ) {
-	      case PKT_PUBLIC_CERT:
+	      case PKT_PUBLIC_KEY:
-	      case PKT_SECRET_CERT:
+	      case PKT_SECRET_KEY:
 		release_list( c );
 		c->list = new_kbnode( pkt );
 		newpkt = 1;
 		break;
-	      case PKT_PUBKEY_SUBCERT:
+	      case PKT_PUBLIC_SUBKEY:
-	      case PKT_SECKEY_SUBCERT:
+	      case PKT_SECRET_SUBKEY:
 		newpkt = add_subkey( c, pkt );
 		break;
 	      case PKT_USER_ID:     newpkt = add_user_id( c, pkt ); break;
@ -850,10 +850,10 @@ proc_tree( CTX c, KBNODE node )
    c->local_id = 0;
    c->trustletter = ' ';
-    if( node->pkt->pkttype == PKT_PUBLIC_CERT
+    if( node->pkt->pkttype == PKT_PUBLIC_KEY
-	|| node->pkt->pkttype == PKT_PUBKEY_SUBCERT )
+	|| node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
 	list_node( c, node );
-    else if( node->pkt->pkttype == PKT_SECRET_CERT )
+    else if( node->pkt->pkttype == PKT_SECRET_KEY )
 	list_node( c, node );
    else if( node->pkt->pkttype == PKT_ONEPASS_SIG ) {
 	/* check all signatures */
--- a/g10/packet.h
+++ b/g10/packet.h
@ -33,16 +33,16 @@ typedef enum {
 	PKT_SIGNATURE	   =2, /* secret key encrypted packet */
 	PKT_SYMKEY_ENC	   =3, /* session key packet (OpenPGP)*/
 	PKT_ONEPASS_SIG    =4, /* one pass sig packet (OpenPGP)*/
-	PKT_SECRET_CERT    =5, /* secret key certificate */
+	PKT_SECRET_KEY	   =5, /* secret key */
-	PKT_PUBLIC_CERT    =6, /* public key certificate */
+	PKT_PUBLIC_KEY	   =6, /* public key */
-	PKT_SECKEY_SUBCERT =7, /* secret subkey certificate (OpenPGP) */
+	PKT_SECRET_SUBKEY  =7, /* secret subkey (OpenPGP) */
 	PKT_COMPRESSED	   =8, /* compressed data packet */
 	PKT_ENCRYPTED	   =9, /* conventional encrypted data */
 	PKT_MARKER	  =10, /* marker packet (OpenPGP) */
 	PKT_PLAINTEXT	  =11, /* plaintext data with filename and mode */
 	PKT_RING_TRUST	  =12, /* keyring trust packet */
 	PKT_USER_ID	  =13, /* user id packet */
-	PKT_PUBKEY_SUBCERT=14, /* subkey certificate (OpenPGP) */
+	PKT_PUBLIC_SUBKEY =14, /* public subkey (OpenPGP) */
 	PKT_OLD_COMMENT   =16, /* comment packet from an OpenPGP draft */
 	PKT_COMMENT	  =61  /* new comment packet (private) */
 } pkttype_t;
@ -104,17 +104,17 @@ typedef struct {
 * public keys by comparing the first npkey elements of pkey againts skey.
 */
 typedef struct {
-    u32     timestamp;	    /* certificate made */
+    u32     timestamp;	    /* key made */
    u16     valid_days;     /* valid for this number of days */
    byte    hdrbytes;	    /* number of header bytes */
    byte    version;
    byte    pubkey_algo;    /* algorithm used for public key scheme */
    ulong   local_id;	    /* internal use, valid if > 0 */
    MPI     pkey[PUBKEY_MAX_NPKEY];
-} PKT_public_cert;
+} PKT_public_key;
 typedef struct {
-    u32     timestamp;	    /* certificate made */
+    u32     timestamp;	    /* key made */
    u16     valid_days;     /* valid for this number of days */
    byte    hdrbytes;	    /* number of header bytes */
    byte    version;
@ -130,7 +130,7 @@ typedef struct {
    } protect;
    MPI skey[PUBKEY_MAX_NSKEY];
    u16 csum;		/* checksum */
-} PKT_secret_cert;
+} PKT_secret_key;
 typedef struct {
@ -172,8 +172,8 @@ struct packet_struct {
 	PKT_pubkey_enc	*pubkey_enc;	/* PKT_PUBKEY_ENC */
 	PKT_onepass_sig *onepass_sig;	/* PKT_ONEPASS_SIG */
 	PKT_signature	*signature;	/* PKT_SIGNATURE */
-	PKT_public_cert *public_cert;	/* PKT_PUBLIC_CERT */
+	PKT_public_key	*public_key;	/* PKT_PUBLIC_[SUB)KEY */
-	PKT_secret_cert *secret_cert;	/* PKT_SECRET_CERT */
+	PKT_secret_key	*secret_key;	/* PKT_SECRET_[SUB]KEY */
 	PKT_comment	*comment;	/* PKT_COMMENT */
 	PKT_user_id	*user_id;	/* PKT_USER_ID */
 	PKT_compressed	*compressed;	/* PKT_COMPRESSED */
@ -224,15 +224,17 @@ int list_packets( IOBUF a );
 int set_packet_list_mode( int mode );
 int search_packet( IOBUF inp, PACKET *pkt, int pkttype, ulong *retpos );
 int parse_packet( IOBUF inp, PACKET *ret_pkt);
 void parse_pubkey_warning( PACKET *pkt );
 int copy_all_packets( IOBUF inp, IOBUF out );
 int copy_some_packets( IOBUF inp, IOBUF out, ulong stopoff );
 int skip_some_packets( IOBUF inp, unsigned n );
-const byte *parse_sig_subpkt( const byte *buffer, int reqtype, size_t *ret_n );
+const byte *parse_sig_subpkt( const byte *buffer,
 			      sigsubpkttype_t reqtype, size_t *ret_n );
 /*-- build-packet.c --*/
 int build_packet( IOBUF inp, PACKET *pkt );
 u32 calc_packet_length( PACKET *pkt );
-void hash_public_cert( MD_HANDLE md, PKT_public_cert *pkc );
+void hash_public_key( MD_HANDLE md, PKT_public_key *pk );
 void build_sig_subpkt( PKT_signature *sig, sigsubpkttype_t type,
 			const byte *buffer, size_t buflen );
 void build_sig_subpkt_from_sig( PKT_signature *sig );
@ -242,17 +244,17 @@ void free_symkey_enc( PKT_symkey_enc *enc );
 void free_pubkey_enc( PKT_pubkey_enc *enc );
 void free_seckey_enc( PKT_signature *enc );
 int  digest_algo_from_sig( PKT_signature *sig );
-void release_public_cert_parts( PKT_public_cert *cert );
+void release_public_key_parts( PKT_public_key *pk );
-void free_public_cert( PKT_public_cert *cert );
+void free_public_key( PKT_public_key *key );
-void release_secret_cert_parts( PKT_secret_cert *cert );
+void release_secret_key_parts( PKT_secret_key *sk );
-void free_secret_cert( PKT_secret_cert *cert );
+void free_secret_key( PKT_secret_key *sk );
 void free_user_id( PKT_user_id *uid );
 void free_comment( PKT_comment *rem );
 void free_packet( PACKET *pkt );
-PKT_public_cert *copy_public_cert( PKT_public_cert *d, PKT_public_cert *s );
+PKT_public_key *copy_public_key( PKT_public_key *d, PKT_public_key *s );
-PKT_secret_cert *copy_secret_cert( PKT_secret_cert *d, PKT_secret_cert *s );
+PKT_secret_key *copy_secret_key( PKT_secret_key *d, PKT_secret_key *s );
-int cmp_public_certs( PKT_public_cert *a, PKT_public_cert *b );
+int cmp_public_keys( PKT_public_key *a, PKT_public_key *b );
-int cmp_public_secret_cert( PKT_public_cert *pkc, PKT_secret_cert *skc );
+int cmp_public_secret_key( PKT_public_key *pk, PKT_secret_key *sk );
 int cmp_user_ids( PKT_user_id *a, PKT_user_id *b );
@ -260,9 +262,9 @@ int cmp_user_ids( PKT_user_id *a, PKT_user_id *b );
 int signature_check( PKT_signature *sig, MD_HANDLE digest );
 /*-- seckey-cert.c --*/
-int is_secret_key_protected( PKT_secret_cert *cert );
+int is_secret_key_protected( PKT_secret_key *sk );
-int check_secret_key( PKT_secret_cert *cert );
+int check_secret_key( PKT_secret_key *sk );
-int protect_secret_key( PKT_secret_cert *cert, DEK *dek );
+int protect_secret_key( PKT_secret_key *sk, DEK *dek );
 /*-- pubkey-enc.c --*/
 int get_session_key( PKT_pubkey_enc *k, DEK *dek );
@ -283,9 +285,9 @@ int ask_for_detached_datafile( md_filter_context_t *mfx, const char *inname );
 int write_comment( IOBUF out, const char *s );
 /*-- sign.c --*/
-int make_keysig_packet( PKT_signature **ret_sig, PKT_public_cert *pkc,
+int make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
-			PKT_user_id *uid, PKT_public_cert *subpkc,
+			PKT_user_id *uid, PKT_public_key *subpk,
-			PKT_secret_cert *skc,
+			PKT_secret_key *sk,
 			int sigclass, int digest_algo,
 			int (*mksubpkt)(PKT_signature *, void *),
 			void *opaque  );
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@ -51,7 +51,7 @@ static int  parse_signature( IOBUF inp, int pkttype, unsigned long pktlen,
 							 PKT_signature *sig );
 static int  parse_onepass_sig( IOBUF inp, int pkttype, unsigned long pktlen,
 							PKT_onepass_sig *ops );
-static int  parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
+static int  parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
 				      byte *hdr, int hdrlen, PACKET *packet );
 static int  parse_user_id( IOBUF inp, int pkttype, unsigned long pktlen,
 							   PACKET *packet );
@ -176,6 +176,38 @@ skip_some_packets( IOBUF inp, unsigned n )
    return rc;
 }
 void
 parse_pubkey_warning( PACKET *pkt )
 {
    static byte unknown_pubkey_algos[256];
    int unk=0, uns=0;
    if( pkt->pkttype == PKT_PUBLIC_KEY
 	|| pkt->pkttype == PKT_PUBLIC_SUBKEY )
 	unk = pkt->pkt.public_key->pubkey_algo & 0xff;
    else if( pkt->pkttype == PKT_SECRET_KEY
 	     || pkt->pkttype == PKT_SECRET_SUBKEY )
 	unk = pkt->pkt.secret_key->pubkey_algo & 0xff;
    else if( pkt->pkttype == PKT_SIGNATURE )
 	uns = pkt->pkt.signature->pubkey_algo & 0xff;
    if( unk ) {
 	if( !(unknown_pubkey_algos[unk]&1) ) {
 	    log_info("can't handle key "
 		      "with public key algorithm %d\n", unk );
 	    unknown_pubkey_algos[unk] |= 1;
 	}
    }
    else if( uns ) {
 	if( !(unknown_pubkey_algos[unk]&2) ) {
 	    log_info("can't handle signature "
 		      "with public key algorithm %d\n", uns );
 	    unknown_pubkey_algos[unk] |= 2;
 	}
    }
 }
 /****************
 * Parse packet. Set the variable skip points to to 1 if the packet
 * should be skipped; this is the case if either there is a
@ -277,15 +309,15 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos,
    pkt->pkttype = pkttype;
    rc = G10ERR_UNKNOWN_PACKET; /* default error */
    switch( pkttype ) {
-      case PKT_PUBLIC_CERT:
+      case PKT_PUBLIC_KEY:
-      case PKT_PUBKEY_SUBCERT:
+      case PKT_PUBLIC_SUBKEY:
-	pkt->pkt.public_cert = m_alloc_clear(sizeof *pkt->pkt.public_cert );
+	pkt->pkt.public_key = m_alloc_clear(sizeof *pkt->pkt.public_key );
-	rc = parse_certificate(inp, pkttype, pktlen, hdr, hdrlen, pkt );
+	rc = parse_key(inp, pkttype, pktlen, hdr, hdrlen, pkt );
 	break;
-      case PKT_SECRET_CERT:
+      case PKT_SECRET_KEY:
-      case PKT_SECKEY_SUBCERT:
+      case PKT_SECRET_SUBKEY:
-	pkt->pkt.secret_cert = m_alloc_clear(sizeof *pkt->pkt.secret_cert );
+	pkt->pkt.secret_key = m_alloc_clear(sizeof *pkt->pkt.secret_key );
-	rc = parse_certificate(inp, pkttype, pktlen, hdr, hdrlen, pkt );
+	rc = parse_key(inp, pkttype, pktlen, hdr, hdrlen, pkt );
 	break;
      case PKT_SYMKEY_ENC:
 	rc = parse_symkeyenc( inp, pkttype, pktlen, pkt );
@ -310,7 +342,7 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos,
 	break;
      case PKT_RING_TRUST:
 	parse_trust(inp, pkttype, pktlen);
-	rc = 0;
+	rc = G10ERR_UNKNOWN_PACKET;
 	break;
      case PKT_PLAINTEXT:
 	rc = parse_plaintext(inp, pkttype, pktlen, pkt );
@ -810,18 +842,19 @@ parse_onepass_sig( IOBUF inp, int pkttype, unsigned long pktlen,
 static int
-parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
+parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
 			      byte *hdr, int hdrlen, PACKET *pkt )
 {
    int i, version, algorithm;
    unsigned n;
    unsigned long timestamp;
    unsigned short valid_period;
    int npkey, nskey;
    int is_v4=0;
    int rc=0;
    version = iobuf_get_noeof(inp); pktlen--;
-    if( pkttype == PKT_PUBKEY_SUBCERT && version == '#' ) {
+    if( pkttype == PKT_PUBLIC_SUBKEY && version == '#' ) {
 	/* early versions of G10 use old PGP comments packets;
 	 * luckily all those comments are started by a hash */
 	if( list_mode ) {
@ -861,343 +894,174 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
    if( list_mode )
 	printf(":%s key packet:\n"
 	       "\tversion %d, algo %d, created %lu, valid for %hu days\n",
-		pkttype == PKT_PUBLIC_CERT? "public" :
+		pkttype == PKT_PUBLIC_KEY? "public" :
-		pkttype == PKT_SECRET_CERT? "secret" :
+		pkttype == PKT_SECRET_KEY? "secret" :
-		pkttype == PKT_PUBKEY_SUBCERT? "public sub" :
+		pkttype == PKT_PUBLIC_SUBKEY? "public sub" :
-		pkttype == PKT_SECKEY_SUBCERT? "secret sub" : "??",
+		pkttype == PKT_SECRET_SUBKEY? "secret sub" : "??",
 		version, algorithm, timestamp, valid_period );
-    if( pkttype == PKT_SECRET_CERT || pkttype == PKT_SECKEY_SUBCERT )  {
+
-	pkt->pkt.secret_cert->timestamp = timestamp;
+    if( pkttype == PKT_SECRET_KEY || pkttype == PKT_SECRET_SUBKEY )  {
-	pkt->pkt.secret_cert->valid_days = valid_period;
+	PKT_secret_key *sk = pkt->pkt.secret_key;
-	pkt->pkt.secret_cert->hdrbytes = hdrlen;
+
-	pkt->pkt.secret_cert->version = version;
+	sk->timestamp = timestamp;
-	pkt->pkt.secret_cert->pubkey_algo = algorithm;
+	sk->valid_days = valid_period;
 	sk->hdrbytes = hdrlen;
 	sk->version = version;
 	sk->pubkey_algo = algorithm;
    }
    else {
-	pkt->pkt.public_cert->timestamp = timestamp;
+	PKT_public_key *pk = pkt->pkt.public_key;
-	pkt->pkt.public_cert->valid_days = valid_period;
+
-	pkt->pkt.public_cert->hdrbytes	  = hdrlen;
+	pk->timestamp = timestamp;
-	pkt->pkt.public_cert->version	  = version;
+	pk->valid_days = valid_period;
-	pkt->pkt.public_cert->pubkey_algo = algorithm;
+	pk->hdrbytes	= hdrlen;
 	pk->version	= version;
 	pk->pubkey_algo = algorithm;
    }
    nskey = pubkey_get_nskey( algorithm );
    npkey = pubkey_get_npkey( algorithm );
    if( !npkey ) {
 	if( list_mode )
 	    printf("\tunknown algorithm %d\n", algorithm );
 	rc = G10ERR_PUBKEY_ALGO;
 	goto leave;
    }
-    if( is_ELGAMAL(algorithm) ) {
+
-	MPI elg_p, elg_g, elg_y;
+    if( pkttype == PKT_SECRET_KEY || pkttype == PKT_SECRET_SUBKEY )  {
-	n = pktlen; elg_p = mpi_read(inp, &n, 0 ); pktlen -=n;
+	PKT_secret_key *sk = pkt->pkt.secret_key;
-	n = pktlen; elg_g = mpi_read(inp, &n, 0 ); pktlen -=n;
+	byte temp[8];
-	n = pktlen; elg_y = mpi_read(inp, &n, 0 ); pktlen -=n;
+
-	if( list_mode ) {
+	for(i=0; i < npkey; i++ ) {
-	    printf(  "\telg p: ");
+	    n = pktlen; sk->skey[i] = mpi_read(inp, &n, 0 ); pktlen -=n;
-	    mpi_print(stdout, elg_p, mpi_print_mode  );
+	    if( list_mode ) {
-	    printf("\n\telg g: ");
+		printf(  "\tskey[%d]: ", i);
-	    mpi_print(stdout, elg_g, mpi_print_mode  );
+		mpi_print(stdout, sk->skey[i], mpi_print_mode  );
-	    printf("\n\telg y: ");
+		putchar('\n');
-	    mpi_print(stdout, elg_y, mpi_print_mode  );
+	    }
 	    putchar('\n');
 	}
-	if( pkttype == PKT_PUBLIC_CERT || pkttype == PKT_PUBKEY_SUBCERT ) {
+	sk->protect.algo = iobuf_get_noeof(inp); pktlen--;
-	    pkt->pkt.public_cert->pkey[0] = elg_p;
+	if( sk->protect.algo ) {
-	    pkt->pkt.public_cert->pkey[1] = elg_g;
+	    sk->is_protected = 1;
-	    pkt->pkt.public_cert->pkey[2] = elg_y;
+	    sk->protect.s2k.count = 0;
-	}
+	    if( sk->protect.algo == 255 ) {
-	else {
+		if( pktlen < 3 ) {
 	    PKT_secret_cert *cert = pkt->pkt.secret_cert;
 	    byte temp[8];
 	    pkt->pkt.secret_cert->skey[0] = elg_p;
 	    pkt->pkt.secret_cert->skey[1] = elg_g;
 	    pkt->pkt.secret_cert->skey[2] = elg_y;
 	    cert->protect.algo = iobuf_get_noeof(inp); pktlen--;
 	    if( cert->protect.algo ) {
 		cert->is_protected = 1;
 		cert->protect.s2k.count = 0;
 		if( cert->protect.algo == 255 ) {
 		    if( pktlen < 3 ) {
 			rc = G10ERR_INVALID_PACKET;
 			goto leave;
 		    }
 		    cert->protect.algo = iobuf_get_noeof(inp); pktlen--;
 		    cert->protect.s2k.mode  = iobuf_get_noeof(inp); pktlen--;
 		    cert->protect.s2k.hash_algo = iobuf_get_noeof(inp); pktlen--;
 		    switch( cert->protect.s2k.mode ) {
 		      case 1:
 		      case 4:
 			for(i=0; i < 8 && pktlen; i++, pktlen-- )
 			    temp[i] = iobuf_get_noeof(inp);
 			memcpy(cert->protect.s2k.salt, temp, 8 );
 			break;
 		    }
 		    switch( cert->protect.s2k.mode ) {
 		      case 0: if( list_mode ) printf(  "\tsimple S2K" );
 			break;
 		      case 1: if( list_mode ) printf(  "\tsalted S2K" );
 			break;
 		      case 4: if( list_mode ) printf(  "\titer+salt S2K" );
 			break;
 		      default:
 			if( list_mode )
 			    printf(  "\tunknown S2K %d\n",
 						cert->protect.s2k.mode );
 			rc = G10ERR_INVALID_PACKET;
 			goto leave;
 		    }
 		    if( list_mode ) {
 			printf(", algo: %d, hash: %d",
 					 cert->protect.algo,
 					 cert->protect.s2k.hash_algo );
 			if( cert->protect.s2k.mode == 1
 			    || cert->protect.s2k.mode == 4 ) {
 			    printf(", salt: ");
 			    for(i=0; i < 8; i++ )
 				printf("%02x", cert->protect.s2k.salt[i]);
 			}
 			putchar('\n');
 		    }
 		    if( cert->protect.s2k.mode == 4 ) {
 			if( pktlen < 4 ) {
 			    rc = G10ERR_INVALID_PACKET;
 			    goto leave;
 			}
 			cert->protect.s2k.count = read_32(inp);
 			pktlen -= 4;
 		    }
 		}
 		else {
 		    /* old version, we don't have a S2K, so we fake one */
 		    cert->protect.s2k.mode = 0;
 		    /* We need this kludge to cope with old GNUPG versions */
 		    cert->protect.s2k.hash_algo =
 			 cert->protect.algo == CIPHER_ALGO_BLOWFISH160?
 				      DIGEST_ALGO_RMD160 : DIGEST_ALGO_MD5;
 		    if( list_mode )
 			printf(  "\tprotect algo: %d  (hash algo: %d)\n",
 			     cert->protect.algo, cert->protect.s2k.hash_algo );
 		}
 		if( pktlen < 8 ) {
 		    rc = G10ERR_INVALID_PACKET;
 		    goto leave;
 		}
-		for(i=0; i < 8 && pktlen; i++, pktlen-- )
+		sk->protect.algo = iobuf_get_noeof(inp); pktlen--;
-		    temp[i] = iobuf_get_noeof(inp);
+		sk->protect.s2k.mode  = iobuf_get_noeof(inp); pktlen--;
-		if( list_mode ) {
+		sk->protect.s2k.hash_algo = iobuf_get_noeof(inp); pktlen--;
-		    printf(  "\tprotect IV: ");
+		switch( sk->protect.s2k.mode ) {
-		    for(i=0; i < 8; i++ )
+		  case 1:
-			printf(" %02x", temp[i] );
+		  case 4:
-		    putchar('\n');
+		    for(i=0; i < 8 && pktlen; i++, pktlen-- )
 			temp[i] = iobuf_get_noeof(inp);
 		    memcpy(sk->protect.s2k.salt, temp, 8 );
 		    break;
 		}
-		memcpy(cert->protect.iv, temp, 8 );
+		switch( sk->protect.s2k.mode ) {
-	    }
+		  case 0: if( list_mode ) printf(  "\tsimple S2K" );
-	    else
+		    break;
-		cert->is_protected = 0;
+		  case 1: if( list_mode ) printf(  "\tsalted S2K" );
-	    /* It does not make sense to read it into secure memory.
+		    break;
-	     * If the user is so careless, not to protect his secret key,
+		  case 4: if( list_mode ) printf(  "\titer+salt S2K" );
-	     * we can assume, that he operates an open system :=(.
+		    break;
-	     * So we put the key into secure memory when we unprotect it. */
+		  default:
 	    n = pktlen; cert->skey[3] = mpi_read(inp, &n, 0 ); pktlen -=n;
 	    if( cert->is_protected )
 		mpi_set_protect_flag(cert->skey[3]);
 	    cert->csum = read_16(inp); pktlen -= 2;
 	    if( list_mode ) {
 		printf("\t[secret value x is not shown]\n"
 		       "\tchecksum: %04hx\n", cert->csum);
 	    }
 	}
    }
    else if( algorithm == PUBKEY_ALGO_DSA ) {
 	MPI dsa_p, dsa_q, dsa_g, dsa_y;
 	n = pktlen; dsa_p = mpi_read(inp, &n, 0 ); pktlen -=n;
 	n = pktlen; dsa_q = mpi_read(inp, &n, 0 ); pktlen -=n;
 	n = pktlen; dsa_g = mpi_read(inp, &n, 0 ); pktlen -=n;
 	n = pktlen; dsa_y = mpi_read(inp, &n, 0 ); pktlen -=n;
 	if( list_mode ) {
 	    printf(  "\tdsa p: ");
 	    mpi_print(stdout, dsa_p, mpi_print_mode  );
 	    printf("\n\tdsa q: ");
 	    mpi_print(stdout, dsa_q, mpi_print_mode  );
 	    printf("\n\tdsa g: ");
 	    mpi_print(stdout, dsa_g, mpi_print_mode  );
 	    printf("\n\tdsa y: ");
 	    mpi_print(stdout, dsa_y, mpi_print_mode  );
 	    putchar('\n');
 	}
 	if( pkttype == PKT_PUBLIC_CERT || pkttype == PKT_PUBKEY_SUBCERT ) {
 	    pkt->pkt.public_cert->pkey[0] = dsa_p;
 	    pkt->pkt.public_cert->pkey[1] = dsa_q;
 	    pkt->pkt.public_cert->pkey[2] = dsa_g;
 	    pkt->pkt.public_cert->pkey[3] = dsa_y;
 	}
 	else {
 	    PKT_secret_cert *cert = pkt->pkt.secret_cert;
 	    byte temp[8];
 	    pkt->pkt.secret_cert->skey[0] = dsa_p;
 	    pkt->pkt.secret_cert->skey[1] = dsa_q;
 	    pkt->pkt.secret_cert->skey[2] = dsa_g;
 	    pkt->pkt.secret_cert->skey[3] = dsa_y;
 	    cert->protect.algo = iobuf_get_noeof(inp); pktlen--;
 	    if( cert->protect.algo ) {
 		cert->is_protected = 1;
 		cert->protect.s2k.count = 0;
 		if( cert->protect.algo == 255 ) {
 		    if( pktlen < 3 ) {
 			rc = G10ERR_INVALID_PACKET;
 			goto leave;
 		    }
 		    cert->protect.algo = iobuf_get_noeof(inp); pktlen--;
 		    cert->protect.s2k.mode  = iobuf_get_noeof(inp); pktlen--;
 		    cert->protect.s2k.hash_algo = iobuf_get_noeof(inp); pktlen--;
 		    switch( cert->protect.s2k.mode ) {
 		      case 1:
 		      case 4:
 			for(i=0; i < 8 && pktlen; i++, pktlen-- )
 			    temp[i] = iobuf_get_noeof(inp);
 			memcpy(cert->protect.s2k.salt, temp, 8 );
 			break;
 		    }
 		    switch( cert->protect.s2k.mode ) {
 		      case 0: if( list_mode ) printf(  "\tsimple S2K" );
 			break;
 		      case 1: if( list_mode ) printf(  "\tsalted S2K" );
 			break;
 		      case 4: if( list_mode ) printf(  "\titer+salt S2K" );
 			break;
 		      default:
 			if( list_mode )
 			    printf(  "\tunknown S2K %d\n",
 						    cert->protect.s2k.mode );
 			rc = G10ERR_INVALID_PACKET;
 			goto leave;
 		    }
 		    if( list_mode ) {
 			printf(", algo: %d, hash: %d",
 					 cert->protect.algo,
 					 cert->protect.s2k.hash_algo );
 			if( cert->protect.s2k.mode == 1
 			    || cert->protect.s2k.mode == 4 ){
 			    printf(", salt: ");
 			    for(i=0; i < 8; i++ )
 				printf("%02x", cert->protect.s2k.salt[i]);
 			}
 			putchar('\n');
 		    }
 		    if( cert->protect.s2k.mode == 4 ) {
 			if( pktlen < 4 ) {
 			    rc = G10ERR_INVALID_PACKET;
 			    goto leave;
 			}
 			cert->protect.s2k.count = read_32(inp);
 			pktlen -= 4;
 		    }
 		}
 		else {
 		    if( list_mode )
-			printf(  "\tprotect algo: %d\n", cert->protect.algo);
+			printf(  "\tunknown S2K %d\n",
-		    /* old version, we don't have a S2K, so we fake one */
+					    sk->protect.s2k.mode );
 		    cert->protect.s2k.mode = 0;
 		    cert->protect.s2k.hash_algo = DIGEST_ALGO_MD5;
 		}
 		if( pktlen < 8 ) {
 		    rc = G10ERR_INVALID_PACKET;
 		    goto leave;
 		}
-		for(i=0; i < 8 && pktlen; i++, pktlen-- )
+
 		    temp[i] = iobuf_get_noeof(inp);
 		if( list_mode ) {
-		    printf(  "\tprotect IV: ");
+		    printf(", algo: %d, hash: %d",
-		    for(i=0; i < 8; i++ )
+				     sk->protect.algo,
-			printf(" %02x", temp[i] );
+				     sk->protect.s2k.hash_algo );
 		    if( sk->protect.s2k.mode == 1
 			|| sk->protect.s2k.mode == 4 ) {
 			printf(", salt: ");
 			for(i=0; i < 8; i++ )
 			    printf("%02x", sk->protect.s2k.salt[i]);
 		    }
 		    putchar('\n');
 		}
 		memcpy(cert->protect.iv, temp, 8 );
 	    }
 	    else
 		cert->is_protected = 0;
 	    /* It does not make sense to read it into secure memory.
 	     * If the user is so careless, not to protect his secret key,
 	     * we can assume, that he operates an open system :=(.
 	     * So we put the key into secure memory when we unprotect it. */
 	    n = pktlen; cert->skey[4] = mpi_read(inp, &n, 0 ); pktlen -=n;
 	    if( cert->is_protected )
 		mpi_set_protect_flag(cert->skey[4]);
-	    cert->csum = read_16(inp); pktlen -= 2;
+		if( sk->protect.s2k.mode == 4 ) {
 		    if( pktlen < 4 ) {
 			rc = G10ERR_INVALID_PACKET;
 			goto leave;
 		    }
 		    sk->protect.s2k.count = read_32(inp);
 		    pktlen -= 4;
 		}
 	    }
 	    else { /* old version; no S2K, so we set mode to 0, hash MD5 */
 		sk->protect.s2k.mode = 0;
 		/* We need a kludge to cope with old GNUPG versions */
 		sk->protect.s2k.hash_algo =
 			 ( sk->protect.algo == CIPHER_ALGO_BLOWFISH160
 			   && algorithm == PUBKEY_ALGO_ELGAMAL_E ) ?
 				  DIGEST_ALGO_RMD160 : DIGEST_ALGO_MD5;
 		if( list_mode )
 		    printf(  "\tprotect algo: %d  (hash algo: %d)\n",
 			 sk->protect.algo, sk->protect.s2k.hash_algo );
 	    }
 	    if( pktlen < 8 ) {
 		rc = G10ERR_INVALID_PACKET;
 		goto leave;
 	    }
 	    for(i=0; i < 8 && pktlen; i++, pktlen-- )
 		temp[i] = iobuf_get_noeof(inp);
 	    if( list_mode ) {
-		printf("\t[secret value x is not shown]\n"
+		printf(  "\tprotect IV: ");
-		       "\tchecksum: %04hx\n", cert->csum);
+		for(i=0; i < 8; i++ )
 		    printf(" %02x", temp[i] );
 		putchar('\n');
 	    }
 	    memcpy(sk->protect.iv, temp, 8 );
 	}
 	else
 	    sk->is_protected = 0;
 	/* It does not make sense to read it into secure memory.
 	 * If the user is so careless, not to protect his secret key,
 	 * we can assume, that he operates an open system :=(.
 	 * So we put the key into secure memory when we unprotect it. */
 	for(i=npkey; i < nskey; i++ ) {
 	    n = pktlen; sk->skey[i] = mpi_read(inp, &n, 0 ); pktlen -=n;
 	    if( sk->is_protected )
 		mpi_set_protect_flag(sk->skey[i]);
 	    if( list_mode ) {
 		printf(  "\tskey[%d]: ", i);
 		if( sk->is_protected )
 		    printf(  "[encrypted]\n");
 		else {
 		    mpi_print(stdout, sk->skey[i], mpi_print_mode  );
 		    putchar('\n');
 		}
 	    }
 	}
    }
    else if( is_RSA(algorithm) ) {
 	MPI rsa_pub_mod, rsa_pub_exp;
-	n = pktlen; rsa_pub_mod = mpi_read(inp, &n, 0); pktlen -=n;
+	sk->csum = read_16(inp); pktlen -= 2;
 	n = pktlen; rsa_pub_exp = mpi_read(inp, &n, 0 ); pktlen -=n;
 	if( list_mode ) {
-	    printf(  "\tpublic modulus  n:  ");
+	    printf("\tchecksum: %04hx\n", sk->csum);
 	    mpi_print(stdout, rsa_pub_mod, mpi_print_mode  );
 	    printf("\n\tpublic exponent e: ");
 	    mpi_print(stdout, rsa_pub_exp, mpi_print_mode  );
 	    putchar('\n');
 	}
-	if( pkttype == PKT_PUBLIC_CERT || pkttype == PKT_PUBKEY_SUBCERT ) {
+    }
-	    pkt->pkt.public_cert->pkey[0] = rsa_pub_mod;
+    else {
-	    pkt->pkt.public_cert->pkey[1] = rsa_pub_exp;
+	PKT_public_key *pk = pkt->pkt.public_key;
 	}
 	else {
 	    PKT_secret_cert *cert = pkt->pkt.secret_cert;
 	    byte temp[8];
-	    pkt->pkt.secret_cert->skey[0] = rsa_pub_mod;
+	for(i=0; i < npkey; i++ ) {
-	    pkt->pkt.secret_cert->skey[1] = rsa_pub_exp;
+	    n = pktlen; pk->pkey[i] = mpi_read(inp, &n, 0 ); pktlen -=n;
 	    cert->protect.algo = iobuf_get_noeof(inp); pktlen--;
 	    if( list_mode )
 		printf(  "\tprotect algo: %d\n", cert->protect.algo);
 	    if( cert->protect.algo ) {
 		cert->is_protected = 1;
 		for(i=0; i < 8 && pktlen; i++, pktlen-- )
 		    temp[i] = iobuf_get_noeof(inp);
 		if( list_mode ) {
 		    printf(  "\tprotect IV: ");
 		    for(i=0; i < 8; i++ )
 			printf(" %02x", temp[i] );
 		    putchar('\n');
 		}
 		memcpy(cert->protect.iv, temp, 8 );
 		/* old version, we don't have a S2K, so we fake one */
 		cert->protect.s2k.mode = 0;
 		cert->protect.s2k.hash_algo = DIGEST_ALGO_MD5;
 	    }
 	    else
 		cert->is_protected = 0;
 	    /* (See comments at the code for elg keys) */
 	    n = pktlen; cert->skey[2] = mpi_read(inp, &n, 0 ); pktlen -=n;
 	    n = pktlen; cert->skey[3] = mpi_read(inp, &n, 0 ); pktlen -=n;
 	    n = pktlen; cert->skey[4] = mpi_read(inp, &n, 0 ); pktlen -=n;
 	    n = pktlen; cert->skey[5] = mpi_read(inp, &n, 0 ); pktlen -=n;
 	    if( cert->is_protected ) {
 		mpi_set_protect_flag(cert->skey[2]);
 		mpi_set_protect_flag(cert->skey[3]);
 		mpi_set_protect_flag(cert->skey[4]);
 		mpi_set_protect_flag(cert->skey[5]);
 	    }
 	    cert->csum = read_16(inp); pktlen -= 2;
 	    if( list_mode ) {
-		printf("\t[secret values d,p,q,u are not shown]\n"
+		printf(  "\tpkey[%d]: ", i);
-		       "\tchecksum: %04hx\n", cert->csum);
+		mpi_print(stdout, pk->pkey[i], mpi_print_mode  );
 		putchar('\n');
 	    }
 	}
    }
    else if( list_mode )
 	printf("\tunknown algorithm %d\n", algorithm );
  leave:
    skip_rest(inp, pktlen);
--- a/g10/passphrase.c
+++ b/g10/passphrase.c
@ -109,7 +109,7 @@ passphrase_to_dek( u32 *keyid, int cipher_algo, STRING2KEY *s2k, int mode )
    }
    if( keyid && !opt.batch && !next_pw ) {
-	PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc );
+	PKT_public_key *pk = m_alloc_clear( sizeof *pk );
 	size_t n;
 	char *p;
@ -120,14 +120,14 @@ passphrase_to_dek( u32 *keyid, int cipher_algo, STRING2KEY *s2k, int mode )
 	m_free(p);
 	tty_printf("\"\n");
-	if( !get_pubkey( pkc, keyid ) ) {
+	if( !get_pubkey( pk, keyid ) ) {
-	    const char *s = pubkey_algo_to_string( pkc->pubkey_algo );
+	    const char *s = pubkey_algo_to_string( pk->pubkey_algo );
 	    tty_printf( _("(%u-bit %s key, ID %08lX, created %s)\n"),
-		       nbits_from_pkc( pkc ), s?s:"?", (ulong)keyid[1],
+		       nbits_from_pk( pk ), s?s:"?", (ulong)keyid[1],
-		       strtimestamp(pkc->timestamp) );
+		       strtimestamp(pk->timestamp) );
 	}
 	tty_printf("\n");
-	free_public_cert( pkc );
+	free_public_key( pk );
    }
    if( next_pw ) {
 	pw = next_pw;
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@ -45,7 +45,7 @@ query_ownertrust( ulong lid )
    int rc;
    size_t n;
    u32 keyid[2];
-    PKT_public_cert *pkc ;
+    PKT_public_key *pk ;
    int changed=0;
    rc = keyid_from_trustdb( lid, keyid );
@ -54,8 +54,8 @@ query_ownertrust( ulong lid )
 	return 0;
    }
-    pkc = m_alloc_clear( sizeof *pkc );
+    pk = m_alloc_clear( sizeof *pk );
-    rc = get_pubkey( pkc, keyid );
+    rc = get_pubkey( pk, keyid );
    if( rc ) {
 	log_error("keyid %08lX: pubkey not found: %s\n",
 				(ulong)keyid[1], g10_errstr(rc) );
@ -64,8 +64,8 @@ query_ownertrust( ulong lid )
    tty_printf(_("No ownertrust defined for %lu:\n"
 	       "%4u%c/%08lX %s \""), lid,
-	      nbits_from_pkc( pkc ), pubkey_letter( pkc->pubkey_algo ),
+	      nbits_from_pk( pk ), pubkey_letter( pk->pubkey_algo ),
-	      (ulong)keyid[1], datestr_from_pkc( pkc ) );
+	      (ulong)keyid[1], datestr_from_pk( pk ) );
    p = get_user_id( keyid, &n );
    tty_print_string( p, n ),
    m_free(p);
@ -110,7 +110,7 @@ query_ownertrust( ulong lid )
 	m_free(p); p = NULL;
    }
    m_free(p);
-    m_free(pkc);
+    m_free(pk);
    return changed;
 }
@ -120,7 +120,7 @@ query_ownertrust( ulong lid )
 * Returns: -1 if no ownertrust were added.
 */
 static int
-add_ownertrust( PKT_public_cert *pkc )
+add_ownertrust( PKT_public_key *pk )
 {
    int rc;
    void *context = NULL;
@ -132,13 +132,13 @@ add_ownertrust( PKT_public_cert *pkc )
 _("Could not find a valid trust path to the key.  Let's see whether we\n"
  "can assign some missing owner trust values.\n\n"));
-    rc = query_trust_record( pkc );
+    rc = query_trust_record( pk );
    if( rc ) {
 	log_error("Ooops: not in trustdb\n");
 	return -1;
    }
-    lid = pkc->local_id;
+    lid = pk->local_id;
    while( !(rc=enum_trust_web( &context, &lid )) ) {
 	rc = get_ownertrust( lid, &trust );
 	if( rc )
@ -160,11 +160,11 @@ _("Could not find a valid trust path to the key.  Let's see whether we\n"
 }
 /****************
- * Check whether we can trust this pkc which has a trustlevel of TRUSTLEVEL
+ * Check whether we can trust this pk which has a trustlevel of TRUSTLEVEL
 * Returns: true if we trust.
 */
 static int
-do_we_trust( PKT_public_cert *pkc, int trustlevel )
+do_we_trust( PKT_public_key *pk, int trustlevel )
 {
    int rc;
@ -187,19 +187,19 @@ do_we_trust( PKT_public_cert *pkc, int trustlevel )
    switch( (trustlevel & TRUST_MASK) ) {
      case TRUST_UNKNOWN: /* No pubkey in trustDB: Insert and check again */
-	rc = insert_trust_record( pkc );
+	rc = insert_trust_record( pk );
 	if( rc ) {
 	    log_error("failed to insert it into the trustdb: %s\n",
 						      g10_errstr(rc) );
 	    return 0; /* no */
 	}
-	rc = check_trust( pkc, &trustlevel );
+	rc = check_trust( pk, &trustlevel );
 	if( rc )
 	    log_fatal("trust check after insert failed: %s\n",
 						      g10_errstr(rc) );
 	if( trustlevel == TRUST_UNKNOWN || trustlevel == TRUST_EXPIRED )
 	    BUG();
-	return do_we_trust( pkc, trustlevel );
+	return do_we_trust( pk, trustlevel );
      case TRUST_EXPIRED:
 	log_info("key has expired\n");
@ -209,14 +209,14 @@ do_we_trust( PKT_public_cert *pkc, int trustlevel )
 	if( opt.batch || opt.answer_no )
 	    log_info("no info to calculate a trust probability\n");
 	else {
-	    rc = add_ownertrust( pkc );
+	    rc = add_ownertrust( pk );
 	    if( !rc ) {
-		rc = check_trust( pkc, &trustlevel );
+		rc = check_trust( pk, &trustlevel );
 		if( rc )
 		    log_fatal("trust check after add_ownertrust failed: %s\n",
 							      g10_errstr(rc) );
 		/* fixme: this is recursive; we should unroll it */
-		return do_we_trust( pkc, trustlevel );
+		return do_we_trust( pk, trustlevel );
 	    }
 	}
 	return 0;
@ -256,9 +256,9 @@ do_we_trust( PKT_public_cert *pkc, int trustlevel )
 * key anyway.
 */
 static int
-do_we_trust_pre( PKT_public_cert *pkc, int trustlevel )
+do_we_trust_pre( PKT_public_key *pk, int trustlevel )
 {
-    int rc = do_we_trust( pkc, trustlevel );
+    int rc = do_we_trust( pk, trustlevel );
    if( !opt.batch && !rc ) {
 	char *answer;
@ -283,22 +283,22 @@ do_we_trust_pre( PKT_public_cert *pkc, int trustlevel )
 void
-release_pkc_list( PKC_LIST pkc_list )
+release_pk_list( PK_LIST pk_list )
 {
-    PKC_LIST pkc_rover;
+    PK_LIST pk_rover;
-    for( ; pkc_list; pkc_list = pkc_rover ) {
+    for( ; pk_list; pk_list = pk_rover ) {
-	pkc_rover = pkc_list->next;
+	pk_rover = pk_list->next;
-	free_public_cert( pkc_list->pkc );
+	free_public_key( pk_list->pk );
-	m_free( pkc_list );
+	m_free( pk_list );
    }
 }
 int
-build_pkc_list( STRLIST remusr, PKC_LIST *ret_pkc_list, unsigned usage )
+build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned usage )
 {
-    PKC_LIST pkc_list = NULL;
+    PK_LIST pk_list = NULL;
-    PKT_public_cert *pkc=NULL;
+    PKT_public_key *pk=NULL;
    int rc=0;
    if( !remusr && !opt.batch ) { /* ask */
@ -314,86 +314,86 @@ build_pkc_list( STRLIST remusr, PKC_LIST *ret_pkc_list, unsigned usage )
 	    tty_kill_prompt();
 	    if( !*answer )
 		break;
-	    if( pkc )
+	    if( pk )
-		free_public_cert( pkc );
+		free_public_key( pk );
-	    pkc = m_alloc_clear( sizeof *pkc );
+	    pk = m_alloc_clear( sizeof *pk );
-	    rc = get_pubkey_byname( pkc, answer );
+	    rc = get_pubkey_byname( pk, answer );
 	    if( rc )
 		tty_printf("No such user ID.\n");
-	    else if( !(rc=check_pubkey_algo2(pkc->pubkey_algo, usage)) ) {
+	    else if( !(rc=check_pubkey_algo2(pk->pubkey_algo, usage)) ) {
 		int trustlevel;
-		rc = check_trust( pkc, &trustlevel );
+		rc = check_trust( pk, &trustlevel );
 		if( rc ) {
-		    log_error("error checking pkc of '%s': %s\n",
+		    log_error("error checking pk of '%s': %s\n",
 						      answer, g10_errstr(rc) );
 		}
-		else if( do_we_trust_pre( pkc, trustlevel ) ) {
+		else if( do_we_trust_pre( pk, trustlevel ) ) {
-		    PKC_LIST r;
+		    PK_LIST r;
 		    r = m_alloc( sizeof *r );
-		    r->pkc = pkc; pkc = NULL;
+		    r->pk = pk; pk = NULL;
-		    r->next = pkc_list;
+		    r->next = pk_list;
 		    r->mark = 0;
-		    pkc_list = r;
+		    pk_list = r;
 		    break;
 		}
 	    }
 	}
 	m_free(answer);
-	if( pkc ) {
+	if( pk ) {
-	    free_public_cert( pkc );
+	    free_public_key( pk );
-	    pkc = NULL;
+	    pk = NULL;
 	}
    }
    else {
 	for(; remusr; remusr = remusr->next ) {
-	    pkc = m_alloc_clear( sizeof *pkc );
+	    pk = m_alloc_clear( sizeof *pk );
-	    if( (rc = get_pubkey_byname( pkc, remusr->d )) ) {
+	    if( (rc = get_pubkey_byname( pk, remusr->d )) ) {
-		free_public_cert( pkc ); pkc = NULL;
+		free_public_key( pk ); pk = NULL;
 		log_error("skipped '%s': %s\n", remusr->d, g10_errstr(rc) );
 	    }
-	    else if( !(rc=check_pubkey_algo2(pkc->pubkey_algo, usage )) ) {
+	    else if( !(rc=check_pubkey_algo2(pk->pubkey_algo, usage )) ) {
 		int trustlevel;
-		rc = check_trust( pkc, &trustlevel );
+		rc = check_trust( pk, &trustlevel );
 		if( rc ) {
-		    free_public_cert( pkc ); pkc = NULL;
+		    free_public_key( pk ); pk = NULL;
-		    log_error("error checking pkc of '%s': %s\n",
+		    log_error("error checking pk of '%s': %s\n",
 						      remusr->d, g10_errstr(rc) );
 		}
-		else if( do_we_trust_pre( pkc, trustlevel ) ) {
+		else if( do_we_trust_pre( pk, trustlevel ) ) {
 		    /* note: do_we_trust may have changed the trustlevel */
-		    PKC_LIST r;
+		    PK_LIST r;
 		    r = m_alloc( sizeof *r );
-		    r->pkc = pkc; pkc = NULL;
+		    r->pk = pk; pk = NULL;
-		    r->next = pkc_list;
+		    r->next = pk_list;
 		    r->mark = 0;
-		    pkc_list = r;
+		    pk_list = r;
 		}
-		else { /* we don't trust this pkc */
+		else { /* we don't trust this pk */
-		    free_public_cert( pkc ); pkc = NULL;
+		    free_public_key( pk ); pk = NULL;
 		}
 	    }
 	    else {
-		free_public_cert( pkc ); pkc = NULL;
+		free_public_key( pk ); pk = NULL;
 		log_error("skipped '%s': %s\n", remusr->d, g10_errstr(rc) );
 	    }
 	}
    }
-    if( !rc && !pkc_list ) {
+    if( !rc && !pk_list ) {
 	log_error("no valid addressees\n");
 	rc = G10ERR_NO_USER_ID;
    }
    if( rc )
-	release_pkc_list( pkc_list );
+	release_pk_list( pk_list );
    else
-	*ret_pkc_list = pkc_list;
+	*ret_pk_list = pk_list;
    return rc;
 }
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@ -44,7 +44,7 @@ get_session_key( PKT_pubkey_enc *k, DEK *dek )
    byte *frame = NULL;
    unsigned n, nframe;
    u16 csum, csum2;
-    PKT_secret_cert *skc = m_alloc_clear( sizeof *skc );
+    PKT_secret_key *sk = m_alloc_clear( sizeof *sk );
    if( is_RSA(k->pubkey_algo) ) /* warn about that */
 	write_status(STATUS_RSA_OR_IDEA);
@ -52,14 +52,14 @@ get_session_key( PKT_pubkey_enc *k, DEK *dek )
    if( rc )
 	goto leave;
-    skc->pubkey_algo = k->pubkey_algo;	 /* we want a pubkey with this algo*/
+    sk->pubkey_algo = k->pubkey_algo;	/* we want a pubkey with this algo*/
-    if( (rc = get_seckey( skc, k->keyid )) )
+    if( (rc = get_seckey( sk, k->keyid )) )
 	goto leave;
-    rc = pubkey_decrypt(k->pubkey_algo, &plain_dek, k->data, skc->skey );
+    rc = pubkey_decrypt(k->pubkey_algo, &plain_dek, k->data, sk->skey );
    if( rc )
 	goto leave;
-    free_secret_cert( skc ); skc = NULL;
+    free_secret_key( sk ); sk = NULL;
    frame = mpi_get_buffer( plain_dek, &nframe, NULL );
    mpi_free( plain_dek ); plain_dek = NULL;
@ -128,8 +128,8 @@ get_session_key( PKT_pubkey_enc *k, DEK *dek )
  leave:
    mpi_free(plain_dek);
    m_free(frame);
-    if( skc )
+    if( sk )
-	free_secret_cert( skc );
+	free_secret_key( sk );
    return rc;
 }
--- a/g10/revoke.c
+++ b/g10/revoke.c
@ -45,10 +45,10 @@ gen_revoke( const char *uname )
    armor_filter_context_t afx;
    compress_filter_context_t zfx;
    PACKET pkt;
-    PKT_secret_cert *skc; /* used as pointer into a kbnode */
+    PKT_secret_key *sk; /* used as pointer into a kbnode */
-    PKT_public_cert *pkc = NULL;
+    PKT_public_key *pk = NULL;
    PKT_signature *sig = NULL;
-    u32 skc_keyid[2];
+    u32 sk_keyid[2];
    IOBUF out = NULL;
    KBNODE keyblock = NULL;
    KBNODE node;
@ -82,7 +82,7 @@ gen_revoke( const char *uname )
    }
    /* get the keyid from the keyblock */
-    node = find_kbnode( keyblock, PKT_SECRET_CERT );
+    node = find_kbnode( keyblock, PKT_SECRET_KEY );
    if( !node ) { /* maybe better to use log_bug ? */
 	log_error("Oops; secret key not found anymore!\n");
 	rc = G10ERR_GENERAL;
@ -91,27 +91,26 @@ gen_revoke( const char *uname )
    /* fixme: should make a function out of this stuff,
     * it's used all over the source */
-    skc = node->pkt->pkt.secret_cert;
+    sk = node->pkt->pkt.secret_key;
-    keyid_from_skc( skc, skc_keyid );
+    keyid_from_sk( sk, sk_keyid );
    tty_printf("\nsec  %4u%c/%08lX %s   ",
-	      nbits_from_skc( skc ),
+	      nbits_from_sk( sk ),
-	      pubkey_letter( skc->pubkey_algo ),
+	      pubkey_letter( sk->pubkey_algo ),
-	      skc_keyid[1], datestr_from_skc(skc) );
+	      sk_keyid[1], datestr_from_sk(sk) );
    {
 	size_t n;
-	char *p = get_user_id( skc_keyid, &n );
+	char *p = get_user_id( sk_keyid, &n );
 	tty_print_string( p, n );
 	m_free(p);
 	tty_printf("\n");
    }
-    /* the the pkc */
+    pk = m_alloc_clear( sizeof *pk );
-    pkc = m_alloc_clear( sizeof *pkc );
+    rc = get_pubkey( pk, sk_keyid );
    rc = get_pubkey( pkc, skc_keyid );
    if( rc ) {
 	log_error("no corresponding public key: %s\n", g10_errstr(rc) );
 	goto leave;
    }
-    if( cmp_public_secret_cert( pkc, skc ) ) {
+    if( cmp_public_secret_key( pk, sk ) ) {
 	log_error("public key does not match secret key!\n" );
 	rc = G10ERR_GENERAL;
 	goto leave;
@ -127,7 +126,7 @@ gen_revoke( const char *uname )
 	goto leave;
    }
-    switch( is_secret_key_protected( skc ) ) {
+    switch( is_secret_key_protected( sk ) ) {
      case -1:
 	log_error("unknown protection algorithm\n");
 	rc = G10ERR_PUBKEY_ALGO;
@ -136,7 +135,7 @@ gen_revoke( const char *uname )
 	tty_printf("Warning: This key is not protected!\n");
 	break;
      default:
-	rc = check_secret_key( skc );
+	rc = check_secret_key( sk );
 	break;
    }
    if( rc )
@ -159,7 +158,7 @@ gen_revoke( const char *uname )
    /* create it */
-    rc = make_keysig_packet( &sig, pkc, NULL, NULL, skc, 0x20, 0, NULL, NULL);
+    rc = make_keysig_packet( &sig, pk, NULL, NULL, sk, 0x20, 0, NULL, NULL);
    if( rc ) {
 	log_error("make_keysig_packet failed: %s\n", g10_errstr(rc));
 	goto leave;
@ -185,8 +184,8 @@ gen_revoke( const char *uname )
  leave:
-    if( pkc )
+    if( pk )
-	free_public_cert( pkc );
+	free_public_key( pk );
    if( sig )
 	free_seckey_enc( sig );
    release_kbnode( keyblock );
--- a/g10/ringedit.c
+++ b/g10/ringedit.c
@ -69,7 +69,6 @@ typedef struct resource_table_struct RESTBL;
 #define MAX_RESOURCES 10
 static RESTBL resource_table[MAX_RESOURCES];
 static int search( PACKET *pkt, KBPOS *kbpos, int secret );
@ -92,7 +91,6 @@ check_pos( KBPOS *kbpos )
 }
 /****************************************************************
 ****************** public functions ****************************
 ****************************************************************/
@ -168,7 +166,7 @@ get_keyblock_handle( const char *filename, int secret, KBPOS *kbpos )
 * Search a keyblock which starts with the given packet and puts all
 * information into KBPOS, which can be used later to access this key block.
 * This function looks into all registered keyblock sources.
- * PACKET must be a packet with either a secret_cert or a public_cert
+ * PACKET must be a packet with either a secret_key or a public_key
 *
 * This function is intended to check whether a given certificate
 * is already in a keyring or to prepare it for editing.
@ -210,20 +208,20 @@ int
 find_keyblock_byname( KBPOS *kbpos, const char *username )
 {
    PACKET pkt;
-    PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc );
+    PKT_public_key *pk = m_alloc_clear( sizeof *pk );
    int rc;
-    rc = get_pubkey_byname( pkc, username );
+    rc = get_pubkey_byname( pk, username );
    if( rc ) {
-	free_public_cert(pkc);
+	free_public_key(pk);
 	return rc;
    }
    init_packet( &pkt );
-    pkt.pkttype = PKT_PUBLIC_CERT;
+    pkt.pkttype = PKT_PUBLIC_KEY;
-    pkt.pkt.public_cert = pkc;
+    pkt.pkt.public_key = pk;
    rc = search( &pkt, kbpos, 0 );
-    free_public_cert(pkc);
+    free_public_key(pk);
    return rc;
 }
@ -233,14 +231,14 @@ find_keyblock_byname( KBPOS *kbpos, const char *username )
 * of the keyblock.
 */
 int
-find_keyblock_bypkc( KBPOS *kbpos, PKT_public_cert *pkc )
+find_keyblock_bypk( KBPOS *kbpos, PKT_public_key *pk )
 {
    PACKET pkt;
    int rc;
    init_packet( &pkt );
-    pkt.pkttype = PKT_PUBLIC_CERT;
+    pkt.pkttype = PKT_PUBLIC_KEY;
-    pkt.pkt.public_cert = pkc;
+    pkt.pkt.public_key = pk;
    rc = search( &pkt, kbpos, 0 );
    return rc;
 }
@ -254,20 +252,20 @@ int
 find_secret_keyblock_byname( KBPOS *kbpos, const char *username )
 {
    PACKET pkt;
-    PKT_secret_cert *skc = m_alloc_clear( sizeof *skc );
+    PKT_secret_key *sk = m_alloc_clear( sizeof *sk );
    int rc;
-    rc = get_seckey_byname( skc, username, 0 );
+    rc = get_seckey_byname( sk, username, 0 );
    if( rc ) {
-	free_secret_cert(skc);
+	free_secret_key(sk);
 	return rc;
    }
    init_packet( &pkt );
-    pkt.pkttype = PKT_SECRET_CERT;
+    pkt.pkttype = PKT_SECRET_KEY;
-    pkt.pkt.secret_cert = skc;
+    pkt.pkt.secret_key = sk;
    rc = search( &pkt, kbpos, 1 );
-    free_secret_cert(skc);
+    free_secret_key(sk);
    return rc;
 }
@ -449,30 +447,30 @@ update_keyblock( KBPOS *kbpos, KBNODE root )
 ****************************************************************/
 static int
-cmp_seckey( PKT_secret_cert *req_skc, PKT_secret_cert *skc )
+cmp_seckey( PKT_secret_key *req_sk, PKT_secret_key *sk )
 {
    int n,i;
-    assert( req_skc->pubkey_algo == skc->pubkey_algo );
+    assert( req_sk->pubkey_algo == sk->pubkey_algo );
-    n = pubkey_get_nskey( req_skc->pubkey_algo );
+    n = pubkey_get_nskey( req_sk->pubkey_algo );
    for(i=0; i < n; i++ ) {
-	if( mpi_cmp( req_skc->skey[i], skc->skey[i] ) )
+	if( mpi_cmp( req_sk->skey[i], sk->skey[i] ) )
 	    return -1;
    }
    return 0;
 }
 static int
-cmp_pubkey( PKT_public_cert *req_pkc, PKT_public_cert *pkc )
+cmp_pubkey( PKT_public_key *req_pk, PKT_public_key *pk )
 {
    int n, i;
-    assert( req_pkc->pubkey_algo == pkc->pubkey_algo );
+    assert( req_pk->pubkey_algo == pk->pubkey_algo );
-    n = pubkey_get_npkey( req_pkc->pubkey_algo );
+    n = pubkey_get_npkey( req_pk->pubkey_algo );
    for(i=0; i < n; i++ ) {
-	if( mpi_cmp( req_pkc->pkey[i], pkc->pkey[i] )  )
+	if( mpi_cmp( req_pk->pkey[i], pk->pkey[i] )  )
 	    return -1;
    }
    return 0;
@ -489,8 +487,8 @@ keyring_search( PACKET *req, KBPOS *kbpos, IOBUF iobuf, const char *fname )
    int save_mode;
    ulong offset;
    int pkttype = req->pkttype;
-    PKT_public_cert *req_pkc = req->pkt.public_cert;
+    PKT_public_key *req_pk = req->pkt.public_key;
-    PKT_secret_cert *req_skc = req->pkt.secret_cert;
+    PKT_secret_key *req_sk = req->pkt.secret_key;
    init_packet(&pkt);
    save_mode = set_packet_list_mode(0);
@ -512,22 +510,22 @@ keyring_search( PACKET *req, KBPOS *kbpos, IOBUF iobuf, const char *fname )
  #endif
    while( !(rc=search_packet(iobuf, &pkt, pkttype, &offset)) ) {
-	if( pkt.pkttype == PKT_SECRET_CERT ) {
+	if( pkt.pkttype == PKT_SECRET_KEY ) {
-	    PKT_secret_cert *skc = pkt.pkt.secret_cert;
+	    PKT_secret_key *sk = pkt.pkt.secret_key;
-	    if(   req_skc->timestamp == skc->timestamp
+	    if(   req_sk->timestamp == sk->timestamp
-	       && req_skc->valid_days == skc->valid_days
+	       && req_sk->valid_days == sk->valid_days
-	       && req_skc->pubkey_algo == skc->pubkey_algo
+	       && req_sk->pubkey_algo == sk->pubkey_algo
-	       && !cmp_seckey( req_skc, skc) )
+	       && !cmp_seckey( req_sk, sk) )
 		break; /* found */
 	}
-	else if( pkt.pkttype == PKT_PUBLIC_CERT ) {
+	else if( pkt.pkttype == PKT_PUBLIC_KEY ) {
-	    PKT_public_cert *pkc = pkt.pkt.public_cert;
+	    PKT_public_key *pk = pkt.pkt.public_key;
-	    if(   req_pkc->timestamp == pkc->timestamp
+	    if(   req_pk->timestamp == pk->timestamp
-	       && req_pkc->valid_days == pkc->valid_days
+	       && req_pk->valid_days == pk->valid_days
-	       && req_pkc->pubkey_algo == pkc->pubkey_algo
+	       && req_pk->pubkey_algo == pk->pubkey_algo
-	       && !cmp_pubkey( req_pkc, pkc ) )
+	       && !cmp_pubkey( req_pk, pk ) )
 		break; /* found */
 	}
 	else
@ -577,12 +575,13 @@ keyring_read( KBPOS *kbpos, KBNODE *ret_root )
    kbpos->count=0;
    while( (rc=parse_packet(a, pkt)) != -1 ) {
 	if( rc ) {  /* ignore errors */
-	    if( rc != G10ERR_UNKNOWN_PACKET ) {
+	    if( rc == G10ERR_PUBKEY_ALGO )
 		parse_pubkey_warning( pkt );
 	    else if( rc != G10ERR_UNKNOWN_PACKET ) {
 		log_error("read_keyblock: read error: %s\n", g10_errstr(rc) );
 		rc = G10ERR_INV_KEYRING;
 		goto ready;
 	    }
 		log_info("read_keyblock: read error: %s\n", g10_errstr(rc) );
 	    kbpos->count++;
 	    free_packet( pkt );
 	    init_packet( pkt );
@ -590,8 +589,8 @@ keyring_read( KBPOS *kbpos, KBNODE *ret_root )
 	}
 	/* make a linked list of all packets */
 	switch( pkt->pkttype ) {
-	  case PKT_PUBLIC_CERT:
+	  case PKT_PUBLIC_KEY:
-	  case PKT_SECRET_CERT:
+	  case PKT_SECRET_KEY:
 	    if( in_cert )
 		goto ready;
 	    in_cert = 1;
@ -641,7 +640,9 @@ keyring_enum( KBPOS *kbpos, KBNODE *ret_root, int skipsigs )
    init_packet(pkt);
    while( (rc=parse_packet(kbpos->fp, pkt)) != -1 ) {
 	if( rc ) {  /* ignore errors */
-	    if( rc != G10ERR_UNKNOWN_PACKET ) {
+	    if( rc == G10ERR_PUBKEY_ALGO )
 		parse_pubkey_warning( pkt );
 	    else if( rc != G10ERR_UNKNOWN_PACKET ) {
 		log_error("read_keyblock: read error: %s\n", g10_errstr(rc) );
 		rc = G10ERR_INV_KEYRING;
 		goto ready;
@ -652,8 +653,8 @@ keyring_enum( KBPOS *kbpos, KBNODE *ret_root, int skipsigs )
 	}
 	/* make a linked list of all packets */
 	switch( pkt->pkttype ) {
-	  case PKT_PUBLIC_CERT:
+	  case PKT_PUBLIC_KEY:
-	  case PKT_SECRET_CERT:
+	  case PKT_SECRET_KEY:
 	    if( root ) { /* store this packet */
 		kbpos->pkt = pkt;
 		pkt = NULL;
--- a/g10/seckey-cert.c
+++ b/g10/seckey-cert.c
@ -35,76 +35,76 @@
 static int
-do_check( PKT_secret_cert *cert )
+do_check( PKT_secret_key *sk )
 {
    byte *buffer;
    u16 csum=0;
    int i, res;
    unsigned nbytes;
-    if( cert->is_protected ) { /* remove the protection */
+    if( sk->is_protected ) { /* remove the protection */
 	DEK *dek = NULL;
 	u32 keyid[2];
 	CIPHER_HANDLE cipher_hd=NULL;
-	PKT_secret_cert *save_cert;
+	PKT_secret_key *save_sk;
 	char save_iv[8];
-	if( cert->protect.algo == CIPHER_ALGO_NONE )
+	if( sk->protect.algo == CIPHER_ALGO_NONE )
 	    BUG();
-	if( check_cipher_algo( cert->protect.algo ) )
+	if( check_cipher_algo( sk->protect.algo ) )
 	    return G10ERR_CIPHER_ALGO; /* unsupported protection algorithm */
-	keyid_from_skc( cert, keyid );
+	keyid_from_sk( sk, keyid );
-	dek = passphrase_to_dek( keyid, cert->protect.algo,
+	dek = passphrase_to_dek( keyid, sk->protect.algo,
-				 &cert->protect.s2k, 0 );
+				 &sk->protect.s2k, 0 );
-	cipher_hd = cipher_open( cert->protect.algo,
+	cipher_hd = cipher_open( sk->protect.algo,
 				 CIPHER_MODE_AUTO_CFB, 1);
 	cipher_setkey( cipher_hd, dek->key, dek->keylen );
 	cipher_setiv( cipher_hd, NULL );
 	m_free(dek);
-	save_cert = copy_secret_cert( NULL, cert );
+	save_sk = copy_secret_key( NULL, sk );
-	memcpy(save_iv, cert->protect.iv, 8 );
+	memcpy(save_iv, sk->protect.iv, 8 );
-	cipher_decrypt( cipher_hd, cert->protect.iv, cert->protect.iv, 8 );
+	cipher_decrypt( cipher_hd, sk->protect.iv, sk->protect.iv, 8 );
 	csum = 0;
-	for(i=pubkey_get_npkey(cert->pubkey_algo);
+	for(i=pubkey_get_npkey(sk->pubkey_algo);
-		i < pubkey_get_nskey(cert->pubkey_algo); i++ ) {
+		i < pubkey_get_nskey(sk->pubkey_algo); i++ ) {
-	    buffer = mpi_get_secure_buffer( cert->skey[i], &nbytes, NULL );
+	    buffer = mpi_get_secure_buffer( sk->skey[i], &nbytes, NULL );
 	    cipher_sync( cipher_hd );
-	    assert( mpi_is_protected(cert->skey[i]) );
+	    assert( mpi_is_protected(sk->skey[i]) );
 	    cipher_decrypt( cipher_hd, buffer, buffer, nbytes );
-	    mpi_set_buffer( cert->skey[i], buffer, nbytes, 0 );
+	    mpi_set_buffer( sk->skey[i], buffer, nbytes, 0 );
-	    mpi_clear_protect_flag( cert->skey[i] );
+	    mpi_clear_protect_flag( sk->skey[i] );
-	    csum += checksum_mpi( cert->skey[i] );
+	    csum += checksum_mpi( sk->skey[i] );
 	    m_free( buffer );
 	}
 	if( opt.emulate_bugs & 1 ) {
-	   csum = cert->csum;
+	   csum = sk->csum;
 	}
 	cipher_close( cipher_hd );
 	/* now let's see whether we have used the right passphrase */
-	if( csum != cert->csum ) {
+	if( csum != sk->csum ) {
-	    copy_secret_cert( cert, save_cert );
+	    copy_secret_key( sk, save_sk );
-	    free_secret_cert( save_cert );
+	    free_secret_key( save_sk );
-	    memcpy( cert->protect.iv, save_iv, 8 );
+	    memcpy( sk->protect.iv, save_iv, 8 );
 	    return G10ERR_BAD_PASS;
 	}
 	/* the checksum may fail, so we also check the key itself */
-	res = pubkey_check_secret_key( cert->pubkey_algo, cert->skey );
+	res = pubkey_check_secret_key( sk->pubkey_algo, sk->skey );
 	if( res ) {
-	    copy_secret_cert( cert, save_cert );
+	    copy_secret_key( sk, save_sk );
-	    free_secret_cert( save_cert );
+	    free_secret_key( save_sk );
-	    memcpy( cert->protect.iv, save_iv, 8 );
+	    memcpy( sk->protect.iv, save_iv, 8 );
 	    return G10ERR_BAD_PASS;
 	}
-	free_secret_cert( save_cert );
+	free_secret_key( save_sk );
-	cert->is_protected = 0;
+	sk->is_protected = 0;
    }
    else { /* not protected, assume it is okay if the checksum is okay */
 	csum = 0;
-	for(i=pubkey_get_npkey(cert->pubkey_algo);
+	for(i=pubkey_get_npkey(sk->pubkey_algo);
-		i < pubkey_get_nskey(cert->pubkey_algo); i++ ) {
+		i < pubkey_get_nskey(sk->pubkey_algo); i++ ) {
-	    csum += checksum_mpi( cert->skey[i] );
+	    csum += checksum_mpi( sk->skey[i] );
 	}
-	if( csum != cert->csum )
+	if( csum != sk->csum )
 	    return G10ERR_CHECKSUM;
    }
@ -114,11 +114,11 @@ do_check( PKT_secret_cert *cert )
 /****************
- * Check the secret key certificate
+ * Check the secret key
 * Ask up to 3 times for a correct passphrase
 */
 int
-check_secret_key( PKT_secret_cert *cert )
+check_secret_key( PKT_secret_key *sk )
 {
    int rc = G10ERR_BAD_PASS;
    int i;
@ -126,20 +126,20 @@ check_secret_key( PKT_secret_cert *cert )
    for(i=0; i < 3 && rc == G10ERR_BAD_PASS; i++ ) {
 	if( i )
 	    log_error(_("Invalid passphrase; please try again ...\n"));
-	rc = do_check( cert );
+	rc = do_check( sk );
      #if 0 /* set to 1 to enable the workaround */
-	if( rc == G10ERR_BAD_PASS && cert->is_protected
+	if( rc == G10ERR_BAD_PASS && sk->is_protected
-	    && cert->protect.algo == CIPHER_ALGO_BLOWFISH
+	    && sk->protect.algo == CIPHER_ALGO_BLOWFISH
-	    && cert->pubkey_algo != PUBKEY_ALGO_ELGAMAL ) {
+	    && sk->pubkey_algo != PUBKEY_ALGO_ELGAMAL ) {
 	    /* Workaround for a bug in 0.2.16 which still used
 	     * a 160 bit key for BLOWFISH. */
 	    log_info("trying workaround for 0.2.16 passphrase bug ...\n");
 	    log_info("If you don't need this, uncomment it in g10/seckey-cert.c\n\n");
-	    cert->protect.algo = CIPHER_ALGO_BLOWFISH160;
+	    sk->protect.algo = CIPHER_ALGO_BLOWFISH160;
-	    rc = do_check( cert );
+	    rc = do_check( sk );
 	    if( rc )
 		rc = G10ERR_BAD_PASS;
-	    cert->protect.algo = CIPHER_ALGO_BLOWFISH;
+	    sk->protect.algo = CIPHER_ALGO_BLOWFISH;
 	}
      #endif
 	if( get_passphrase_fd() != -1 )
@ -154,18 +154,18 @@ check_secret_key( PKT_secret_cert *cert )
 * Returns: 0 not protected, -1 on error or the protection algorithm
 */
 int
-is_secret_key_protected( PKT_secret_cert *cert )
+is_secret_key_protected( PKT_secret_key *sk )
 {
-    return cert->is_protected? cert->protect.algo : 0;
+    return sk->is_protected? sk->protect.algo : 0;
 }
 /****************
- * Protect the secret key certificate with the passphrase from DEK
+ * Protect the secret key with the passphrase from DEK
 */
 int
-protect_secret_key( PKT_secret_cert *cert, DEK *dek )
+protect_secret_key( PKT_secret_key *sk, DEK *dek )
 {
    int i, rc = 0;
    byte *buffer;
@ -175,33 +175,33 @@ protect_secret_key( PKT_secret_cert *cert, DEK *dek )
    if( !dek )
 	return 0;
-    if( !cert->is_protected ) { /* okay, apply the protection */
+    if( !sk->is_protected ) { /* okay, apply the protection */
 	CIPHER_HANDLE cipher_hd=NULL;
-	if( check_cipher_algo( cert->protect.algo ) )
+	if( check_cipher_algo( sk->protect.algo ) )
 	    rc = G10ERR_CIPHER_ALGO; /* unsupport protection algorithm */
 	else {
-	    cipher_hd = cipher_open( cert->protect.algo,
+	    cipher_hd = cipher_open( sk->protect.algo,
 				     CIPHER_MODE_AUTO_CFB, 1 );
 	    cipher_setkey( cipher_hd, dek->key, dek->keylen );
 	    cipher_setiv( cipher_hd, NULL );
-	    cipher_encrypt( cipher_hd, cert->protect.iv, cert->protect.iv, 8 );
+	    cipher_encrypt( cipher_hd, sk->protect.iv, sk->protect.iv, 8 );
 	    /* NOTE: we always recalculate the checksum because there are some
 	     * test releases which calculated it wrong */
 	    csum = 0;
-	    for(i=pubkey_get_npkey(cert->pubkey_algo);
+	    for(i=pubkey_get_npkey(sk->pubkey_algo);
-		    i < pubkey_get_nskey(cert->pubkey_algo); i++ ) {
+		    i < pubkey_get_nskey(sk->pubkey_algo); i++ ) {
-		csum += checksum_mpi_counted_nbits( cert->skey[i] );
+		csum += checksum_mpi_counted_nbits( sk->skey[i] );
-		buffer = mpi_get_buffer( cert->skey[i], &nbytes, NULL );
+		buffer = mpi_get_buffer( sk->skey[i], &nbytes, NULL );
 		cipher_sync( cipher_hd );
-		assert( !mpi_is_protected(cert->skey[i]) );
+		assert( !mpi_is_protected(sk->skey[i]) );
 		cipher_encrypt( cipher_hd, buffer, buffer, nbytes );
-		mpi_set_buffer( cert->skey[i], buffer, nbytes, 0 );
+		mpi_set_buffer( sk->skey[i], buffer, nbytes, 0 );
-		mpi_set_protect_flag( cert->skey[i] );
+		mpi_set_protect_flag( sk->skey[i] );
 		m_free( buffer );
 	    }
-	    cert->csum = csum;
+	    sk->csum = csum;
-	    cert->is_protected = 1;
+	    sk->is_protected = 1;
 	    cipher_close( cipher_hd );
 	}
    }
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@ -39,7 +39,7 @@ struct cmp_help_context_s {
 };
-static int do_check( PKT_public_cert *pkc, PKT_signature *sig,
+static int do_check( PKT_public_key *pk, PKT_signature *sig,
 						MD_HANDLE digest );
@ -51,19 +51,19 @@ static int do_check( PKT_public_cert *pkc, PKT_signature *sig,
 int
 signature_check( PKT_signature *sig, MD_HANDLE digest )
 {
-    PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc );
+    PKT_public_key *pk = m_alloc_clear( sizeof *pk );
    int rc=0;
    if( is_RSA(sig->pubkey_algo) )
 	write_status(STATUS_RSA_OR_IDEA);
-    if( get_pubkey( pkc, sig->keyid ) )
+    if( get_pubkey( pk, sig->keyid ) )
 	rc = G10ERR_NO_PUBKEY;
    else
-	rc = do_check( pkc, sig, digest );
+	rc = do_check( pk, sig, digest );
-    free_public_cert( pkc );
+    free_public_key( pk );
    return rc;
 }
@ -144,33 +144,33 @@ cmp_help( void *opaque, MPI result )
 static int
-do_check( PKT_public_cert *pkc, PKT_signature *sig, MD_HANDLE digest )
+do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest )
 {
    MPI result = NULL;
    int rc=0;
    struct cmp_help_context_s ctx;
    u32 cur_time;
-    if( pkc->version == 4 && pkc->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) {
+    if( pk->version == 4 && pk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) {
 	log_info("this is a PGP generated "
 		 "ElGamal key which is NOT secure for signatures!\n");
 	return G10ERR_PUBKEY_ALGO;
    }
-    if( pkc->timestamp > sig->timestamp )
+    if( pk->timestamp > sig->timestamp )
 	return G10ERR_TIME_CONFLICT; /* pubkey newer that signature */
    cur_time = make_timestamp();
-    if( pkc->timestamp > cur_time ) {
+    if( pk->timestamp > cur_time ) {
 	log_info(_("public key created in future (time warp or clock problem)\n"));
 	return G10ERR_TIME_CONFLICT;
    }
-    if( pkc->valid_days && add_days_to_timestamp(pkc->timestamp,
+    if( pk->valid_days && add_days_to_timestamp(pk->timestamp,
-						pkc->valid_days) < cur_time ) {
+						pk->valid_days) < cur_time ) {
 	log_info(_("warning: signature key expired %s\n"), strtimestamp(
-				    add_days_to_timestamp(pkc->timestamp,
+				    add_days_to_timestamp(pk->timestamp,
-							  pkc->valid_days)));
+							  pk->valid_days)));
 	write_status(STATUS_SIGEXPIRED);
    }
@ -217,11 +217,11 @@ do_check( PKT_public_cert *pkc, PKT_signature *sig, MD_HANDLE digest )
    }
    md_final( digest );
-    result = encode_md_value( pkc->pubkey_algo, digest, sig->digest_algo,
+    result = encode_md_value( pk->pubkey_algo, digest, sig->digest_algo,
-				      mpi_get_nbits(pkc->pkey[0]));
+				      mpi_get_nbits(pk->pkey[0]));
    ctx.sig = sig;
    ctx.md = digest;
-    rc = pubkey_verify( pkc->pubkey_algo, result, sig->data, pkc->pkey,
+    rc = pubkey_verify( pk->pubkey_algo, result, sig->data, pk->pkey,
 			cmp_help, &ctx );
    mpi_free( result );
@ -249,14 +249,14 @@ hash_uid_node( KBNODE unode, MD_HANDLE md, PKT_signature *sig )
 /****************
 * check the signature pointed to by NODE. This is a key signature.
- * If the function detects a self-signature, it uses the PKC from
+ * If the function detects a self-signature, it uses the PK from
 * NODE and does not read any public key.
 */
 int
 check_key_signature( KBNODE root, KBNODE node, int *is_selfsig )
 {
    MD_HANDLE md;
-    PKT_public_cert *pkc;
+    PKT_public_key *pk;
    PKT_signature *sig;
    int algo;
    int rc;
@ -264,9 +264,9 @@ check_key_signature( KBNODE root, KBNODE node, int *is_selfsig )
    if( is_selfsig )
 	*is_selfsig = 0;
    assert( node->pkt->pkttype == PKT_SIGNATURE );
-    assert( root->pkt->pkttype == PKT_PUBLIC_CERT );
+    assert( root->pkt->pkttype == PKT_PUBLIC_KEY );
-    pkc = root->pkt->pkt.public_cert;
+    pk = root->pkt->pkt.public_key;
    sig = node->pkt->pkt.signature;
    algo = sig->digest_algo;
    if( (rc=check_digest_algo(algo)) )
@ -274,25 +274,25 @@ check_key_signature( KBNODE root, KBNODE node, int *is_selfsig )
    if( sig->sig_class == 0x20 ) {
 	md = md_open( algo, 0 );
-	hash_public_cert( md, pkc );
+	hash_public_key( md, pk );
-	rc = do_check( pkc, sig, md );
+	rc = do_check( pk, sig, md );
 	md_close(md);
    }
    else if( sig->sig_class == 0x18 ) {
-	KBNODE snode = find_prev_kbnode( root, node, PKT_PUBKEY_SUBCERT );
+	KBNODE snode = find_prev_kbnode( root, node, PKT_PUBLIC_SUBKEY );
 	if( snode ) {
 	    if( is_selfsig ) {
 		u32 keyid[2];
-		keyid_from_pkc( pkc, keyid );
+		keyid_from_pk( pk, keyid );
 		if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] )
 		    *is_selfsig = 1;
 	    }
 	    md = md_open( algo, 0 );
-	    hash_public_cert( md, pkc );
+	    hash_public_key( md, pk );
-	    hash_public_cert( md, snode->pkt->pkt.public_cert );
+	    hash_public_key( md, snode->pkt->pkt.public_key );
-	    rc = do_check( pkc, sig, md );
+	    rc = do_check( pk, sig, md );
 	    md_close(md);
 	}
 	else {
@ -306,15 +306,15 @@ check_key_signature( KBNODE root, KBNODE node, int *is_selfsig )
 	if( unode ) {
 	    u32 keyid[2];
-	    keyid_from_pkc( pkc, keyid );
+	    keyid_from_pk( pk, keyid );
 	    md = md_open( algo, 0 );
 	    /*md_start_debug(md, "check");*/
-	    hash_public_cert( md, pkc );
+	    hash_public_key( md, pk );
 	    hash_uid_node( unode, md, sig );
 	    if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) {
 		if( is_selfsig )
 		    *is_selfsig = 1;
-		rc = do_check( pkc, sig, md );
+		rc = do_check( pk, sig, md );
 	    }
 	    else
 		rc = signature_check( sig, md );
--- a/g10/sign.c
+++ b/g10/sign.c
@ -39,7 +39,7 @@
 static int
-do_sign( PKT_secret_cert *skc, PKT_signature *sig,
+do_sign( PKT_secret_key *sk, PKT_signature *sig,
 	 MD_HANDLE md, int digest_algo )
 {
    MPI frame;
@ -53,9 +53,9 @@ do_sign( PKT_secret_cert *skc, PKT_signature *sig,
    sig->digest_algo = digest_algo;
    sig->digest_start[0] = dp[0];
    sig->digest_start[1] = dp[1];
-    frame = encode_md_value( skc->pubkey_algo, md,
+    frame = encode_md_value( sk->pubkey_algo, md,
-			     digest_algo, mpi_get_nbits(skc->skey[0]));
+			     digest_algo, mpi_get_nbits(sk->skey[0]));
-    rc = pubkey_sign( skc->pubkey_algo, sig->data, frame, skc->skey );
+    rc = pubkey_sign( sk->pubkey_algo, sig->data, frame, sk->skey );
    mpi_free(frame);
    if( rc )
 	log_error("pubkey_sign failed: %s\n", g10_errstr(rc) );
@ -63,7 +63,7 @@ do_sign( PKT_secret_cert *skc, PKT_signature *sig,
 	if( opt.verbose ) {
 	    char *ustr = get_user_id_string( sig->keyid );
 	    log_info("%s signature from: %s\n",
-		      pubkey_algo_to_string(skc->pubkey_algo), ustr );
+		      pubkey_algo_to_string(sk->pubkey_algo), ustr );
 	    m_free(ustr);
 	}
    }
@ -73,12 +73,12 @@ do_sign( PKT_secret_cert *skc, PKT_signature *sig,
 int
-complete_sig( PKT_signature *sig, PKT_secret_cert *skc, MD_HANDLE md )
+complete_sig( PKT_signature *sig, PKT_secret_key *sk, MD_HANDLE md )
 {
    int rc=0;
-    if( !(rc=check_secret_key( skc )) )
+    if( !(rc=check_secret_key( sk )) )
-	rc = do_sign( skc, sig, md, 0 );
+	rc = do_sign( sk, sig, md, 0 );
    /* fixme: should we check whether the signature is okay?
     * maybe by using an option */
@ -99,15 +99,15 @@ hash_for(int pubkey_algo )
 }
 static int
-only_old_style( SKC_LIST skc_list )
+only_old_style( SK_LIST sk_list )
 {
-    SKC_LIST skc_rover = NULL;
+    SK_LIST sk_rover = NULL;
    int old_style = 0;
    /* if there are only old style capable key we use the old sytle */
-    for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) {
+    for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
-	PKT_secret_cert *skc = skc_rover->skc;
+	PKT_secret_key *sk = sk_rover->sk;
-	if( skc->pubkey_algo == PUBKEY_ALGO_RSA && skc->version < 4 )
+	if( sk->pubkey_algo == PUBKEY_ALGO_RSA && sk->version < 4 )
 	    old_style = 1;
 	else
 	    return 0;
@ -142,9 +142,9 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
    PKT_plaintext *pt = NULL;
    u32 filesize;
    int rc = 0;
-    PKC_LIST pkc_list = NULL;
+    PK_LIST pk_list = NULL;
-    SKC_LIST skc_list = NULL;
+    SK_LIST sk_list = NULL;
-    SKC_LIST skc_rover = NULL;
+    SK_LIST sk_rover = NULL;
    int multifile = 0;
    int old_style = opt.rfc1991;
@ -166,12 +166,12 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
    if( fname && filenames->next && (!detached || encrypt) )
 	log_bug("multiple files can only be detached signed");
-    if( (rc=build_skc_list( locusr, &skc_list, 1, 1 )) )
+    if( (rc=build_sk_list( locusr, &sk_list, 1, 1 )) )
 	goto leave;
    if( !old_style )
-	old_style = only_old_style( skc_list );
+	old_style = only_old_style( sk_list );
    if( encrypt ) {
-	if( (rc=build_pkc_list( remusr, &pkc_list, 2 )) )
+	if( (rc=build_pk_list( remusr, &pk_list, 2 )) )
 	    goto leave;
    }
@ -204,9 +204,9 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
 	iobuf_push_filter( inp, text_filter, &tfx );
    mfx.md = md_open(0, 0);
-    for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) {
+    for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
-	PKT_secret_cert *skc = skc_rover->skc;
+	PKT_secret_key *sk = sk_rover->sk;
-	md_enable(mfx.md, hash_for(skc->pubkey_algo));
+	md_enable(mfx.md, hash_for(sk->pubkey_algo));
    }
    if( !multifile )
@ -218,7 +218,7 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
 	write_comment( out, "#created by GNUPG v" VERSION " ("
 					    PRINTABLE_OS_NAME ")");
    if( encrypt ) {
-	efx.pkc_list = pkc_list;
+	efx.pk_list = pk_list;
 	/* fixme: set efx.cfx.datalen if known */
 	iobuf_push_filter( out, encrypt_filter, &efx );
    }
@ -231,17 +231,17 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
    if( !detached && !old_style ) {
 	/* loop over the secret certificates and build headers */
-	for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) {
+	for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
-	    PKT_secret_cert *skc;
+	    PKT_secret_key *sk;
 	    PKT_onepass_sig *ops;
-	    skc = skc_rover->skc;
+	    sk = sk_rover->sk;
 	    ops = m_alloc_clear( sizeof *ops );
 	    ops->sig_class = opt.textmode && !outfile ? 0x01 : 0x00;
-	    ops->digest_algo = hash_for(skc->pubkey_algo);
+	    ops->digest_algo = hash_for(sk->pubkey_algo);
-	    ops->pubkey_algo = skc->pubkey_algo;
+	    ops->pubkey_algo = sk->pubkey_algo;
-	    keyid_from_skc( skc, ops->keyid );
+	    keyid_from_sk( sk, ops->keyid );
-	    ops->last = !skc_rover->next;
+	    ops->last = !sk_rover->next;
 	    init_packet(&pkt);
 	    pkt.pkttype = PKT_ONEPASS_SIG;
@ -324,20 +324,20 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
    }
    /* loop over the secret certificates */
-    for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) {
+    for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
-	PKT_secret_cert *skc;
+	PKT_secret_key *sk;
 	PKT_signature *sig;
 	MD_HANDLE md;
-	skc = skc_rover->skc;
+	sk = sk_rover->sk;
 	/* build the signature packet */
 	/* fixme: this code is partly duplicated in make_keysig_packet */
 	sig = m_alloc_clear( sizeof *sig );
-	sig->version = skc->version;
+	sig->version = sk->version;
-	keyid_from_skc( skc, sig->keyid );
+	keyid_from_sk( sk, sig->keyid );
-	sig->digest_algo = hash_for(skc->pubkey_algo);
+	sig->digest_algo = hash_for(sk->pubkey_algo);
-	sig->pubkey_algo = skc->pubkey_algo;
+	sig->pubkey_algo = sk->pubkey_algo;
 	sig->timestamp = make_timestamp();
 	sig->sig_class = opt.textmode && !outfile? 0x01 : 0x00;
@ -380,7 +380,7 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
 	}
 	md_final( md );
-	rc = do_sign( skc, sig, md, hash_for(sig->pubkey_algo) );
+	rc = do_sign( sk, sig, md, hash_for(sig->pubkey_algo) );
 	md_close( md );
 	if( !rc ) { /* and write it */
@ -404,8 +404,8 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
 	iobuf_close(out);
    iobuf_close(inp);
    md_close( mfx.md );
-    release_skc_list( skc_list );
+    release_sk_list( sk_list );
-    release_pkc_list( pkc_list );
+    release_pk_list( pk_list );
    return rc;
 }
@ -458,18 +458,18 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
    IOBUF inp = NULL, out = NULL;
    PACKET pkt;
    int rc = 0;
-    SKC_LIST skc_list = NULL;
+    SK_LIST sk_list = NULL;
-    SKC_LIST skc_rover = NULL;
+    SK_LIST sk_rover = NULL;
    int old_style = opt.rfc1991;
    memset( &afx, 0, sizeof afx);
    memset( &tfx, 0, sizeof tfx);
    init_packet( &pkt );
-    if( (rc=build_skc_list( locusr, &skc_list, 1, 1 )) )
+    if( (rc=build_sk_list( locusr, &sk_list, 1, 1 )) )
 	goto leave;
    if( !old_style )
-	old_style = only_old_style( skc_list );
+	old_style = only_old_style( sk_list );
    /* prepare iobufs */
    if( !(inp = iobuf_open(fname)) ) {
@ -510,9 +510,9 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
    textmd = md_open(0, 0);
-    for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) {
+    for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
-	PKT_secret_cert *skc = skc_rover->skc;
+	PKT_secret_key *sk = sk_rover->sk;
-	md_enable(textmd, hash_for(skc->pubkey_algo));
+	md_enable(textmd, hash_for(sk->pubkey_algo));
    }
    iobuf_push_filter( inp, text_filter, &tfx );
@ -525,20 +525,20 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
    iobuf_push_filter( out, armor_filter, &afx );
    /* loop over the secret certificates */
-    for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) {
+    for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
-	PKT_secret_cert *skc;
+	PKT_secret_key *sk;
 	PKT_signature *sig;
 	MD_HANDLE md;
-	skc = skc_rover->skc;
+	sk = sk_rover->sk;
 	/* build the signature packet */
 	/* fixme: this code is duplicated above */
 	sig = m_alloc_clear( sizeof *sig );
-	sig->version = skc->version;
+	sig->version = sk->version;
-	keyid_from_skc( skc, sig->keyid );
+	keyid_from_sk( sk, sig->keyid );
-	sig->digest_algo = hash_for(skc->pubkey_algo);
+	sig->digest_algo = hash_for(sk->pubkey_algo);
-	sig->pubkey_algo = skc->pubkey_algo;
+	sig->pubkey_algo = sk->pubkey_algo;
 	sig->timestamp = make_timestamp();
 	sig->sig_class = 0x01;
@ -580,7 +580,7 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
 	}
 	md_final( md );
-	rc = do_sign( skc, sig, md, hash_for(sig->pubkey_algo) );
+	rc = do_sign( sk, sig, md, hash_for(sig->pubkey_algo) );
 	md_close( md );
 	if( !rc ) { /* and write it */
@ -604,7 +604,7 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
 	iobuf_close(out);
    iobuf_close(inp);
    md_close( textmd );
-    release_skc_list( skc_list );
+    release_sk_list( sk_list );
    return rc;
 }
--- a/g10/skclist.c
+++ b/g10/skclist.c
@ -34,96 +34,96 @@
 void
-release_skc_list( SKC_LIST skc_list )
+release_sk_list( SK_LIST sk_list )
 {
-    SKC_LIST skc_rover;
+    SK_LIST sk_rover;
-    for( ; skc_list; skc_list = skc_rover ) {
+    for( ; sk_list; sk_list = sk_rover ) {
-	skc_rover = skc_list->next;
+	sk_rover = sk_list->next;
-	free_secret_cert( skc_list->skc );
+	free_secret_key( sk_list->sk );
-	m_free( skc_list );
+	m_free( sk_list );
    }
 }
 int
-build_skc_list( STRLIST locusr, SKC_LIST *ret_skc_list, int unlock,
+build_sk_list( STRLIST locusr, SK_LIST *ret_sk_list, int unlock,
 							unsigned usage )
 {
-    SKC_LIST skc_list = NULL;
+    SK_LIST sk_list = NULL;
    int rc;
    if( !locusr ) { /* use the default one */
-	PKT_secret_cert *skc;
+	PKT_secret_key *sk;
-	skc = m_alloc_clear( sizeof *skc );
+	sk = m_alloc_clear( sizeof *sk );
-	if( (rc = get_seckey_byname( skc, NULL, unlock )) ) {
+	if( (rc = get_seckey_byname( sk, NULL, unlock )) ) {
-	    free_secret_cert( skc ); skc = NULL;
+	    free_secret_key( sk ); sk = NULL;
 	    log_error("no default secret key: %s\n", g10_errstr(rc) );
 	}
-	else if( !(rc=check_pubkey_algo2(skc->pubkey_algo, usage)) ) {
+	else if( !(rc=check_pubkey_algo2(sk->pubkey_algo, usage)) ) {
-	    SKC_LIST r;
+	    SK_LIST r;
-	    if( skc->version == 4 && (usage & 1)
+	    if( sk->version == 4 && (usage & 1)
-		&& skc->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) {
+		&& sk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) {
 		log_error("this is a PGP generated "
 		    "ElGamal key which is NOT secure for signatures!\n");
-		free_secret_cert( skc ); skc = NULL;
+		free_secret_key( sk ); sk = NULL;
 	    }
 	    else {
 		r = m_alloc( sizeof *r );
-		r->skc = skc; skc = NULL;
+		r->sk = sk; sk = NULL;
-		r->next = skc_list;
+		r->next = sk_list;
 		r->mark = 0;
-		skc_list = r;
+		sk_list = r;
 	    }
 	}
 	else {
-	    free_secret_cert( skc ); skc = NULL;
+	    free_secret_key( sk ); sk = NULL;
 	    log_error("invalid default secret key: %s\n", g10_errstr(rc) );
 	}
    }
    else {
 	for(; locusr; locusr = locusr->next ) {
-	    PKT_secret_cert *skc;
+	    PKT_secret_key *sk;
-	    skc = m_alloc_clear( sizeof *skc );
+	    sk = m_alloc_clear( sizeof *sk );
-	    if( (rc = get_seckey_byname( skc, locusr->d, unlock )) ) {
+	    if( (rc = get_seckey_byname( sk, locusr->d, unlock )) ) {
-		free_secret_cert( skc ); skc = NULL;
+		free_secret_key( sk ); sk = NULL;
 		log_error("skipped '%s': %s\n", locusr->d, g10_errstr(rc) );
 	    }
-	    else if( !(rc=check_pubkey_algo2(skc->pubkey_algo, usage)) ) {
+	    else if( !(rc=check_pubkey_algo2(sk->pubkey_algo, usage)) ) {
-		SKC_LIST r;
+		SK_LIST r;
-		if( skc->version == 4 && (usage & 1)
+		if( sk->version == 4 && (usage & 1)
-		    && skc->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) {
+		    && sk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) {
 		    log_info("skipped '%s': this is a PGP generated "
 			"ElGamal key which is not secure for signatures!\n",
 			locusr->d );
-		    free_secret_cert( skc ); skc = NULL;
+		    free_secret_key( sk ); sk = NULL;
 		}
 		else {
 		    r = m_alloc( sizeof *r );
-		    r->skc = skc; skc = NULL;
+		    r->sk = sk; sk = NULL;
-		    r->next = skc_list;
+		    r->next = sk_list;
 		    r->mark = 0;
-		    skc_list = r;
+		    sk_list = r;
 		}
 	    }
 	    else {
-		free_secret_cert( skc ); skc = NULL;
+		free_secret_key( sk ); sk = NULL;
 		log_error("skipped '%s': %s\n", locusr->d, g10_errstr(rc) );
 	    }
 	}
    }
-    if( !rc && !skc_list ) {
+    if( !rc && !sk_list ) {
 	log_error("no valid signators\n");
 	rc = G10ERR_NO_USER_ID;
    }
    if( rc )
-	release_skc_list( skc_list );
+	release_sk_list( sk_list );
    else
-	*ret_skc_list = skc_list;
+	*ret_sk_list = sk_list;
    return rc;
 }
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@ -163,7 +163,7 @@ static void dump_record( ulong rnum, TRUSTREC *rec, FILE *fp );
 static int  read_record( ulong recnum, TRUSTREC *rec, int expected );
 static int  write_record( ulong recnum, TRUSTREC *rec );
 static ulong new_recnum(void);
-static int search_record( PKT_public_cert *pkc, TRUSTREC *rec );
+static int search_record( PKT_public_key *pk, TRUSTREC *rec );
 static int walk_sigrecs( SIGREC_CONTEXT *c, int create );
 static LOCAL_ID_INFO *new_lid_table(void);
@ -636,13 +636,13 @@ new_recnum()
 }
 /****************
- * Search the trustdb for a key which matches PKC and return the dir record
+ * Search the trustdb for a key which matches PK and return the dir record
- * The local_id of PKC is set to the correct value
+ * The local_id of PK is set to the correct value
 *
 * Note: To increase performance, we could use a index search here.
 */
 static int
-search_record( PKT_public_cert *pkc, TRUSTREC *rec )
+search_record( PKT_public_key *pk, TRUSTREC *rec )
 {
    ulong recnum;
    u32 keyid[2];
@ -650,8 +650,8 @@ search_record( PKT_public_cert *pkc, TRUSTREC *rec )
    size_t fingerlen;
    int rc;
-    keyid_from_pkc( pkc, keyid );
+    keyid_from_pk( pk, keyid );
-    fingerprint = fingerprint_from_pkc( pkc, &fingerlen );
+    fingerprint = fingerprint_from_pk( pk, &fingerlen );
    assert( fingerlen == 20 || fingerlen == 16 );
    for(recnum=1; !(rc=read_record( recnum, rec, 0)); recnum++ ) {
@ -665,13 +665,13 @@ search_record( PKT_public_cert *pkc, TRUSTREC *rec )
 		log_error("%lu: ooops: invalid key record\n", recnum );
 		break;
 	    }
-	    if( keyrec.r.key.pubkey_algo == pkc->pubkey_algo
+	    if( keyrec.r.key.pubkey_algo == pk->pubkey_algo
 		&& !memcmp(keyrec.r.key.fingerprint, fingerprint, fingerlen) ){
-		if( pkc->local_id && pkc->local_id != recnum )
+		if( pk->local_id && pk->local_id != recnum )
 		    log_error("%s: found record, but local_id from mem does "
 			       "not match recnum (%lu,%lu)\n", db_name,
-				     (ulong)pkc->local_id, (ulong)recnum );
+				     (ulong)pk->local_id, (ulong)recnum );
-		pkc->local_id = recnum;
+		pk->local_id = recnum;
 		return 0;
 	    }
 	}
@ -689,25 +689,25 @@ search_record( PKT_public_cert *pkc, TRUSTREC *rec )
 static int
 set_signature_packets_local_id( PKT_signature *sig )
 {
-    PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc );
+    PKT_public_key *pk = m_alloc_clear( sizeof *pk );
    TRUSTREC rec;
    int rc;
-    rc = get_pubkey( pkc, sig->keyid );
+    rc = get_pubkey( pk, sig->keyid );
    if( rc)
 	goto leave;
-    if( !pkc->local_id ) {
+    if( !pk->local_id ) {
-	rc = search_record( pkc, &rec );
+	rc = search_record( pk, &rec );
 	if( rc == -1 )
-	    rc = insert_trust_record( pkc );
+	    rc = insert_trust_record( pk );
 	if( rc )
 	    goto leave;
-	/* fixme: we should propagate the local_id to all copies of the PKC */
+	/* fixme: we should propagate the local_id to all copies of the PK */
    }
-    sig->local_id = pkc->local_id;
+    sig->local_id = pk->local_id;
  leave:
-    free_public_cert( pkc );
+    free_public_key( pk );
    return rc;
 }
@ -833,15 +833,15 @@ walk_sigrecs( SIGREC_CONTEXT *c, int create )
 * Verify that all our public keys are in the trustDB.
 */
 static int
-verify_own_certs()
+verify_own_keys()
 {
    int rc;
    void *enum_context = NULL;
-    PKT_secret_cert *skc = m_alloc_clear( sizeof *skc );
+    PKT_secret_key *sk = m_alloc_clear( sizeof *sk );
-    PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc );
+    PKT_public_key *pk = m_alloc_clear( sizeof *pk );
    u32 keyid[2];
-    while( !(rc=enum_secret_keys( &enum_context, skc) ) ) {
+    while( !(rc=enum_secret_keys( &enum_context, sk) ) ) {
 	/* fixed: to be sure that it is a secret key of our own,
 	 *	  we should check it, but this needs a passphrase
 	 *	  for every key and this is boring for the user.
@ -850,20 +850,20 @@ verify_own_certs()
 	 *		     startup
 	 */
-	keyid_from_skc( skc, keyid );
+	keyid_from_sk( sk, keyid );
 	if( DBG_TRUST )
 	    log_debug("checking secret key %08lX\n", (ulong)keyid[1] );
 	/* see whether we can access the public key of this secret key */
-	memset( pkc, 0, sizeof *pkc );
+	memset( pk, 0, sizeof *pk );
-	rc = get_pubkey( pkc, keyid );
+	rc = get_pubkey( pk, keyid );
 	if( rc ) {
 	    log_error(_("keyid %08lX: secret key without public key\n"),
 							    (ulong)keyid[1] );
 	    goto leave;
 	}
-	if( cmp_public_secret_cert( pkc, skc ) ) {
+	if( cmp_public_secret_key( pk, sk ) ) {
 	    log_error(_("keyid %08lX: secret and public key don't match\n"),
 							    (ulong)keyid[1] );
 	    rc = G10ERR_GENERAL;
@ -871,9 +871,9 @@ verify_own_certs()
 	}
 	/* make sure that the pubkey is in the trustdb */
-	rc = query_trust_record( pkc );
+	rc = query_trust_record( pk );
 	if( rc == -1 ) { /* put it into the trustdb */
-	    rc = insert_trust_record( pkc );
+	    rc = insert_trust_record( pk );
 	    if( rc ) {
 		log_error(_("keyid %08lX: can't put it into the trustdb\n"),
 							    (ulong)keyid[1] );
@ -888,14 +888,14 @@ verify_own_certs()
 	if( DBG_TRUST )
 	    log_debug("putting %08lX(%lu) into ultikey_table\n",
-				    (ulong)keyid[1], pkc->local_id );
+				    (ulong)keyid[1], pk->local_id );
-	if( ins_lid_table_item( ultikey_table, pkc->local_id, 0 ) )
+	if( ins_lid_table_item( ultikey_table, pk->local_id, 0 ) )
 	    log_error(_("keyid %08lX: already in ultikey_table\n"),
 							(ulong)keyid[1]);
-	release_secret_cert_parts( skc );
+	release_secret_key_parts( sk );
-	release_public_cert_parts( pkc );
+	release_public_key_parts( pk );
    }
    if( rc != -1 )
 	log_error(_("enum_secret_keys failed: %s\n"), g10_errstr(rc) );
@ -903,8 +903,8 @@ verify_own_certs()
 	rc = 0;
  leave:
-    free_secret_cert( skc );
+    free_secret_key( sk );
-    free_public_cert( pkc );
+    free_public_key( pk );
    return rc;
 }
@ -1186,7 +1186,7 @@ build_sigrecs( ulong pubkeyid )
 	goto leave;
    }
    if( !selfsig ) {
-	log_error(_("build_sigrecs: self-certificate missing\n") );
+	log_error(_("build_sigrecs: self-signature missing\n") );
 	update_no_sigs( pubkeyid, 2 );
 	rc = G10ERR_BAD_CERT;
 	goto leave;
@ -1544,9 +1544,9 @@ init_trustdb( int level, const char *dbname )
 	 * in ~/.gnupg/ here */
 	rc = verify_private_data();
 	if( !rc ) {
-	    /* verify that our own certificates are in the trustDB
+	    /* verify that our own keys are in the trustDB
 	     * or move them to the trustdb. */
-	    rc = verify_own_certs();
+	    rc = verify_own_keys();
 	    /* should we check whether there is no other ultimately trusted
 	     * key in the database? */
@ -1566,19 +1566,19 @@ list_trustdb( const char *username )
    TRUSTREC rec;
    if( username ) {
-	PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc );
+	PKT_public_key *pk = m_alloc_clear( sizeof *pk );
 	int rc;
-	if( (rc = get_pubkey_byname( pkc, username )) )
+	if( (rc = get_pubkey_byname( pk, username )) )
 	    log_error("user '%s' not found: %s\n", username, g10_errstr(rc) );
-	else if( (rc=search_record( pkc, &rec )) && rc != -1 )
+	else if( (rc=search_record( pk, &rec )) && rc != -1 )
 	    log_error("problem finding '%s' in trustdb: %s\n",
 						username, g10_errstr(rc));
 	else if( rc == -1 )
 	    log_error("user '%s' not in trustdb\n", username);
-	else if( (rc = list_sigs( pkc->local_id )) )
+	else if( (rc = list_sigs( pk->local_id )) )
 	    log_error("user '%s' list problem: %s\n", username, g10_errstr(rc));
-	free_public_cert( pkc );
+	free_public_key( pk );
    }
    else {
 	ulong recnum;
@ -1600,36 +1600,36 @@ list_trust_path( int max_depth, const char *username )
    int wipe=0;
    int i;
    TRUSTREC rec;
-    PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc );
+    PKT_public_key *pk = m_alloc_clear( sizeof *pk );
    if( max_depth < 0 ) {
 	wipe = 1;
 	max_depth = -max_depth;
    }
-    if( (rc = get_pubkey_byname( pkc, username )) )
+    if( (rc = get_pubkey_byname( pk, username )) )
 	log_error("user '%s' not found: %s\n", username, g10_errstr(rc) );
-    else if( (rc=search_record( pkc, &rec )) && rc != -1 )
+    else if( (rc=search_record( pk, &rec )) && rc != -1 )
 	log_error("problem finding '%s' in trustdb: %s\n",
 					    username, g10_errstr(rc));
    else if( rc == -1 ) {
 	log_info("user '%s' not in trustdb - inserting\n", username);
-	rc = insert_trust_record( pkc );
+	rc = insert_trust_record( pk );
 	if( rc )
 	    log_error("failed to put '%s' into trustdb: %s\n", username, g10_errstr(rc));
 	else {
-	    assert( pkc->local_id );
+	    assert( pk->local_id );
 	}
    }
    if( !rc ) {
 	TRUST_SEG_LIST tsl, tslist = NULL;
-	if( !qry_lid_table_flag( ultikey_table, pkc->local_id, NULL ) ) {
+	if( !qry_lid_table_flag( ultikey_table, pk->local_id, NULL ) ) {
 	    tslist = m_alloc( sizeof *tslist );
 	    tslist->nseg = 1;
 	    tslist->dup = 0;
-	    tslist->seg[0].lid = pkc->local_id;
+	    tslist->seg[0].lid = pk->local_id;
 	    tslist->seg[0].trust = 0;
 	    tslist->next = NULL;
 	    rc = 0;
@ -1638,7 +1638,7 @@ list_trust_path( int max_depth, const char *username )
 	    LOCAL_ID_INFO *lids = new_lid_table();
 	    TRUST_INFO stack[MAX_LIST_SIGS_DEPTH];
-	    stack[0].lid = pkc->local_id;
+	    stack[0].lid = pk->local_id;
 	    stack[0].trust = 0;
 	    rc = do_list_path( stack, 1, max_depth, lids, &tslist );
 	    if( wipe ) { /* wipe out duplicates */
@ -1674,17 +1674,17 @@ list_trust_path( int max_depth, const char *username )
 	}
    }
-    free_public_cert( pkc );
+    free_public_key( pk );
 }
 /****************
- * Get the trustlevel for this PKC.
+ * Get the trustlevel for this PK.
 * Note: This does not ask any questions
 * Returns: 0 okay of an errorcode
 *
 * It operates this way:
- *  locate the pkc in the trustdb
+ *  locate the pk in the trustdb
 *	found:
 *	    Do we have a valid cache record for it?
 *		yes: return trustlevel from cache
@ -1700,7 +1700,7 @@ list_trust_path( int max_depth, const char *username )
 *	     is not necessary to check this if we use a local pubring. Hmmmm.
 */
 int
-check_trust( PKT_public_cert *pkc, unsigned *r_trustlevel )
+check_trust( PKT_public_key *pk, unsigned *r_trustlevel )
 {
    TRUSTREC rec;
    unsigned trustlevel = TRUST_UNKNOWN;
@ -1711,44 +1711,44 @@ check_trust( PKT_public_cert *pkc, unsigned *r_trustlevel )
 	log_info("check_trust() called.\n");
    /* get the pubkey record */
-    if( pkc->local_id ) {
+    if( pk->local_id ) {
-	if( read_record( pkc->local_id, &rec, RECTYPE_DIR ) ) {
+	if( read_record( pk->local_id, &rec, RECTYPE_DIR ) ) {
 	    log_error(_("check_trust: read record failed\n"));
 	    return G10ERR_TRUSTDB;
 	}
    }
    else { /* no local_id: scan the trustdb */
-	if( (rc=search_record( pkc, &rec )) && rc != -1 ) {
+	if( (rc=search_record( pk, &rec )) && rc != -1 ) {
 	    log_error(_("check_trust: search_record failed: %s\n"),
 							    g10_errstr(rc));
 	    return rc;
 	}
 	else if( rc == -1 ) {
-	    rc = insert_trust_record( pkc );
+	    rc = insert_trust_record( pk );
 	    if( rc ) {
 		log_error(_("failed to insert pubkey into trustdb: %s\n"),
 							    g10_errstr(rc));
 		goto leave;
 	    }
 	    log_info(_("pubkey not in trustdb - inserted as %lu\n"),
-				    pkc->local_id );
+				    pk->local_id );
 	}
    }
    cur_time = make_timestamp();
-    if( pkc->timestamp > cur_time ) {
+    if( pk->timestamp > cur_time ) {
 	log_info(_("public key created in future (time warp or clock problem)\n"));
 	return G10ERR_TIME_CONFLICT;
    }
-    if( pkc->valid_days && add_days_to_timestamp(pkc->timestamp,
+    if( pk->valid_days && add_days_to_timestamp(pk->timestamp,
-						pkc->valid_days) < cur_time ) {
+						pk->valid_days) < cur_time ) {
 	log_info(_("key expiration date is %s\n"), strtimestamp(
-				    add_days_to_timestamp(pkc->timestamp,
+				    add_days_to_timestamp(pk->timestamp,
-							  pkc->valid_days)));
+							  pk->valid_days)));
 	 trustlevel = TRUST_EXPIRED;
    }
    else {
-	rc = do_check( pkc->local_id, &rec, &trustlevel );
+	rc = do_check( pk->local_id, &rec, &trustlevel );
 	if( rc ) {
 	    log_error(_("check_trust: do_check failed: %s\n"), g10_errstr(rc));
 	    return rc;
@ -1765,12 +1765,12 @@ check_trust( PKT_public_cert *pkc, unsigned *r_trustlevel )
 int
-query_trust_info( PKT_public_cert *pkc )
+query_trust_info( PKT_public_key *pk )
 {
    unsigned trustlevel;
    int c;
-    if( check_trust( pkc, &trustlevel ) )
+    if( check_trust( pk, &trustlevel ) )
 	return '?';
    if( trustlevel & TRUST_FLAG_REVOKED )
 	return 'r';
@ -1875,25 +1875,25 @@ keyid_from_trustdb( ulong lid, u32 *keyid )
 /****************
 * This function simply looks for the key in the trustdb
- * and sets PKC->local_id.
+ * and sets PK->local_id.
 * Return: 0 = found
 *	   -1 = not found
 *	  other = error
 */
 int
-query_trust_record( PKT_public_cert *pkc )
+query_trust_record( PKT_public_key *pk )
 {
    TRUSTREC rec;
    int rc=0;
-    if( pkc->local_id ) {
+    if( pk->local_id ) {
-	if( read_record( pkc->local_id, &rec, RECTYPE_DIR ) ) {
+	if( read_record( pk->local_id, &rec, RECTYPE_DIR ) ) {
 	    log_error("query_trust_record: read record failed\n");
 	    return G10ERR_TRUSTDB;
 	}
    }
    else { /* no local_id: scan the trustdb */
-	if( (rc=search_record( pkc, &rec )) && rc != -1 ) {
+	if( (rc=search_record( pk, &rec )) && rc != -1 ) {
 	    log_error("query_trust_record: search_record failed: %s\n",
 							    g10_errstr(rc));
 	    return rc;
@ -1908,7 +1908,7 @@ query_trust_record( PKT_public_cert *pkc )
 * This function fails if this record already exists.
 */
 int
-insert_trust_record( PKT_public_cert *pkc )
+insert_trust_record( PKT_public_key *pk )
 {
    TRUSTREC rec;
    u32 keyid[2];
@ -1917,11 +1917,11 @@ insert_trust_record( PKT_public_cert *pkc )
    size_t fingerlen;
-    if( pkc->local_id )
+    if( pk->local_id )
-	log_bug("pkc->local_id=%lu\n", (ulong)pkc->local_id );
+	log_bug("pk->local_id=%lu\n", (ulong)pk->local_id );
-    keyid_from_pkc( pkc, keyid );
+    keyid_from_pk( pk, keyid );
-    fingerprint = fingerprint_from_pkc( pkc, &fingerlen );
+    fingerprint = fingerprint_from_pk( pk, &fingerlen );
    /* FIXME: check that we do not have this record. */
@ -1945,7 +1945,7 @@ insert_trust_record( PKT_public_cert *pkc )
    rec.r.key.owner    = dnum;
    rec.r.key.keyid[0] = keyid[0];
    rec.r.key.keyid[1] = keyid[1];
-    rec.r.key.pubkey_algo = pkc->pubkey_algo;
+    rec.r.key.pubkey_algo = pk->pubkey_algo;
    rec.r.key.fingerprint_len = fingerlen;
    memcpy(rec.r.key.fingerprint, fingerprint, fingerlen );
    rec.r.key.ownertrust = 0;
@ -1954,7 +1954,7 @@ insert_trust_record( PKT_public_cert *pkc )
 	return G10ERR_TRUSTDB;
    }
-    pkc->local_id = dnum;
+    pk->local_id = dnum;
    return 0;
 }
--- a/g10/trustdb.h
+++ b/g10/trustdb.h
@ -39,13 +39,13 @@
 void list_trustdb(const char *username);
 void list_trust_path( int max_depth, const char *username );
 int init_trustdb( int level, const char *dbname );
-int check_trust( PKT_public_cert *pkc, unsigned *r_trustlevel );
+int check_trust( PKT_public_key *pk, unsigned *r_trustlevel );
-int query_trust_info( PKT_public_cert *pkc );
+int query_trust_info( PKT_public_key *pk );
 int enum_trust_web( void **context, ulong *lid );
 int get_ownertrust( ulong lid, unsigned *r_otrust );
 int keyid_from_trustdb( ulong lid, u32 *keyid );
-int query_trust_record( PKT_public_cert *pkc );
+int query_trust_record( PKT_public_key *pk );
-int insert_trust_record( PKT_public_cert *pkc );
+int insert_trust_record( PKT_public_key *pk );
 int update_ownertrust( ulong lid, unsigned new_trust );
 int verify_private_data(void);
 int sign_private_data(void);
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@ -13,4 +13,4 @@ cipher/random.c
 g10/g10.c
 g10/pkclist.c
 g10/keygen.c
-
+#---end--
--- a/po/it.po
+++ b/po/it.po
@ -4,8 +4,7 @@ msgstr ""
 "Content-Type: text/plain; charset=iso-8859-1\n"
 "Date: 1998-03-07 12:16:14+0100\n"
 "From: Marco d'Itri <md@linux.it>\n"
-"Xgettext-Options: --default-domain=gnupg --directory=.. --add-comments "
+"Xgettext-Options: --default-domain=gnupg --directory=.. --add-comments --keyword=_ --keyword=N_ --files-from=./POTFILES.in\n"
 "--keyword=_ --keyword=N_ --files-from=./POTFILES.in\n"
 "Files: util/secmem.c cipher/random.c g10/g10.c g10/pkclist.c g10/keygen.c\n"
 #: util/secmem.c:180
@ -176,7 +175,7 @@ msgstr "modo batch: non fare domande"
 #: g10/g10.c:102
 msgid "assume yes on most questions"
-msgstr "assumi \"sì\" a quasi tutte le domande"
+msgstr "assumi \"s\354\" a quasi tutte le domande"
 #: g10/g10.c:103
 msgid "assume no on most questions"
@ -212,11 +211,11 @@ msgstr "non scrivere pacchetti di commento"
 #: g10/g10.c:112
 msgid "(default is 1)"
-msgstr "(predefinito è 1)"
+msgstr "(predefinito \350 1)"
 #: g10/g10.c:113
 msgid "(default is 3)"
-msgstr "(predefinito è 3)"
+msgstr "(predefinito \350 3)"
 #: g10/g10.c:114
 msgid "|file|load extension module"
@ -306,18 +305,18 @@ msgstr "comandi in conflitto\n"
 #: g10/g10.c:358
 msgid "selected cipher algorithm is invalid\n"
-msgstr "l'algoritmo di cifratura selezionato non è valido\n"
+msgstr "l'algoritmo di cifratura selezionato non \350 valido\n"
 #: g10/g10.c:360
 msgid "selected pubkey algorithm is invalid\n"
-msgstr "l'algoritmo a chiave pubblica selezionato non è valido\n"
+msgstr "l'algoritmo a chiave pubblica selezionato non \350 valido\n"
 #: g10/g10.c:362
 msgid "selected digest algorithm is invalid\n"
-msgstr "l'algoritmo di digest selezionato non è valido\n"
+msgstr "l'algoritmo di digest selezionato non \350 valido\n"
 # , c-format
 #: g10/g10.c:364
 #, c-format
 msgid "compress algorithm must be in range %d..%d\n"
 msgstr "l'algoritmo di compressione deve essere tra %d e %d\n"
@ -329,23 +328,23 @@ msgstr "completes-needed deve essere maggiore di 0\n"
 msgid "marginals-needed must be greater than 1\n"
 msgstr "marginals-needed deve essere maggiore di 1\n"
 # , c-format
 #: g10/g10.c:465
 #, c-format
 msgid "note: no default option file '%s'\n"
 msgstr "nota: nessun file con opzioni predefinite '%s'\n"
 # , c-format
 #: g10/g10.c:469
 #, c-format
 msgid "option file '%s': %s\n"
 msgstr "file con opzioni predefinite '%s': %s\n"
 # , c-format
 #: g10/g10.c:476
 #, c-format
 msgid "reading options from '%s'\n"
 msgstr "lettura delle opzioni da '%s'\n"
 # , c-format
 #: g10/g10.c:696
 #, c-format
 msgid "failed to initialize the TrustDB: %s\n"
 msgstr "inizializzazione del TrustDB fallita: %s\n"
@ -365,6 +364,7 @@ msgstr "--encrypt [nomefile]"
 msgid "--sign [filename]"
 msgstr "--sign [nomefile]"
 #. sign and encrypt the given file
 #: g10/g10.c:744
 msgid "--sign --encrypt [filename]"
 msgstr "--sign --encrypt [nomefile]"
@ -381,6 +381,7 @@ msgstr "--decrypt [nomefile]"
 msgid "--sign-key username"
 msgstr ""
 #. Edit a key signature
 #: g10/g10.c:786
 msgid "--edit-sig username"
 msgstr ""
@ -393,14 +394,13 @@ msgstr ""
 msgid "--delete-key username"
 msgstr ""
 #. Change the passphrase
 #. no arg: use default, 1 arg use this one
 #: g10/g10.c:805
 msgid "--change-passphrase [username]"
 msgstr ""
 # , c-format
 #. -kv userid keyring
 #: g10/g10.c:829
 #, c-format
 msgid "can't open %s: %s\n"
 msgstr "impossibile aprire '%s': %s\n"
@ -408,18 +408,18 @@ msgstr "impossibile aprire '%s': %s\n"
 msgid "-k[v][v][v][c] [userid] [keyring]"
 msgstr "-k[v][v][v][c] [userid] [portachiavi]"
 # , c-format
 #: g10/g10.c:892
 #, c-format
 msgid "dearmoring failed: %s\n"
 msgstr "rimozione dell'armatura fallita: %s\n"
 # , c-format
 #: g10/g10.c:900
 #, c-format
 msgid "enarmoring failed: %s\n"
 msgstr "creazione dell'armatura fallita: %s\n"
 # , c-format
 #: g10/g10.c:956
 #, c-format
 msgid "invalid hash algorithm '%s'\n"
 msgstr ""
@ -427,14 +427,14 @@ msgstr ""
 msgid "[filename]"
 msgstr "[nomefile]"
 # , c-format
 #: g10/g10.c:1008
 #, c-format
 msgid "can't open '%s'\n"
 msgstr "impossibile aprire '%s'\n"
 # #### Md ???
 # , c-format
 #: g10/pkclist.c:65
 #, c-format
 msgid ""
 "No ownertrust defined for %lu:\n"
 "%4u%c/%08lX %s \""
@ -459,7 +459,7 @@ msgid ""
 msgstr ""
 "\"\n"
 "\n"
-"Per favore decidi quanto hai fiducia di questo utente perchè firmi\n"
+"Per favore decidi quanto hai fiducia di questo utente perch\350 firmi\n"
 "correttamente le chiavi di altri utenti (guardando il suo passaporto,\n"
 "controllando le impronte digitali da diverse fonti ...)?\n"
 "\n"
@ -480,11 +480,9 @@ msgid ""
 "to any 3rd party.  We need it to implement the web-of-trust; it has nothing\n"
 "to do with the (implicitly created) web-of-certificates.\n"
 msgstr ""
-"È compito tuo assegnare qui un valore; questo valore non sarà mai esportato\n"
+"\310 compito tuo assegnare qui un valore; questo valore non sar\340 mai esportato\n"
-"ad alcuna terza persona. Serve per implementare la ragnatela-di-fiducia; "
+"ad alcuna terza persona. Serve per implementare la ragnatela-di-fiducia; non\n"
-"non\n"
+"ha nulla a che fare con la ragnatela-di-certificati (creata implicitamente).\n"
 "ha nulla a che fare con la ragnatela-di-certificati (creata "
 "implicitamente).\n"
 #: g10/pkclist.c:108
 msgid "You will see a list of signators etc. here\n"
@ -515,8 +513,8 @@ msgid ""
 "the next question with yes\n"
 "\n"
 msgstr ""
-"NON è sicuro che la chiave appartenga al suo proprietario.\n"
+"NON \350 sicuro che la chiave appartenga al suo proprietario.\n"
-"Se *veramente* sai cosa stai facendo, puoi rispondere sì alla\n"
+"Se *veramente* sai cosa stai facendo, puoi rispondere s\354 alla\n"
 "prossima domanda.\n"
 "\n"
@ -548,28 +546,28 @@ msgstr "scrittura della autofirma\n"
 msgid "Please select what kind of key you want:\n"
 msgstr "Per favore scegli che tipo di chiave vuoi:\n"
 # , c-format
 #: g10/keygen.c:384
 #, c-format
 msgid "   (%d) DSA and ElGamal (default)\n"
 msgstr "   (%d) DSA e ElGamal (default)\n"
 # , c-format
 #: g10/keygen.c:385
 #, c-format
 msgid "   (%d) ElGamal (sign and encrypt)\n"
 msgstr "   (%d) ElGamal (firma e crittografa)\n"
 # , c-format
 #: g10/keygen.c:386
 #, c-format
 msgid "   (%d) ElGamal (encrypt only)\n"
 msgstr "   (%d) ElGamal (crittografa solo)\n"
 # , c-format
 #: g10/keygen.c:387
 #, c-format
 msgid "   (%d) DSA (sign only)\n"
 msgstr "   (%d) DSA (firma solo)\n"
 # , c-format
 #: g10/keygen.c:388
 #, c-format
 msgid "   (%d) ElGamal in a v3 packet\n"
 msgstr "   (%d) ElGamal in un pacchetto v3\n"
@ -581,8 +579,8 @@ msgstr "Cosa scegli? "
 msgid "Invalid selection.\n"
 msgstr "Scelta non valida.\n"
 # , c-format
 #: g10/keygen.c:430
 #, c-format
 msgid ""
 "About to generate a new %s keypair.\n"
 "              minimum keysize is  768 bits\n"
@ -590,9 +588,9 @@ msgid ""
 "    highest suggested keysize is 2048 bits\n"
 msgstr ""
 "Sto per generare una nuova coppia di chiavi %s.\n"
-"               la dimensione minima è  768 bit\n"
+"               la dimensione minima \350  768 bit\n"
-"          la dimensione predefinita è 1024 bit\n"
+"          la dimensione predefinita \350 1024 bit\n"
-"    la dimensione massima suggerita è 2048 bit\n"
+"    la dimensione massima suggerita \350 2048 bit\n"
 #: g10/keygen.c:436
 msgid "What keysize do you want? (1024) "
@ -604,39 +602,31 @@ msgstr "DSA permette solo chiavi di dimensioni da 512 a 1024\n"
 #: g10/keygen.c:443
 msgid "keysize too small; 768 is smallest value allowed.\n"
-msgstr "la chiave è troppo corta; 768 è il minimo valore permesso.\n"
+msgstr "la chiave \350 troppo corta; 768 \350 il minimo valore permesso.\n"
 #: g10/keygen.c:445
-msgid ""
+msgid "Keysizes larger than 2048 are not suggested, because computations take REALLY long!\n"
-"Keysizes larger than 2048 are not suggested, because computations take "
+msgstr "Chiavi pi\371 lunghe di 2048 non sono consigliate, perch\350 i calcoli sono VERAMENTE lunghi!\n"
 "REALLY long!\n"
 msgstr ""
 "Chiavi più lunghe di 2048 non sono consigliate, perchè i calcoli sono "
 "VERAMENTE lunghi!\n"
 #: g10/keygen.c:447
 msgid "Are you sure, that you want this keysize? "
 msgstr "Sei sicuro che vuoi una chiave di queste dimensioni? "
 #: g10/keygen.c:451
-msgid ""
+msgid "Okay, but keep in mind that your monitor and keyboard radiation is also very vulnerable to attacks!\n"
-"Okay, but keep in mind that your monitor and keyboard radiation is also very "
+msgstr "Va bene, ma ricordati che anche le radiazioni emesse dal tuo monitor e dalla tua tastiera sono molto vulnerabili ad attacchi!\n"
 "vulnerable to attacks!\n"
 msgstr ""
 "Va bene, ma ricordati che anche le radiazioni emesse dal tuo monitor e dalla "
 "tua tastiera sono molto vulnerabili ad attacchi!\n"
 #: g10/keygen.c:459
 msgid "Do you really need such a large keysize? "
-msgstr "Ti serve davvero una chiave così lunga? "
+msgstr "Ti serve davvero una chiave cos\354 lunga? "
 # , c-format
 #: g10/keygen.c:470
 #, c-format
 msgid "Requested keysize is %u bits\n"
 msgstr "Le dimensioni della chiave richieste sono %u bit\n"
 # , c-format
 #: g10/keygen.c:473 g10/keygen.c:477
 #, c-format
 msgid "rounded up to %u bits\n"
 msgstr "arrotondate a %u bit\n"
@ -648,11 +638,12 @@ msgid ""
 "      <n>w = key expires in n weeks\n"
 "      <n>m = key expires in n months\n"
 "      <n>y = key expires in n years\n"
-msgstr "Per favore specifica per quanto la chiave sarà valida.\n"
+msgstr ""
-"         0 = la chiave non scadrà\n"
+"Per favore specifica per quanto la chiave sar\340 valida.\n"
-"      <n>w = la chiave scadrà dopo n giorni\n"
+"         0 = la chiave non scadr\340\n"
-"      <n>m = la chiave scadrà dopo n mesi\n"
+"      <n>w = la chiave scadr\340 dopo n giorni\n"
-"      <n>y = la chiave scadrà dopo n anni\n"
+"      <n>m = la chiave scadr\340 dopo n mesi\n"
 "      <n>y = la chiave scadr\340 dopo n anni\n"
 #: g10/keygen.c:504
 msgid "Key is valid for? (0) "
@ -666,65 +657,64 @@ msgstr "valore non valido\n"
 msgid "Key does not expire at all\n"
 msgstr "La chiave non scade\n"
-#: g10/keygen.c:522
+# , c-format
-#, c-format
+#. print the date when the key expires
 #: g10/keygen.c:523
 msgid "Key expires at %s\n"
-msgstr "La chiave scadrà il %s\n"
+msgstr "La chiave scadr\340 il %s\n"
-#: g10/keygen.c:527
+#: g10/keygen.c:528
 msgid "Is this correct (y/n)? "
-msgstr "È giusto (y/n)? "
+msgstr "\310 giusto (y/n)? "
-#: g10/keygen.c:543
+#: g10/keygen.c:557
 msgid ""
 "\n"
-"You need a User-ID to identify your key; the software constructs the user "
+"You need a User-ID to identify your key; the software constructs the user id\n"
 "id\n"
 "from Real Name, Comment and Email Address in this form:\n"
 "    \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
 "\n"
 msgstr ""
 "\n"
-"Ti serve un User ID per identificare la tua chiave; il software costruisce "
+"Ti serve un User ID per identificare la tua chiave; il software costruisce l'user id a partire da Nome e Cognome, Commento e Indirizzo di Email indicati in questa forma:\n"
 "l'user id a partire da Nome e Cognome, Commento e Indirizzo di Email "
 "indicati in questa forma:\n"
 "    \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
 "\n"
-#: g10/keygen.c:554
+#: g10/keygen.c:568
 msgid "Real name: "
 msgstr "Nome e Cognome: "
-#: g10/keygen.c:558
+#: g10/keygen.c:572
 msgid "Invalid character in name\n"
 msgstr "Carattere non valido nel nome\n"
-#: g10/keygen.c:560
+#: g10/keygen.c:574
 msgid "Name may not start with a digit\n"
-msgstr "Il nome non può iniziare con una cifra\n"
+msgstr "Il nome non pu\362 iniziare con una cifra\n"
-#: g10/keygen.c:562
+#: g10/keygen.c:576
 msgid "Name must be at least 5 characters long\n"
 msgstr "Il nome deve essere lungo almeno 5 caratteri\n"
-#: g10/keygen.c:570
+#: g10/keygen.c:584
 msgid "Email address: "
 msgstr "Indirizzo di Email: "
-#: g10/keygen.c:582
+#: g10/keygen.c:596
 msgid "Not a valid email address\n"
-msgstr "L'indirizzo di email non è valido\n"
+msgstr "L'indirizzo di email non \350 valido\n"
-#: g10/keygen.c:590
+#: g10/keygen.c:604
 msgid "Comment: "
 msgstr "Commento: "
-#: g10/keygen.c:596
+#. no comment is okay
 #: g10/keygen.c:610
 msgid "Invalid character in comment\n"
 msgstr "Carattere non valido nel commento\n"
-#: g10/keygen.c:616
+# , c-format
-#, c-format
+#: g10/keygen.c:630
 msgid ""
 "You selected this USER-ID:\n"
 "    \"%s\"\n"
@ -734,11 +724,11 @@ msgstr ""
 "    \"%s\"\n"
 "\n"
-#: g10/keygen.c:619
+#: g10/keygen.c:633
 msgid "Edit (N)ame, (C)omment, (E)mail or (O)kay? "
 msgstr "Modifica (N)ome, (C)ommento, (E)mail oppure (O)kay? "
-#: g10/keygen.c:658
+#: g10/keygen.c:672
 msgid ""
 "You need a Passphrase to protect your secret key.\n"
 "\n"
@ -746,73 +736,71 @@ msgstr ""
 "Ti serve una passphrase per proteggere la tua chiave segreta.\n"
 "\n"
-#: g10/keygen.c:666
+#: g10/keygen.c:680
 msgid "passphrase not correctly repeated; try again.\n"
 msgstr "passphrase non ripetuta correttamente; riprova.\n"
-#: g10/keygen.c:672
+#: g10/keygen.c:686
 msgid ""
 "You don't want a passphrase - this is probably a *bad* idea!\n"
 "I will do it anyway.  You can change your passphrase at any time,\n"
 "using this program with the option \"--change-passphrase\"\n"
 "\n"
 msgstr ""
-"Non hai specificato una passphrase - questa è probabilmente una *cattiva*\n"
+"Non hai specificato una passphrase - questa \350 probabilmente una *cattiva*\n"
-"idea! Lo farò io comunque. Puoi cambiarla in ogni momento, usando questo\n"
+"idea! Lo far\362 io comunque. Puoi cambiarla in ogni momento, usando questo\n"
 "programma con l'opzione \"--change-passphrase\"\n"
 "\n"
-#: g10/keygen.c:693
+#: g10/keygen.c:707
 msgid ""
 "We need to generate a lot of random bytes. It is a good idea to perform\n"
 "some other action (work in another window, move the mouse, utilize the\n"
 "network and the disks) during the prime generation; this gives the random\n"
 "number generator a better chance to gain enough entropy.\n"
 msgstr ""
-"Dobbiamo generare un mucchio di byte casuali. È una buona idea eseguire\n"
+"Dobbiamo generare un mucchio di byte casuali. \310 una buona idea eseguire\n"
-"qualche altra azione (lavorare in un'altra finestra, muovere il mouse, "
+"qualche altra azione (lavorare in un'altra finestra, muovere il mouse, usare\n"
-"usare\n"
+"la rete e i dischi) durante la generazione dei numeri primi; questo d\340 al\n"
-"la rete e i dischi) durante la generazione dei numeri primi; questo dà al\n"
+"generatore di numeri casuali la possibilit\340 di raccogliere abbastanza\n"
 "generatore di numeri casuali la possibilità di raccogliere abbastanza\n"
 "entropia.\n"
-#: g10/keygen.c:739 g10/keygen.c:887
+#: g10/keygen.c:753 g10/keygen.c:901
 msgid "Key generation can only be used in interactive mode\n"
-msgstr "Una chiave può essere generata solo in modo interattivo\n"
+msgstr "Una chiave pu\362 essere generata solo in modo interattivo\n"
-#: g10/keygen.c:747
+#: g10/keygen.c:761
 msgid "DSA keypair will have 1024 bits.\n"
-msgstr "La coppia DSA avrà 1024 bit.\n"
+msgstr "La coppia DSA avr\340 1024 bit.\n"
-#: g10/keygen.c:759
+# , c-format
-#, c-format
+#: g10/keygen.c:773
 msgid "writing public certificate to '%s'\n"
 msgstr "scrittura del certificato pubblico in '%s'\n"
-#: g10/keygen.c:760
+# , c-format
-#, c-format
+#: g10/keygen.c:774
 msgid "writing secret certificate to '%s'\n"
 msgstr "scrittura del certificato privato in '%s'\n"
-#: g10/keygen.c:838
+#: g10/keygen.c:852
 msgid "public and secret key created and signed.\n"
 msgstr "chiavi pubbliche e segrete create e firmate.\n"
-#: g10/keygen.c:840
+#: g10/keygen.c:854
 msgid ""
 "Note that this key cannot be used for encryption.  You may want to use\n"
 "the command \"--add-key\" to generate a secondary key for this purpose.\n"
 msgstr ""
-"Nota che questa chiave non può essere usata per la crittografia. Forse\n"
+"Nota che questa chiave non pu\362 essere usata per la crittografia. Forse\n"
 "vorrai usare il comando \"--add-key\" per generare una chiave secondaria\n"
 "per questo scopo.\n"
-#: g10/keygen.c:854 g10/keygen.c:1006
+# , c-format
-#, c-format
+#: g10/keygen.c:868 g10/keygen.c:1020
 msgid "Key generation failed: %s\n"
 msgstr "Generazione della chiave fallita: %s\n"
-#: g10/keygen.c:1001
+#: g10/keygen.c:1015
 msgid "public and secret subkey created.\n"
 msgstr "sottochiavi pubbliche e segrete create.\n"
--- a/util/g10u.c
+++ b/util/g10u.c
@ -34,6 +34,6 @@ void *g10_calloc( size_t n )	     { return m_alloc_clear( n ); }
 void *g10_malloc_secure( size_t n )  { return m_alloc_secure( n ); }
 void *g10_calloc_secure( size_t n )  { return m_alloc_secure_clear( n ); }
 void *g10_realloc( void *a, size_t n ) { return m_realloc( a, n ); }
-void  g10_free( void *p )	     { return m_free( p ); }
+void  g10_free( void *p )	     { m_free( p ); }
 char *g10_strdup( const char * a)    { return m_strdup( a ); }
--- a/zlib/Makefile
+++ b/zlib/Makefile
@ -92,7 +92,7 @@ POSUB = po
 RANLIB = ranlib
 USE_INCLUDED_LIBINTL = yes
 USE_NLS = yes
-VERSION = 0.3.0a
+VERSION = 0.3.0b
 ZLIBS = 
 l =