diff --git a/g10/ChangeLog b/g10/ChangeLog
index 20143856e..e1e5bae26 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,10 @@
+2002-10-01  Werner Koch  <wk@gnupg.org>
+
+	* getkey.c (get_pubkey_direct): New.
+	(merge_selfsigs_main): Use it here to look for an ultimately
+	trusted key.  Using the full get_pubkey might lead to a infinitive
+	recursion.
+
 2002-09-30  David Shaw  <dshaw@jabberwocky.com>
 
 	* g10.c (main): Disable --textmode when encrypting (symmetric or
diff --git a/g10/getkey.c b/g10/getkey.c
index fab0f6c9a..a149f779b 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -96,6 +96,7 @@ static int uid_cache_entries;	/* number of entries in uid cache */
 
 static void merge_selfsigs( KBNODE keyblock );
 static int lookup( GETKEY_CTX ctx, KBNODE *ret_keyblock, int secmode );
+static int get_pubkey_direct (PKT_public_key *pk, u32 *keyid);
 
 #if 0
 static void
@@ -371,6 +372,59 @@ get_pubkey( PKT_public_key *pk, u32 *keyid )
 }
 
 
+
+/* Get a public key and store it into the allocated pk.  This function
+   differs from get_pubkey() in that it does not do a check of the key
+   to avoid recursion.  It should be used only in very certain cases.  */
+static int
+get_pubkey_direct (PKT_public_key *pk, u32 *keyid)
+{
+  int rc = 0;
+  KEYDB_HANDLE hd;
+  KBNODE keyblock;
+  
+  assert (pk);
+#if MAX_PK_CACHE_ENTRIES
+  { /* Try to get it from the cache */
+    pk_cache_entry_t ce;
+
+    for (ce = pk_cache; ce; ce = ce->next)
+      {
+        if (ce->keyid[0] == keyid[0] && ce->keyid[1] == keyid[1])
+          {
+            if (pk)
+              copy_public_key (pk, ce->pk);
+            return 0;
+          }
+      }
+  }
+#endif
+
+  hd = keydb_new (0);
+  rc = keydb_search_kid (hd, keyid);
+  if (rc == -1)
+    {
+      keydb_release (hd);
+      return G10ERR_NO_PUBKEY;
+    }
+  rc = keydb_get_keyblock (hd, &keyblock);
+  keydb_release (hd);
+  if (rc) 
+    {
+      log_error ("keydb_get_keyblock failed: %s\n", g10_errstr(rc));
+      return G10ERR_NO_PUBKEY;
+    }
+  
+  assert ( keyblock->pkt->pkttype == PKT_PUBLIC_KEY
+           ||  keyblock->pkt->pkttype == PKT_PUBLIC_SUBKEY );
+  copy_public_key (pk, keyblock->pkt->pkt.public_key );
+  release_kbnode (keyblock);
+  cache_public_key (pk);
+  return 0;
+}
+
+
+
 KBNODE
 get_pubkeyblock( u32 *keyid )
 {
@@ -1463,7 +1517,7 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
 
 		    ultimate_pk=m_alloc_clear(sizeof(*ultimate_pk));
 
-		    if(get_pubkey(ultimate_pk,sig->keyid)==0 &&
+		    if(get_pubkey_direct(ultimate_pk,sig->keyid)==0 &&
 		       check_key_signature(keyblock,k,NULL)==0 &&
 		       get_ownertrust(ultimate_pk)==TRUST_ULTIMATE)
 		      {