* g10.c (main): Add --no-groups to zero --group list.

* encode.c (encode_simple): Allow for 32 bytes (256 bits) of symmetrically
encrypted session key.  Use --s2k-cipher-algo to choose cipher, rather
than the default cipher.

* parse-packet.c (parse_subkeyenc): Give a warning if an symmetrically
encrypted session key is seen without salt.  Show in --list-packets if a
symetrically encrypted session key is present.

* pubkey-enc.c (get_it): Always show cipher-not-in-prefs warning unless
--quiet is set.  Use text name of cipher in warning.

g10/parse-packet.c

@@ -678,19 +678,32 @@ parse_symkeyenc( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet )
 	k->s2k.count = iobuf_get(inp); pktlen--;
     }
     k->seskeylen = seskeylen;
-    for(i=0; i < seskeylen && pktlen; i++, pktlen-- )
-	k->seskey[i] = iobuf_get_noeof(inp);
+    if(k->seskeylen)
+      {
+	for(i=0; i < seskeylen && pktlen; i++, pktlen-- )
+	  k->seskey[i] = iobuf_get_noeof(inp);
+
+	/* What we're watching out for here is a session key decryptor
+	   with no salt.  The RFC says that using salt for this is a
+	   MUST. */
+	if(s2kmode!=1 && s2kmode!=3)
+	  log_info(_("WARNING: potentially insecure symmetrically"
+		     " encrypted session key\n"));
+      }
     assert( !pktlen );
 
     if( list_mode ) {
-	printf(":symkey enc packet: version %d, cipher %d, s2k %d, hash %d\n",
-			    version, cipher_algo, s2kmode, hash_algo);
+	printf(":symkey enc packet: version %d, cipher %d, s2k %d, hash %d",
+	       version, cipher_algo, s2kmode, hash_algo);
+	if(seskeylen)
+	  printf(", seskey %d bits",(seskeylen-1)*8);
+	printf("\n");
 	if( s2kmode == 1 || s2kmode == 3 ) {
 	    printf("\tsalt ");
 	    for(i=0; i < 8; i++ )
 		printf("%02x", k->s2k.salt[i]);
 	    if( s2kmode == 3 )
-		printf(", count %lu\n", (ulong)k->s2k.count );
+		printf(", count %lu", (ulong)k->s2k.count );
 	    printf("\n");
 	}
     }