From eb9607707e5f8e86e732b92b137cb55ff6b26c71 Mon Sep 17 00:00:00 2001
From: David Shaw <dshaw@jabberwocky.com>
Date: Wed, 11 Dec 2002 17:50:38 +0000
Subject: [PATCH] * tdbio.c (tdbio_read_record, tdbio_write_record): Compact
 the RECTYPE_TRUST records a bit.

* g10.c (main): Comment out --list-trust-path until it can be implemented.

* import.c (import_one): Warn when importing an Elgamal primary that this
may take some time (to verify self-sigs). (chk_self_sigs): Try and cache
all self-sigs so the keyblock is written to the keyring with a good rich
cache.

* keygen.c (ask_algo): Make the Elgamal sign+encrypt warning stronger, and
remove the RSA sign+encrypt warning.
---
 g10/ChangeLog | 16 ++++++++++++++++
 g10/g10.c     |  3 ++-
 g10/import.c  | 10 ++++++++++
 g10/keygen.c  | 24 ++++++++++++++----------
 g10/tdbio.c   |  8 ++++----
 5 files changed, 46 insertions(+), 15 deletions(-)

diff --git a/g10/ChangeLog b/g10/ChangeLog
index f2da7d80a..d3c64e058 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,19 @@
+2002-12-11  David Shaw  <dshaw@jabberwocky.com>
+
+	* tdbio.c (tdbio_read_record, tdbio_write_record): Compact the
+	RECTYPE_TRUST records a bit.
+
+	* g10.c (main): Comment out --list-trust-path until it can be
+	implemented.
+
+	* import.c (import_one): Warn when importing an Elgamal primary
+	that this may take some time (to verify self-sigs).
+	(chk_self_sigs): Try and cache all self-sigs so the keyblock is
+	written to the keyring with a good rich cache.
+
+	* keygen.c (ask_algo): Make the Elgamal sign+encrypt warning
+	stronger, and remove the RSA sign+encrypt warning.
+
 2002-12-06  Stefan Bellon  <sbellon@sbellon.de>
 
 	* options.h: Fixed typo (mangle_dos_names instead of
diff --git a/g10/g10.c b/g10/g10.c
index fb4b81018..0452956dc 100644
--- a/g10/g10.c
+++ b/g10/g10.c
@@ -498,7 +498,8 @@ static ARGPARSE_OPTS opts[] = {
     { aExportOwnerTrust, "list-ownertrust",0 , "@"},  /* alias */
     { aPrintMDs, "print-mds" , 256, "@"}, /* old */
     { aListTrustDB, "list-trustdb",0 , "@"},
-    { aListTrustPath, "list-trust-path",0, "@"},
+    /* Not yet used */
+    /* { aListTrustPath, "list-trust-path",0, "@"}, */
     { aPipeMode,  "pipemode", 0, "@" },
     { oKOption, NULL,	 0, "@"},
     { oPasswdFD, "passphrase-fd",1, "@" },
diff --git a/g10/import.c b/g10/import.c
index 654310267..eb56ee96b 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -583,6 +583,10 @@ import_one( const char *fname, KBNODE keyblock,
     keyid_from_pk( pk, keyid );
     uidnode = find_next_kbnode( keyblock, PKT_USER_ID );
 
+    if(pk->pubkey_algo==PUBKEY_ALGO_ELGAMAL)
+      log_info(_("NOTE: Elgamal primary key detected - "
+		 "this may take some time to import\n"));
+
     if( opt.verbose ) {
 	log_info( "pub  %4u%c/%08lX %s   ",
 		  nbits_from_pk( pk ),
@@ -1113,6 +1117,12 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
 	    continue;
 	sig = n->pkt->pkt.signature;
 	if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) {
+
+	  /* This just caches the sigs for later use.  That way we
+	     import a fully-cached key which speeds things up. */
+	  if(!opt.no_sig_cache)
+	    check_key_signature(keyblock,n,NULL);
+
 	    if( (sig->sig_class&~3) == 0x10 ) {
 		KBNODE unode = find_prev_kbnode( keyblock, n, PKT_USER_ID );
 		if( !unode )  {
diff --git a/g10/keygen.c b/g10/keygen.c
index 24ba95fb9..82d11303f 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -980,12 +980,9 @@ ask_algo (int addmode, unsigned int *r_usage)
 	    break;
 	}
 	else if( algo == 7 && opt.expert ) {
-	    if (cpr_get_answer_is_yes ("keygen.algo.rsa_se",_(
-		"The use of this algorithm is deprecated - create anyway? "))){
-              algo = PUBKEY_ALGO_RSA;
-              *r_usage = PUBKEY_USAGE_ENC | PUBKEY_USAGE_SIG;
-              break;
-            }
+	    algo = PUBKEY_ALGO_RSA;
+	    *r_usage = PUBKEY_USAGE_ENC | PUBKEY_USAGE_SIG;
+	    break;
 	}
 	else if( algo == 6 && addmode ) {
 	    algo = PUBKEY_ALGO_RSA;
@@ -997,12 +994,19 @@ ask_algo (int addmode, unsigned int *r_usage)
             *r_usage = PUBKEY_USAGE_SIG;
 	    break;
 	}
-	else if( algo == 4 && opt.expert) {
-	    if( cpr_get_answer_is_yes("keygen.algo.elg_se",_(
-		"The use of this algorithm is deprecated - create anyway? "))){
+	else if( algo == 4 && opt.expert)
+	  {
+	    tty_printf(_(
+"The use of this algorithm is only supported by GnuPG.  You will not be\n"
+"able to use this key to communicate with PGP users.  This algorithm is also\n"
+"very slow, and may not be as secure as the other choices.\n"));
+
+	    if( cpr_get_answer_is_yes("keygen.algo.elg_se",
+				      _("Create anyway? ")))
+	      {
 		algo = PUBKEY_ALGO_ELGAMAL;
 		break;
-	    }
+	      }
 	}
 	else if( algo == 3 && addmode ) {
 	    algo = PUBKEY_ALGO_ELGAMAL_E;
diff --git a/g10/tdbio.c b/g10/tdbio.c
index 993cb06f3..8c49fefb9 100644
--- a/g10/tdbio.c
+++ b/g10/tdbio.c
@@ -1210,9 +1210,9 @@ tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected )
 	memcpy( rec->r.trust.fingerprint, p, 20); p+=20;
         rec->r.trust.ownertrust = *p++;
         rec->r.trust.depth = *p++;
-        p += 2;
-	rec->r.trust.validlist  = buftoulong(p); p += 4;
         rec->r.trust.min_ownertrust = *p++;
+        p++;
+	rec->r.trust.validlist = buftoulong(p); p += 4;
 	break;
       case RECTYPE_VALID:
 	memcpy( rec->r.valid.namehash, p, 20); p+=20;
@@ -1290,9 +1290,9 @@ tdbio_write_record( TRUSTREC *rec )
 	memcpy( p, rec->r.trust.fingerprint, 20); p += 20;
 	*p++ = rec->r.trust.ownertrust;
 	*p++ = rec->r.trust.depth;
-        p += 2;
-	ulongtobuf( p, rec->r.trust.validlist); p += 4;
 	*p++ = rec->r.trust.min_ownertrust;
+        p++;
+	ulongtobuf( p, rec->r.trust.validlist); p += 4;
 	break;
 
       case RECTYPE_VALID: