This is the first half of revocation key / designated revoker

support.  That is, it handles all the data to mark a key as revoked if it
has been revoked by a designated revoker.  The second half (coming
later) will contain the code to make someones key your designated revoker
and to issue revocations for someone else.

Note that this is written so that a revoked revoker can still issue
revocations: i.e. If A revokes B, but A is revoked, B is still revoked.
I'm not completely convinced this is the proper behavior, but it matches
how PGP does it.  It does at least have the advantage of much simpler code
- my first version of this had lots of loop maintaining code so you could
chain revokers many levels deep and if D was revoked, C was not, which
meant that B was, and so on. It was sort of scary, actually.

This also changes importing to allow bringing in more revocation keys, and
exporting to not export revocation keys marked "sensitive".

The --edit menu information will show if a revocation key is present.

g10/keylist.c

@@ -417,7 +417,11 @@ list_keyblock_print ( KBNODE keyblock, int secret )
             char *sigstr;
 
 	    if( !any ) { /* no user id, (maybe a revocation follows)*/
-		if( sig->sig_class == 0x20 )
+	      /* Check if the pk is really revoked - there could be a
+                 0x20 sig packet there even if we are not revoked
+                 (say, if a revocation key issued the packet, but the
+                 revocation key isn't present to verify it.) */
+		if( sig->sig_class == 0x20 && pk->is_revoked )
 		    puts("[revoked]");
 		else if( sig->sig_class == 0x18 )
 		    puts("[key binding]");
@@ -437,6 +441,8 @@ list_keyblock_print ( KBNODE keyblock, int secret )
 	       sigstr = "sig";
 	    else if( sig->sig_class == 0x18 )
 	       sigstr = "sig";
+	    else if( sig->sig_class == 0x1F )
+	       sigstr = "sig";
 	    else {
                 printf("sig                             "
 		       "[unexpected signature class 0x%02x]\n",sig->sig_class );