* options.h, import.c (parse_import_options, delete_inv_parts): Add

import-unusable-sigs flag to enable importing unusable (currently:
expired) sigs.

* options.h, export.c (parse_export_options, do_export_stream): Add
export-unusable-sigs flag to enable exporting unusable (currently:
expired) sigs.

g10/export.c

@@ -49,6 +49,7 @@ parse_export_options(char *str,unsigned int *options,int noisy)
       {"export-attributes",EXPORT_ATTRIBUTES,NULL},
       {"export-sensitive-revkeys",EXPORT_SENSITIVE_REVKEYS,NULL},
       {"export-minimal",EXPORT_MINIMAL,NULL},
+      {"export-unusable-sigs",EXPORT_UNUSABLE_SIGS,NULL},
       /* Aliases for backward compatibility */
       {"include-local-sigs",EXPORT_LOCAL_SIGS,NULL},
       {"include-attributes",EXPORT_ATTRIBUTES,NULL},
@@ -314,7 +315,7 @@ do_export_stream( IOBUF out, STRLIST users, int secret,
 
 	    if( node->pkt->pkttype == PKT_SIGNATURE )
 	      {
-		/* If we have minimal-export turned on, do not include
+		/* If we have export-minimal turned on, do not include
 		   any signature that isn't a selfsig.  Note that this
 		   only applies to uid sigs (0x10, 0x11, 0x12, and
 		   0x13).  A designated revocation is not stripped. */
@@ -324,6 +325,16 @@ do_export_stream( IOBUF out, STRLIST users, int secret,
 		       || node->pkt->pkt.signature->keyid[1]!=keyid[1]))
 		  continue;
 
+		/* We do basically the same thing for
+		   export-unusable-sigs.  It only applies to expired
+		   uid sigs that aren't selfsigs. */
+		if(!(options&EXPORT_UNUSABLE_SIGS)
+		   && IS_UID_SIG(node->pkt->pkt.signature)
+		   && node->pkt->pkt.signature->flags.expired
+		   && (node->pkt->pkt.signature->keyid[0]!=keyid[0]
+		       || node->pkt->pkt.signature->keyid[1]!=keyid[1]))
+		  continue;
+
 		/* do not export packets which are marked as not exportable */
 		if(!(options&EXPORT_LOCAL_SIGS)
 		   && !node->pkt->pkt.signature->flags.exportable)