diff --git a/g10/ChangeLog b/g10/ChangeLog
index 630afbd2e..d49c71b96 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,15 @@
+2002-07-18  David Shaw  <dshaw@jabberwocky.com>
+
+	* keyedit.c (keyedit_menu, menu_addrevoker): Allow specifying
+	"sensitive" as an argument to an addrevoker command.  This sets
+	the 0x40 sensitive revoker flag.
+
+	* revoke.c (gen_desig_revoke): When generating a designated
+	revocation, include the direct key sig that contains the
+	designated revoker subpacket.  This allows sensitive designated
+	revocation subpackets to be exported.  Also indicate which
+	revokers are sensitive in the first place.
+
 2002-07-17  David Shaw  <dshaw@jabberwocky.com>
 
 	* keyedit.c (show_key_with_all_names_colon): The 0x40 class bit in
diff --git a/g10/keyedit.c b/g10/keyedit.c
index 8bf4ff2ee..7f298c0a5 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -49,7 +49,8 @@ static int menu_adduid( KBNODE keyblock, KBNODE sec_keyblock, int photo );
 static void menu_deluid( KBNODE pub_keyblock, KBNODE sec_keyblock );
 static int  menu_delsig( KBNODE pub_keyblock );
 static void menu_delkey( KBNODE pub_keyblock, KBNODE sec_keyblock );
-static int menu_addrevoker( KBNODE pub_keyblock, KBNODE sec_keyblock );
+static int menu_addrevoker( KBNODE pub_keyblock,
+			    KBNODE sec_keyblock, int sensitive );
 static int menu_expire( KBNODE pub_keyblock, KBNODE sec_keyblock );
 static int menu_set_primary_uid( KBNODE pub_keyblock, KBNODE sec_keyblock );
 static int menu_set_preferences( KBNODE pub_keyblock, KBNODE sec_keyblock );
@@ -1255,11 +1256,17 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands,
 	    break;
 
 	  case cmdADDREVOKER:
-	    if( menu_addrevoker( keyblock, sec_keyblock ) ) {
+	    {
+	      int sensitive=0;
+
+	      if(arg_string && ascii_strcasecmp(arg_string,"sensitive")==0)
+		sensitive=1;
+	      if( menu_addrevoker( keyblock, sec_keyblock, sensitive ) ) {
 		redisplay = 1;
 		sec_modified = modified = 1;
 		merge_keys_and_selfsig( sec_keyblock );
 		merge_keys_and_selfsig( keyblock );
+	      }
 	    }
 	    break;
 
@@ -2169,7 +2176,7 @@ menu_delkey( KBNODE pub_keyblock, KBNODE sec_keyblock )
  * Return true if there is a new revoker
  */
 static int
-menu_addrevoker( KBNODE pub_keyblock, KBNODE sec_keyblock )
+menu_addrevoker( KBNODE pub_keyblock, KBNODE sec_keyblock, int sensitive )
 {
   PKT_public_key *pk=NULL,*revoker_pk=NULL;
   PKT_secret_key *sk=NULL;
@@ -2254,8 +2261,9 @@ menu_addrevoker( KBNODE pub_keyblock, KBNODE sec_keyblock )
 				"key as a designated revoker? (y/N): "))
 	continue;
 
-      /* todo: handle 0x40 sensitive flag here */
       revkey.class=0x80;
+      if(sensitive)
+	revkey.class|=0x40;
       revkey.algid=revoker_pk->pubkey_algo;
       free_public_key(revoker_pk);
       break;
diff --git a/g10/revoke.c b/g10/revoke.c
index ca67d80e5..af7c32ef4 100644
--- a/g10/revoke.c
+++ b/g10/revoke.c
@@ -147,7 +147,7 @@ gen_desig_revoke( const char *uname )
 	    char *p;
 	    u32 sk_keyid[2];
 	    PKT_user_id *uid=NULL;
-	    PKT_signature *selfsig=NULL;
+	    PKT_signature *selfsig=NULL,*revsig=NULL;
 
 	    any=1;
 	    keyid_from_sk(sk,sk_keyid);
@@ -172,7 +172,10 @@ gen_desig_revoke( const char *uname )
 	    p = get_user_id( sk_keyid, &n );
 	    tty_print_utf8_string( p, n );
 	    m_free(p);
-	    tty_printf("\n\n");
+	    tty_printf("\n");
+	    if(pk->revkey[i].class&0x40)
+	      tty_printf(_("(This is a sensitive revocation key)\n"));
+	    tty_printf("\n");
 
 	    if( !cpr_get_answer_is_yes("gen_desig_revoke.okay",
 		       _("Create a revocation certificate for this key? ")) )
@@ -225,6 +228,57 @@ gen_desig_revoke( const char *uname )
 	      goto leave;
 	    }
 
+	    /* Include the direct key signature that contains this
+               revocation key.  We're allowed to include sensitive
+               revocation keys along with a revocation, and this may
+               be the only time the recipient has seen it. */
+	    while(!revsig)
+	      {
+		KBNODE signode;
+
+		signode=find_next_kbnode(node,PKT_SIGNATURE);
+		if(!signode)
+		  break;
+
+		node=signode;
+
+		if(keyid[0]==signode->pkt->pkt.signature->keyid[0] &&
+		   keyid[1]==signode->pkt->pkt.signature->keyid[1] &&
+		   IS_KEY_SIG(signode->pkt->pkt.signature))
+		  {
+		    int j;
+
+		    for(j=0;j<signode->pkt->pkt.signature->numrevkeys;j++)
+		      {
+			if(pk->revkey[i].class==
+			   signode->pkt->pkt.signature->revkey[j]->class &&
+			   pk->revkey[i].algid==
+			   signode->pkt->pkt.signature->revkey[j]->algid &&
+			   memcmp(pk->revkey[i].fpr,
+				  signode->pkt->pkt.signature->revkey[j]->fpr,
+				  MAX_FINGERPRINT_LEN)==0)
+			  {
+			    revsig=signode->pkt->pkt.signature;
+			    break;
+			  }
+		      }
+		  }
+	      }
+
+	    if(revsig)
+	      {
+		pkt.pkttype = PKT_SIGNATURE;
+		pkt.pkt.signature = revsig;
+
+		rc = build_packet( out, &pkt );
+		if( rc ) {
+		  log_error(_("build_packet failed: %s\n"), g10_errstr(rc) );
+		  goto leave;
+		}
+	      }
+	    else
+	      BUG();
+
 	    init_packet( &pkt );
 	    pkt.pkttype = PKT_SIGNATURE;
 	    pkt.pkt.signature = sig;