"deprecated-use-keyexpired-instead" to SIGEXPIRED.
Start transition from SIGEXPIRED to KEYEXPIRED, since the actual event is
signature verification by an expired key and not an expired signature.
Rename do_signature_check as signature_check2, make public, and change all
callers.
Use status EXPSIG for an expired, but good, signature. Add the expiration
time (or 0) to the VALIDSIG status line. Use status KEYEXPSIG for a good
signature from an expired key.
Remove checks for no arguments now that argparse does it.
support. That is, it handles all the data to mark a key as revoked if it
has been revoked by a designated revoker. The second half (coming
later) will contain the code to make someones key your designated revoker
and to issue revocations for someone else.
Note that this is written so that a revoked revoker can still issue
revocations: i.e. If A revokes B, but A is revoked, B is still revoked.
I'm not completely convinced this is the proper behavior, but it matches
how PGP does it. It does at least have the advantage of much simpler code
- my first version of this had lots of loop maintaining code so you could
chain revokers many levels deep and if D was revoked, C was not, which
meant that B was, and so on. It was sort of scary, actually.
This also changes importing to allow bringing in more revocation keys, and
exporting to not export revocation keys marked "sensitive".
The --edit menu information will show if a revocation key is present.
keys (this is in the RFC), so that they can be (sometimes) used along
OpenPGP keys. Do not force using IDEA on an OpenPGP key, as this may
violate its prefs.
Also, revise the help text for the sig class explanation.
Offer to expire a key signature when the key the user is signing expires
Expired sigs cause an error return
If --expert is set, prompt for sig duration